UBC Streeters: 'Cyber Vetting'

UBC Streeters: ‘Cyber Vetting’

By Jon Hernandez on January 4, 2016 | Tagged with Digital identity, employee, employer

The Digital Tattoo Project took to the streets to find out what UBC students know about ‘cyber vetting’, or online vetting–when potential employers vet people’s online presence or “internet reputation” on social network services such as Facebook, MySpace, Twitter, Bebo, and LinkedIn.

To find out more about the Tweet-deleting app mentioned in the video, visit www.TweetDelete.net

Learn more about online branding and ‘overexposure’.

Read More | No Comments

Beware of the Whistler Scam

By Jon Hernandez on November 18, 2015 | Tagged with

As the sun sparkles and the sultry peaks of British Columbia’s most sought-after mountaintops, it’s pretty easy to find yourself blinded by the beauty. Each year, Whistler brings in over 2.7 million tourists to bask in the wonder—and many activities—that the resort-town provides. It boasts everything from snowboarding to bungee jumping, and has the capacity to sleep over 30,000 visitors each night across the wide array of hotels, condos, chalets, and cabins.

But some of these fancy resting spots aren’t exactly what they’re cracked up to be.

Over the past few years, there have been numerous reports of scam-artists, posing as Whistler homeowners, taking advantage of unsuspecting tourists—and I once almost fell into the trap.

I was organizing a last-minute weekend trip to Whistler for my friends and I. After taking a long and hard look at the expensive hotels, I figured I’d turn to craigslist for a better deal. I had sifted through quite a few ads when I found a chalet for a more than reasonable price. The pictures looked luxurious—but it was the hottub on the balcony that really caught my eye.

I sent out an email to find out if the unit was still available. With the trip only being two weeks away, I figured it was highly unlikely that this prized suite would still be available. But to my amazement, the homeowner contacted me back shortly thereafter telling me it was ready to go.

I took a look at the paperwork (which was far from comprehensive, but what could you expect from a craigslist ad?), and after signing the dotted line, there was nothing left to do but make payment. But instead of dropping a credit card deposit, I was asked for the full payment—about $900 via an interac e-transfer—up front.

Now in many other instances, this writer might have noticed that he was up against a scam-artist. But after desperately scouring the Internet for nice place on short notice (not to mention that my eyes were salivating at the pictures) I was actually about ready to forward over my cash. Luckily, I ran the ad by my roommate for the sole purpose of showing off the ad and all its luxury. He immediately identified it as a scam.

As it turns out, many ads like this one exist. What generally happens, after someone makes payment, is that they are given an address—sometimes real or fake—as well as the key-code for the door. A meeting is never established with the ‘homeowner’—rather, they email you instructions on how to enter the house—usually just a key code for the door. But once you show up, the key-code for the house doesn’t work, and you quickly come to the horrific realization that you’re out a thousand dollars and a place to stay.

It soon became apparent that it was all too good to be true. I emailed the ‘homeowner’ just to be certain, and sure enough, he seemed desperate for my dollar—immediately slashing prices to try to entice me to make the deposit (FYI there’s no homeowner in their right mind that would rent out a 5 bedroom chalet for $200 dollars a night on a prime weekend in Whistler).

It’s common for students to get sucked into these scams, so next time you’re getting ready to book that weekend getaway with the gang, make sure you don’t fall into one of these traps. A good rule of thumb is to only make payments via credit cards due to their built in safety nets. At the end of the day, you might have to spend a little extra cash to make sure you and your friends have a good place to hang your hats after a long day on the slopes– but at least it won’t as expensive (and utterly disappointing) as falling victim to one of these scammers.

Has something like this ever happened to you? Hit the comment section below to share your story!

Open Access Week: a Social Media Snapshot

By Jon Hernandez on November 3, 2015 | Tagged with

Last week, some of the greatest minds in Open Access met in a panel to discuss the success, challenges and future of open access in the forms of scholarly publishing, textbooks and education. Take a look at the social media timeline of the event below.

To learn more about Open Access, check out our webpage!

Read More | No Comments

When Social Media Bites Back: Election Edition

By Jon Hernandez on October 15, 2015 | Tagged with digital tattoo, employee

Image attribution: Metro Toronto Convention Centre by Jason Paris on Flickr – CC:BY

As we gear up for the upcoming election, it’s no secret that social media has influenced this years’ campaigns more ways than one. It seems each time I scroll through my Facebook newsfeed, I deal with the collective ‘Stop Harper!’ screams of my youthful friends, while a Justin Trudeau advertisement curiously appears on my sidebar (are the Liberals conspiring to grab my vote?). But the most vivid and encouraging sight of the social media frenzy tells me which of my friends will be making it out to the polls. The ‘I will vote Oct. 19th’ campaign has took hold of many of my friends profile pictures, highlighting a politically engaged core of citizens that will make up this years ‘youth vote’.

Social media has never made such an impact in a federal election before. And while it continues to inspire voter turnout (granted, we won’t really know how effective it has been until after the election), it also helped crush the dreams of a few political hopefuls in this years’ regional ridings.

In mid-August, Ala Buzreba, liberal candidate for the Calgary-Nose Hill riding, had to drop out of the race after some of her old Twitter posts surfaced. Chief among the suspect tweets was one where she told a fellow tweeter to “go blow your brains out.” And in another post, she used some choice words to lash out at an Israel supporter.

Once the press picked up the tweets, it was bye-bye to Buzreba. She stepped down from her riding and then issued a formal apology. Unfortunately, the tweets in question were years old (she was 17 years old when they were published) and she claims to have been young and naïve. The tweets may have since been deleted, but she will likely be feeling their effects for a long time coming: her political career has taken a huge hit and she will always be remembered for her foul language.

Ironically, before the Tories even got a chance to make gloat about the Liberal candidate’s social media slip, something even more bizarre happened: two separate and disturbing videos of conservative candidates cropped up on YouTube. The first showcased Jerry Bance, running for the Scarborough Rouge Park riding, peeing in a coffee cup back in his days as a refrigerator repairman. The second depicted Tim Dutaud, conservative candidate in the Toronto-Danforth riding, deeply engaged childish art of prank phone calling. The pair were immediately dropped from their ridings, and they will likely never live these videos down (you can bet that Bance won’t have his old job to fall back on either).

There’s a few takeaways from the dreaded tales of Ala, Jerry and Tim. Some of the things we say and do can really come back to haunt us, especially in the social media age. Most of us probably won’t be riding for political candidacy any time soon, but you never know how deep your next potential employer is going to dig. Don’t let that naive teenage version of yourself that leave behind a lasting legacy of questionable comments. You never know when something old might come back to bite you, so it’s never too late to clean up your profile.

Oh, and make sure you get out and vote!

Read More | No Comments

Are Private Groups Really Private?

By Jon Hernandez on September 13, 2015 | Tagged with

It’s that time of year again—the first week of a brand new fall semester that screams ‘fresh start.’ Whether you’re sporting a brand new laptop for the year, or flaunting a new set of kicks (is that what the kids are still calling it these days?), the new school year always offers every student the opportunity to expand their knowledge, make some new friends, and pump up that GPA.

A helpful online tool that can facilitate all of the above comes in the form a slick and simple social media tool that many readers might already be a part of: the private Facebook group. When I began my master’s degree at UBC, my classmates and I were encouraged to rendezvous on Facebook. What followed is one of the most engaging and thought-provoking facets of my online presence: a private group that offers the opportunity for my cohorts and I to engage with one another without the scrutiny of professors, share ridiculous inside jokes, and even remind ourselves about upcoming assignments and offer help and tips. New posts are a notification that I always look forward to.

The private Facebook group can be a great tool for discussion between classmates, and even allows an easy way to organize casual hang-outs or weekend ragers. However, much like anything we do online nowadays, it’s never a bad bet to act with a certain degree of caution. After all, the tool does have a few weak links that might make you wonder if the groups really are private.

Facebook groups don’t have a traditional administrator—the person who creates them is the ‘administrator’, however they aren’t able to reject or accept new members before they can join. Any group member can add people to the group, without the discretion of the administrator. You can end up sharing your content with total strangers.

The only true way to protect your privacy in an online group is to routinely check the groups you belong to an all of their members. Ensure that you trust each group member, and it’s probably a good idea to make sure that whatever you share won’t tarnish your reputation if the information was made public.

Just last year, a private group of male Dalhousie dentistry students thought they were in the clear when they shared posts that suggested violence against their female cohorts. They may have felt comfortable sharing such remarks in a closed group, but a weak link in the chain (a student who was obviously disgusted by the posts) screen grabbed the posts and shared them with the CBC. In a few short moments, the posts were everywhere—online, TV, and the radio—and the university investigated the students shortly thereafter. It’s unknown whether they’ll ever be able to practice dentistry once they finish their education.

So please, don’t be like the Dalhousie dentistry students. Make sure that when you use this immensely useful social media tool that you don’t litter it with obscenities that might tarnish your name. Be responsible. Think before you ink.

Read More | No Comments

Phone Security 101

By Joey Levesque on July 15, 2015 | Tagged with

Universities can be dangerous places. Exams, assignments, thieves and faculty lie in wait for the unsuspecting undergrad; of these, only theft can be (responsibly) avoided. This is important in the age of the smartphone; losing your device can lead to identity theft, bank fraud, and all sorts of scary-bad-no-fun situations.

What can students do to reduce risks? There are obvious (and less-obvious) measures that can be taken; we’ll outline the major points below.

First among these is locking your phone. Many of us choose not to password-protect our devices, but this can come back to haunt victims of theft. iOS users can find this option in Settings>General, while most Android users can find it in Location & Security Settings.

Another aspect of phone-sec is app-sec: making sure your apps are up-to-date and obtained from trustworthy sources (like Google Play and the App Store). Keeping your operating system updated is also a good idea.

Back up your data! This is a rallying cry for a reason. If the worst happens and you lose your phone, you don’t have to lose the information stored on it.

Remember to turn off Wi-Fi and Bluetooth if you’re not using them – they can drain battery life and might provide info-thieves access to your data. Logging out of websites (especially banking and shopping sites) when you’re done is good practice, as is keeping personal information to yourself.

Read More | No Comments

Academics Anonymous

By Joey Levesque on June 22, 2015 | Tagged with

As we’ve said many times before, privacy is essential to academic freedom and free expression. Anonymous browsing is one way for academics to ensure their privacy online (to the extent that’s possible) and can be done in a number of ways; chief among these are virtual private networks (VPNs), proxy servers and TOR – a browser purpose-built to anonymize data transport developed by employees of the U.S. Naval Research Laboratory in the mid-90s. Each method has its own advantages and disadvantages for students, researchers, and academics-at-large.

Virtual private networks are private connections spread over the internet. These are handy for academics who travel, as they allow users to securely access resources remotely. They’re also useful for circumventing geo-restrictions and censorship (although the data can likely be monitored regardless), as many Canadian Netflix subscribers know. Beware, though – some VPNs turn your computer into an ‘exit node’, which can render you liable for the actions of others.

Proxy servers ‘bounce’ connections – they allow users to access resources indirectly by acting as an intermediary. Proxies can act as a quick workaround but are traceable in some cases (your IP and/or DNS can show up in headers); some of these are rumoured to be ‘traps’ to catch illicit activity.

TOR (alongside its associated browser) is a network that functions similarly to a VPN, allowing users to circumvent censorship and restrictions. It can be used to publish a site while hiding its location, communicate sensitive information, prevent tracking; all of these are beneficial. It also comes with its own set of associated risks; merely searching for information on TOR is rumoured to attract surveillance, and it only protects the transport of data. End-to-end timing attacks are still efficacious, and software (the aforementioned browser) is required to conceal your info from the sites you visit.

Students, researchers and academics-at-large can benefit from these modes of anonymity, but they should be aware of the associated risks – and that absolute anonymity and security is infeasible if not impossible.

Read More | No Comments

Cyberattacks and you

By Joey Levesque on June 17, 2015 | Tagged with Digital identity, digitaldossier, Learn, Protect

The digitization of universities has rendered these centres of open information exchange vulnerable to new forms of espionage. While attacks are focused on research – particularly cutting-edge engineering and biomedical technologies – personal information about students and faculty is also a target.

While the university has an interest in preventing or at the very least recognizing these attacks, the nature of their ‘open culture’ necessitates access to information; tens of thousands of students and faculty access UBC networks from their own laptops, for example, and an attacker need only find one vulnerability. Network security is decentralized to users to some extent!

Universities are particularly vulnerable to attack; they build high-speed networks built around a central principle: free exchange of information. They can’t control user platforms (hardware and software) and can’t meet the stringent security standards that might be in place at a for-profit corporation.

Students – especially researchers – need to be aware that they are targets, use encryption where possible, and follow their institution’s IT policies. Institutions, for their part, may be forced to constrict the collaborative networks that reflect a culture of information-sharing and to centralize network responsibility where possible.

Cyberattacks present a serious threat to reputation and identity, especially where the attackers can’t be traced and the attacks are invisible. While personal information may not be the primary target of these attacks, it is valuable – and affects users’ digital dossiers. These records constitute a major part of digital identity and are widespread and somewhat ethereal – there are likely records you’re not aware of, and they follow you throughout your life.

Have you ever been the victim of a cyberattack? (We have.)

Read More | No Comments

Surveillance for students: a primer

By Joey Levesque on June 6, 2015 | Tagged with

What with nearly-omnipresent network surveillance and concomitant self-censorship, students (academics in general, really) face a new set of challenges to their freedom of expression and privacy.There are several areas here of particular concern for students; notable among these are copyright, academic freedom and privacy. Even educational surveillance can create an atmosphere of distrust, detracting from learning and civil rights.

Students and faculty alike are often limited in terms of network access. Remember that you are bound by the terms of the network you’re using (your school, for example). If you’re connected to the Internet at all you may very well be subject to observation from third parties. This applies not only to your academic work but to your personal communications; consider the effect this might have on organized demonstration or activism, especially in the wake of a still-functional Patriot Act and the impending Senate vote on Bill C-51. It is essentially safe to assume at this point that (even with encryption) your data is not safe on computer networks.

What about institutional protection? In the United States, FERPA (Family Educational Rights and Privacy Act) governs access to educational records and students’ personal information, yet does not protect against the use of this data for profit. Under FERPA students have the right to review, change and control disclosure of their records (to some extent). In Canada the equivalent policies are provincial in scope, but very similar to FERPA in purpose. in BC and Ontario, this is the ‘Freedom of Information and Protection and Privacy Act’, or FIPPA.

Surveillance and censorship – direct or indirect – are detrimental to the ability of students to collaborate and learn, especially in an online environment. Educational institutions should prioritize the protection of student data, especially when that data is not anonymized; students, in turn, should demand accountability from their institutions while informing themselves about their learning environments.

Read More | No Comments

Privacy, information and civil rights: Bill C-51

By Joey Levesque on May 21, 2015 | Tagged with intellectual property, policy, privacy, Protect

I am of the opinion that the passing of Bill C-51 threatens the privacy and freedom of Canadians.

It would authorize intra-governmental disclosure of information pertaining to Canadian security, limit air-travel abilities of persons suspected of posing a threat (domestically or abroad), criminalization of ‘terrorist speech’ (which seems hopelessly vague), the granting of disruptive power to CSIS – previously an information-collector – and suppression of information from representatives of detained persons. The federal Privacy Commissioner, Daniel Thierrien, stated that it “opens the door to collecting, analyzing and potentially keeping forever the personal information of all Canadians”, including tax and travel information.

The bill has been justified as ‘necessary’ and characterized as striking a balance between protection of Canadians and preservation of their liberties; these, however, are not mutually exclusive or even oppositional. The legislation attracted support among the Conservative majority and Liberal party but faced opposition from the NDP and Greens.

My reading is that Bill C-51 centralizes information but in so doing diminishes the usefulness of that data; that it is not necessary, especially given the possibility of eroding fundamental freedoms; that CSIS’ mandate should not be expanded beyond observation, especially given a lack of oversight, and that limitations on expression – especially vague limits – are a misstep. While there may be a need for improvements to national security, the powers created by C-51 are excessive and perhaps ineffective.

According to Michael Geist, “the expansion on information sharing without addressing the oversight and safeguards of the Privacy Act should simply be a non-starter.” He names three privacy concerns: that the range of information-sharing is broad (and mostly unrelated to terrorism), that the scope of sharing is also overly broad (“17 government institutions with the prospect of cabinet expansion as well as further disclosure ‘to any person, for any purpose.'”) and oversight: “the notion that the law is equipped to deal with this massive expansion in sharing personal information is simply not credible.”

I agree with Thierren that “the privacy safeguards proposed are seriously deficient” and that ‘relevance’ is not a clear standard of admissibility for personal information. If this bill does become law (and it will), future lawmakers could establish some sort of review body (many federal agencies involved in law enforcement do not have independent review bodies) and/or refine the language of the law so as to preserve the privacy and civil rights of Canadians. OpenMedia.ca recently released a privacy plan for positive privacy policy in Canada; this summary from Canadian Journalists for Free Expression highlights recommendations from that campaign; some of these (‘require a warrant for cellphone searches’) strike me as fundamental. The report calls for an end to mass surveillance, judicial oversight (warrants) and accountability from the government.

Are these worthy goals?

Sources and further reading:

Bill C-51

Michael Geist on C-51

OpenMedia’s Privacy Plan

CJFE’s summary

CBC coverage

DT: Surveillance and Students

Cover photo by Stephen Harper (CC BY-NC-ND 2.0) https://flic.kr/p/eNh192

Read More | No Comments