Tag: LinkedIn

Spotify login screen with option to login using Facebook

A trend that is being associated with online services or applications is to provide “social sign-on” for new and existing users of these services. This is based around the concept of single sign-on where you use one set of credentials verified by one service to authenticate with one or more other services. This time, the credential pool that is used for authenticating users is your membership with a social network like Facebook or Twitter. The expression is sometimes extended to cover other authentication-data pools like Microsoft’s authentication services associated with Outlook.com/Hotmail, Windows 8 or XBox; or Google’s authentication services used for GMail and YouTube.

TripAdvisor webpage with social sign-on and personalisation from Facebook

In a social sign-on arrangement, your credentials are held and tested at the social-network’s servers and both the online service and the social network create a unique “token” or “key” to link and authenticate your presence on these services. The common methods that these services use are based around the OAuth or OpenID protocols used for single sign-on across multiple services.

Social sign-on concept diagram – relationship between the social network and online service

As well, your social attributes (name, birthdate, etc) that you have stored on the social network’s servers would be copied in to your account on the online service when this account is being provisioned. You will know about this when your social network pops up a screen asking you whether to allow the online service to gain access to your details held at the social network.

Advantages

There are some key advantages with using a social sign-on setup.

One is to benefit from a simplified provisioning process for your online service. This is without the need to key in the same data across multiple services. It also includes use of a pre-authenticated email address which is considered of high value with forums, commenting facilities and the like because most social networks especially Facebook, Google and Microsoft implement strong measures to combat fraudulent identities.

We also benefit because there are fewer sets of credentials to remember. As well, if a social network implements improved user-security measures like multifactor authentication or “trusted-device” operation, this flows on to the online service we use.

Some of the online services also can provide a personalised experience such as granting you birthday wishes on your birthday, including making those “special birthdays” such as the “big zeros” or the 21sts highly special.

Disadvantages

The disadvantages that can occur include weak links in the authentication protocols and a total dependence on access to and the security of a particular social-network account.

This also encompasses situations where a workplace or school may implement measures to shut out access to social networks in the name of productivity or an oppressive regime may shut out access to the popular social networks to curtail free speech. This can limit access to the online service because of its dependence on the social network.

How can it be operated properly

To assure users of their privacy, a social sign-on setup needs to identify any attributes that it is obtaining from a social network and give the user consent to obtain the attributes. As well, the login procedure should allow for one to create a login that is independent of a social network whether in conjunction with a social-network presence or not.

Similarly, the concept of social sign-on could be exploited by social networks and other authentication services to support simple-but-secure login for living-room applications. This is, from my experience, something that needs to be worked on because such devices require a lot of “pick-and-choose” data entry using a remote control’s D-pad to enter user credentials for online services. As well, many different users are likely to use the same living-room device.

Article

How to kill a troll | Naked Security (Sophos)

My Comments

Anyone who has a personal Internet presence on a message board, social network or similar environment or operates such a presence for their company or other organisation can end up facing the worst side of the Internet.

This is typically in the form of the “Internet trolls” who exist on message boards, social networks, blog comment trails and online chat rooms just to cause trouble. This has manifested in online harassment which is mainly in the form of schoolyard-grade activity like foul names or targeted embarrassment attempts. But there have been acts like physical threats against person, animal and property; stalking, sustained harassment and sexual harassment with young women being the main victims.

It included a situation that I faced regarding a café I regularly visited where their Facebook presence was tarnished with foul comments because the business didn’t permit a protest group to put some flyers about their campaign by their cash register. Here, I was defending the café in their stance regarding what had happened.

But what can you do? You could block the accounts where the behaviour is coming and implement technological measures that do this for you. Here, such measures work on logic like blocking relatively young accounts that mention you, accounts with very few followers that mention you or accounts that generate replies containing certain keywords.

On the other hand, you could embarrass the source of the comments. This plays on various analogies associated with social taboos like in-workplace sexual harassment where a person isn’t just hauled up before law courts but the court of public opinion doesn’t look favourably on them. This would be hard to implement in the online world due to the ease in which one can create an anonymous online presence such as with the use of multiple disposable emails or pseudonyms.

Some countries like the UK have given their online-harassment laws more teeth such as legislating for longer prison terms. To the same extent, we should be encouraged to use all of the civil and criminal laws available to us as a tool to deal with Internet trolls, but a key problem is working with the problem from a cross-jurisdictional angle. This is where you identify that the activity is appearing from another state within the same country in the case of countries like Germany, Australia and USA, or another country; such as someone residing in the UK being harassed by someone using a computer located in New York State in the USA.

As well, there have been various PR activities to pillory the trolls such as Mary Beard’s activity after being victimised by schoolyard-grade online behaviour. She wasn’t afraid to speak her mind on British TV and had her friends and supporters work together to “fight back” against the troublemakers. Businesses and organisations who have been “got at” by trolls can use their loyal support base who have an active online presence such as their regular customers to work together for this same goal. 

Let’s not forget that the channels that exist to report trouble on a social network, bulletin board, chat forum or the like do exist for you to report this kind of trouble.

Personally, I would encourage any campaign to crack down on Internet trolling to be done as a group of many people. They can pool resources and use their contacts to work together to defend the people who are being affected or make life hard for the troublemakers. This can manifest in using technological tools to limit their effect on the affected forums, using civil and criminal legal action against the troublemakers or use online and offline public-relations efforts with a view to pillory them.

Sometimes some disturbing situations that happen with social networking, Internet forums, instant messaging and the like may require you to simply ignore or block trouble on the Internet but others may require you to work actively against it.