Most of you probably know about Ze Frank. If you don’t you should go and watch The Show right now. It was one of the most insightful, hilarious and nutty online shows that I have ever seen. It was not really a vlog (btw, who the hell came up with the word vlog? It sounds like someone throwing up), but something else. It is an important bit in the history of online hilarity and you don’t want to be the person who doesn’t get the jokes about duckies, giant babies and etc.
Anyway, I found it amusing that Ze’s latest exploit was a classic bit of social engineering. Ze asked his fans, readers and followers to let him borrow their Facebook profile for a month. During that month he would maintain their profile, make status updates, post on people’s walls and generally pretend to be you based on the notes you provided him. I guess the idea was to expose how your online persona can easily be disassociated from you without anyone noticing. Interesting concept and the person who participated in this experiment admitted that she sort of wished that Ze would take her online identity into new bold directions she never considered. And he sort of did, by flirting with her “crush of the moment” as she described it.
What kills me though is that people actually allowed Ze to do this. And that they sent him their login information en masse:
Last month i asked people on twitter whether they would allow me to take over their facebook accounts for a week. Within a half hour I had to remove the request due to the volume of incoming username and passwords.
I’m amazed, and terrified by this at the same time. I know that we live in a society that worships celebrities the same way ancient Greeks worshiped their promiscuous, quarreling, unruly gods. So I guess it should be no surprise that if a celebrity (even a minor online one) asks people for their login information, his loyal fans will be more than happy to provide. Still, it frightens me.
Personally I don’t care who you are – you can be the emperor of the universe for all I care but if you ask me for my password my answer will be the same as to anyone else: “GO TO HELL!” Sharing your login information for any online service or email is a horrible idea.
I’m not sure whether or not Ze realizes this (but I suspect he might), and whether or not his fans ever even considered it but this was classic social engineering. Using a gimmick to weasel out personal information from a group of people. All the people who sent him their password they got duped. Naturally I’m sure Ze is a responsible person, and he had no malicious intent but he could easily turn around and cash in on his fans trust by selling their login info to Facebook spammers. Would his fans know? Would they even be able to connect total pwnage of their accounts with the fact they sent their login info to a complete stranger over an unencrypted protocol? I don’t know. Half of them would probably never figure it out. The fact they gave away their info so easily and willingly is just scary, and underlines how little value people put on privacy these days.
It disturbs me to no end that the person who participated in the experiment actually viewed it as a positive experience. I guess she doesn’t realize it yet. She gave a complete stranger access to her facebook account allowing him to explore her personal correspondence and all sorts of private and semi-private information along with a written guideline on how to act like her on Facebook. Who knows what he could dig out with this information. Could he figure out her other passwords and secret questions based on her friend list, and her private emails (you know, name of your dog, name of your childhood friend and etc)? A skillful social engineer could take that account and milk it for information potentially leading to an all out identity theft (“hey mom, what was my social security number? I forgot. Send it to my facebook!”).
Which brings me to a question for you. Do you share passwords with anyone? Can anyone except you log into your email, social media or your desktop? Personally I am very conscious about electronic privacy and I will not give my passwords to anyone. Not even my closest family. No one except me gets to read my email and use my social media profiles. I’m even in a habit of locking my workstation when I leave my desk even if I’m home alone. Not that I have anything to hide (well, except maybe the pr0n folder) but I personally believe that everyone should have a certain degree of personal privacy – even in close personal relationships.
I believe that your personal email, your social media accounts and the contents of your hard drive are off-limits to me. I have no business looking through them – and in fact I have no interest in what I might find there. I know people who either have their girlfriend’s/boyfriend’s email/facebook/myspace password or gave her/him theirs (or both). To me that sort of thing implies an alarming lack of trust, and excessive jealousy in the relationship. I personally believe that it is much healthier to simply respect each other’s privacy and have trust in the other person. Healthier, and more secure – because if you won’t give your password to your significant other, then you will be less likely to give it to Ze Frank or that Nigerian prince who promised you 10% of his wealth if you just hook him up with your pin number.
[tags]identity, identity theft, social engineering, security, facebook, ze frank[/tags]