Most of you probably know about Ze Frank. If you don’t you should go and watch The Show right now. It was one of the most insightful, hilarious and nutty online shows that I have ever seen. It was not really a vlog (btw, who the hell came up with the word vlog? It sounds like someone throwing up), but something else. It is an important bit in the history of online hilarity and you don’t want to be the person who doesn’t get the jokes about duckies, giant babies and etc.
Anyway, I found it amusing that Ze’s latest exploit was a classic bit of social engineering. Ze asked his fans, readers and followers to let him borrow their Facebook profile for a month. During that month he would maintain their profile, make status updates, post on people’s walls and generally pretend to be you based on the notes you provided him. I guess the idea was to expose how your online persona can easily be disassociated from you without anyone noticing. Interesting concept and the person who participated in this experiment admitted that she sort of wished that Ze would take her online identity into new bold directions she never considered. And he sort of did, by flirting with her “crush of the moment” as she described it.
What kills me though is that people actually allowed Ze to do this. And that they sent him their login information en masse:
Last month i asked people on twitter whether they would allow me to take over their facebook accounts for a week. Within a half hour I had to remove the request due to the volume of incoming username and passwords.
I’m amazed, and terrified by this at the same time. I know that we live in a society that worships celebrities the same way ancient Greeks worshiped their promiscuous, quarreling, unruly gods. So I guess it should be no surprise that if a celebrity (even a minor online one) asks people for their login information, his loyal fans will be more than happy to provide. Still, it frightens me.
Personally I don’t care who you are – you can be the emperor of the universe for all I care but if you ask me for my password my answer will be the same as to anyone else: “GO TO HELL!” Sharing your login information for any online service or email is a horrible idea.
I’m not sure whether or not Ze realizes this (but I suspect he might), and whether or not his fans ever even considered it but this was classic social engineering. Using a gimmick to weasel out personal information from a group of people. All the people who sent him their password they got duped. Naturally I’m sure Ze is a responsible person, and he had no malicious intent but he could easily turn around and cash in on his fans trust by selling their login info to Facebook spammers. Would his fans know? Would they even be able to connect total pwnage of their accounts with the fact they sent their login info to a complete stranger over an unencrypted protocol? I don’t know. Half of them would probably never figure it out. The fact they gave away their info so easily and willingly is just scary, and underlines how little value people put on privacy these days.
It disturbs me to no end that the person who participated in the experiment actually viewed it as a positive experience. I guess she doesn’t realize it yet. She gave a complete stranger access to her facebook account allowing him to explore her personal correspondence and all sorts of private and semi-private information along with a written guideline on how to act like her on Facebook. Who knows what he could dig out with this information. Could he figure out her other passwords and secret questions based on her friend list, and her private emails (you know, name of your dog, name of your childhood friend and etc)? A skillful social engineer could take that account and milk it for information potentially leading to an all out identity theft (“hey mom, what was my social security number? I forgot. Send it to my facebook!”).
Which brings me to a question for you. Do you share passwords with anyone? Can anyone except you log into your email, social media or your desktop? Personally I am very conscious about electronic privacy and I will not give my passwords to anyone. Not even my closest family. No one except me gets to read my email and use my social media profiles. I’m even in a habit of locking my workstation when I leave my desk even if I’m home alone. Not that I have anything to hide (well, except maybe the pr0n folder) but I personally believe that everyone should have a certain degree of personal privacy – even in close personal relationships.
I believe that your personal email, your social media accounts and the contents of your hard drive are off-limits to me. I have no business looking through them – and in fact I have no interest in what I might find there. I know people who either have their girlfriend’s/boyfriend’s email/facebook/myspace password or gave her/him theirs (or both). To me that sort of thing implies an alarming lack of trust, and excessive jealousy in the relationship. I personally believe that it is much healthier to simply respect each other’s privacy and have trust in the other person. Healthier, and more secure – because if you won’t give your password to your significant other, then you will be less likely to give it to Ze Frank or that Nigerian prince who promised you 10% of his wealth if you just hook him up with your pin number.
[tags]identity, identity theft, social engineering, security, facebook, ze frank[/tags]
[quote]Do you share passwords with anyone?[/quote]
ah No way in hell.
On a related issue I sometimes let people use my computer who come by and want to check their e-mail myspace and so on or otherwise use my computer for some reason. I have a guest account in both windows and buntu I created to keep em outta my crap when they do so, set up with limited admin rights so they can’t damage my computer doing something dumb. You would be surprised how many let Firefox remember the password for these accounts. Occasionally I sign into this guest account and clear out all those passwords. people sometimes have no clue.
I only share my password with you, Luke. Remember it’s “h4rd2cr4ck” and don’t share with anyone who doesn’t at least know my first name.
The exact thing that Starhawk described was noticed today (a developer had FF remember his password on another person’s account). I didn’t realize that you could have it actually show what the password is (I never use any browser’s “remember my password” feature).
There are people working at the university here who share their passwords so that someone can check their email and log into that account to use various systems. I guess setting proper user permissions is too much to ask…
I don’t even like to let other people drive my car, let alone “drive” my Facebook account!
I would never ever give anyone any of my passwords! Also, I always lock my computer at home, and if someone needs to use it I set up a guest account for them.
IMO myspace, facebook, all that stuff is a privacy plague. I don’t take part in any social networking for that reason – even if you’re careful about what you post on your profile, your “friends” posting pictures of you is just as bad when the pictures are linked to you. I’ve seen that stuff get dragged into court, bar reviews, and job interviews and it isn’t pretty.
Only my wife has my passwords, and she never uses them. I guess truecrypt has my passwords too, but you’d need to know the secret file & password to get them.
[quote post=”2599″]I only share my password with you, Luke. Remember it’s “h4rd2cr4ck” and don’t share with anyone who doesn’t at least know my first name.[/quote]
Wait, I thought your password was hunter2…
[quote post=”2599″]Only my wife has my passwords, and she never uses them. I guess truecrypt has my passwords too, but you’d need to know the secret file & password to get them. [/quote]
Ah, see – I don’t like this idea of exchanging passwords with a spouse. I mean, certain sharing passwords for certain stuff might be ok, but I believe that personal email, social stuff and your personal laptop/desktop machine should be off limits.
But yeah, I agree – the social network thing may burn you if you’re not careful. Then again, not having a rich social life and/or friends who insist on taking billion drunken pictures every time you go out helps too. :P
Ahhhh, you said a mouthful my friend.
It is precisely this and nothing more. Trust me on this one, I’m on the receiving end it…
At home wife and me have separate accounts on the computer we share.
Sometimes I do have administrator access to wife laptop though, or to my parents computer when we go to their place, but that’s more IT support than anything else.
Yeah the IT thing means that I may have admin passwords the computers of friends and family. Usually I ask them to make one up, or make up something myself, write it on a piece of paper and ask them to put it somewhere safe for future reference. If the password is sufficiently complex there is no way for me to remember it. I tell those who are not completely computer illiterate to simply change the passwords after I’m done with the machine.