The Wall Street Journal ran a great reminder on the dangers of what has been referred to as “sharenting”, posting every significant moment of our kids’ lives online. Starting before birth and hitting every milestone, children’s names, birth date, place of birth, schools and hobbies are all posted online and “tagged”, along with family and friends. An intimate list of PII laid out online for future threat actors. In addition, the story said that “by the age of 13, when children are allowed to use social-media sites themselves, there could already be almost 4,000 photos depicting them online.”
One can just imagine how easy it would be to scrape that data for future abuse. Since we’ve been doing this since the 90’s, that future is now.
“The dangers of “sharenting” go beyond the holiday season. Online presence is a double-edged sword. It is great that geographically distant relatives and friends can stay informed about what is going on with the grandkids, nieces, nephews, cousins, friends, but so can complete strangers including bad actors. It is difficult for most people to understand how wide a circle they are sharing with, or how to set appropriate share controls to limit downstream sharing. Social networks operate on the principal of network effect which is the phenomenon where a product or service becomes more valuable when more people use it. It is a positive feedback loop in which more users lead to more value for all users. Thus, it is in the interest of social media to put more eyeballs on each piece of content, and not make it simple for everyday folks to understand the sharing setting.
Some things to consider for all of us before we share our lives or our children’s lives online:
“While it’s up to parents to make the choices for their children, those children will eventually be independent adults who may face consequences of their parents’ privacy choices. They may grow up only to discover they were the victim of identity theft years before they were a legal adult, and potentially face the costly, frustrating processes to undo the damage.
“Hackers and identity thieves aren’t the only ones who could use social media information maliciously. Stalkers, cyber-bullies, and child predators also pose a safety risk by abusing this information.
“The best course of action is to not share any personally identifiable information (PII) on social media. If you choose to share details, regularly review your privacy settings, be mindful of who you add as friends or followers, and obscure sensitive data from photos.
“As a bonus tip on social media privacy during the holidays, avoid posting travel details like plane tickets or itineraries on social media during. Barcodes and travel itineraries can contain PII such as date of birth and reveals when you’ll be away from home.”
Operational Security or OPSEC is what infosec professionals call the data that can help determine a risk of threat to a person or organization. Parents today are committing OPSEC violations involving their children since their birth. While we can teach an OPSEC course, you cannot put a genie back in a bottle.