Forbes published a list this week of The Ten Most Dangerous Online Activities. Now some of these are obvious no-nos, like clicking on e-mail attachments from unknown senders (#1), or surfing gambling, porn or other dicey sites (#5). Others are questionable, like #8 – using any old Wi-Fi network, and #10 – participating in chat rooms or social networking sites. They even chose to single out LinkedIn:
“The biggest security challenges businesses face with business social networking like LinkedIn is the sheer amount of information that a social engineer can learn by doing simple searches,” says Matasano Security’s Goldsmith. “Attackers can find out who your business partners, vendors and clients are simply by viewing your shared connections.”
There’s simply no way for LinkedIn and other sites to validate a member’s employment record, so an attacker can claim to work at Matasano and find out which current and past employees are on the site. “Services like LinkedIn try to guard sensitive employment information by restricting it to colleagues–you have to have worked with Dave Goldsmith before to be able to click on him and see his work history, or have him come up in a search for ‘Matasano,'” says Matasano’s Ptacek. “But anyone can sign up to LinkedIn and claim to have worked for Matasano.”
I agree that there are potential problems, and that people can fake their identity, which is why I am an advocate of only connecting with people you know well, not just anyone who asks.
But is it just me, or is the Forbes article more than just a little paranoid? A lot of companies list their major partners and clients on their own web site. They make press releases when they close major deals with clients or partners. Most companies aren’t trying to keep that information secret. If you are, fine, then don’t join LinkedIn, or at least only connect with those you know well and don’t allow your network to browse your connectionis. But the Forbes article is in the small business resource section, and I know very few small businesses that would be better served by keeping that information private.
What’s particularly funny about the article, though, are a couple of blatant ironies.
For starters, as Chris Lake points out, Forbes has a few dangerous activities of its own, such as using full-page interstitial ads that don’t conform to the IAB guidelines (PDF).
What’s even more ironic, though, is that Forbes has an official “Forbes.com Entrepreneurs” group on LinkedIn – I should know, I’m a member!
Ahh… the irony! Here they are telling small business owners how dangerous using social networking sites is, while they have a group for entrepreneurs on LinkedIn. Especially ironic is that what the group membership allows you to do is see the profiles and contact directly any of the other members of the group, even if you don’t already know them — open networking based on the common interest or experience.
The bottom line is this: More Publicity = Less Privacy.
Our lives are full of risks. About the most dangerous activity you can undertake in the real world is getting in a car, yet billions of people do it every day without a second thought. Why? Because the weighted benefits far exceed the weighted risk, even though the risk is death. They take reasonable precautions to mitigate the risk: safety belts, airbags, safe driving habits, etc.
For most small business owners, the advantages of social networking so far outweigh the loss of privacy that it’s not even a consideration. Take reasonable precautions, such as those in Chapter 16 of The Virtual Handshake, but don’t let sensationalism and paranoia create a misplaced fear of something that has a very high potential benefit and a very low risk in reality.