Tuesday, March 08, 2005

Gravatars & Security Measures

Gravatars
Recently, I signed up for a gravatar at www.gravatar.com. A "gravatar" is a globally recognized avatar. I thought that was a cool concept. The first time I saw these gravatars was on Say Anything's blog. Then, I noticed my comments section allowed for a gravatar. (I use HaloScan for comments right now. That may change in the future. Depends on if I start getting comments. I think maybe I talk about stuff that people don't care about or maybe, as in person, I intimidate people with the stuff I discuss.)

The whole idea of a gravatar was really cool so I signed up. I think the idea will catch on because there appears to be a desire in people to have something that represents who they are when they are online. We have had avatars in chat rooms/programs, 3D world programs, and public boards. Now we move to the world of blogging and again, we have the ability to select an image that represents us. The fact that www.gravatar.com experienced its 100,000,000th avatar account on March 5 (the day after I signed up for mine) is just astounding...and shows that desire in folks to have an online representation of themselves.

Why do people choose avatars to represent themselves?
In my opinion, the Internet is a-whole-nother world in itself. We choose screen names with the same idea: to give us an identity. But an avatar is a visual representation and can be used to really shape an identity. The amazing thing that www.gravatar.com does is it RATES each avatar based on the Motion Picture Assocation of America's moving ratings. Isn't that just a cool concept? So after you sign up for an avatar, it goes into a waiting period for a rating. The turn-around time on my rating after I made my gravatar request was the same day. (I think I am lucky because if this idea catches on like wildfire, then it may take a couple of days for a gravatar to get rated!) The purpose of rating the gravatar appears to be the same reason movies are rated: they're made available to the public. As a result of being public, the audience may be of various backgrounds. Most families would not wish to expose their young children to violent or sexual images. Christian families do not wish to view these things. Some folks may visit websites that depict images or discuss subject matter that may be offensive to others and thus wish to portray their gravatar along the same lines as the content of the areas they venture into.

An Idea that was proposed for the Gravatar...
...was the ability to check out every comment that a user posted by clicking on that user's gravatar. Doing so would give a curious observer the ability to find out what other things that particular user discussed. The idea was from the gravatar author himself and he goes on to talk about how on one hand it may be a great idea for anyone who wants to display to the Internet universe all the things they have commented on, but on the other hand it may be too much for some folks who appreciate the ability to have privacy while surfing the Internet.

Solution to this idea
I have seen this idea used on the Public Ezboards website. "Gravatars" of a sort were used by folks to display some sort of representation about themselves. When their image was clicked, it would then take the curious observer to a place where that user chose to make certain information available to the public. Like I said earlier and will paraphrase here, there are different kinds of people surfing the vast universe of the Internet. Different personalities log on to the cyberspace highway and cruise its networks. Some folks are open-and-out-there and have no issues with privacy, but there are other folks who prefer anonymity for one reason or another. (In this day and age, that is not incomprehensible.) If the gravatar user had control of what sort of information he or she could make available to the public, then this might be an acceptable solution. As it is, Blogger allows each account user to choose what to display regarding the user's details as well. Perhaps, if Gravatar.com would permit the gravatar account users to not only enable or disable certain fields such as location, comments posted, hobbies/favorites, and whatever...but also permit the users to "paint images" of themselves for the viewing public, then that may be an acceptable solution.

What does it mean to "paint images" of themselves?
It means that the user can give details that are not accurate about themselves. For example, I may live in Bend, Oregon and be a New Age herb freak living in a mobile trailer on a large farm. But I may not want the world to know that. So I bluntly lie about myself for my own reasons.
  • Perhaps I wish not to be easily found by "Internet stalkers".
  • Or I do not really wish to live in Bend, Oregon - if I had it my way, then I would be living in Cancun and sun-tanning for a living.
  • Or I don't want people knowing anything about me so I just make up some information for the heck of "filling in the blanks".
There are many reasons people would lie about themselves. Some of those reasons are criminal in nature. So that is something to consider when allowing this possibility for account users. Yet, there are groups of people who meet on the same website about the same topics and want to be able to depict themselves accordingly. A bunch of RPGamers from EverCrack...erm...Quest may want to show their character's face as their gravatar. A group of bakers may use baking or baked items as their gravatar.

Security issues
The good news in the realm of cyberspace security is that not everyone is as anonymous as they think. Including the best hackers. Every packet of information comes from somewhere and can lead back to that "somewhere". Pieces of you are left where ever you touch. So malicious folks cannot completely hide in cyberspace. Just as in a crime scene, if you touch it - your NANOBYTE DNA CODE *lol* has been there leaving trace evidence of your presence. It just takes savvy investigators who understand something about computers, networks, IP addresses, routers, and the like to find their criminal butt and incarcerate them. And websites like Gravatar.com and its server can provide information to authorities that are passed on to them by the victims in question.

What can people do to protect themselves?
  • FULL HEADERS
In your email client, make sure that FULL HEADERS are displayed on every email that comes into you. Yeah yeah - this information may seem like a bunch of garbeldy-gook to you and you have no clue what it means when it tells you MOZILLA sent you the email from IP ###.###.###.## via blah-blah-blah.net -- but to an investigator it is good information to use. When you get spammed and sent attachments from entities you do not recognize, then take a look at what IP address sends that information to you.
  • STORE INFORMATION
Keep a notebook to write down certain information such as TIME, DATE, IP ADDRESS (if you can get it), USER NAME, WEBSITE NAME, CHATROOM NAME, OTHER USERS PRESENT at time of chat. If you know how, then take screen shots and preserve that image file on a diskette, CD, Sandisk, or other external storage device that is not connected to your PC (i.e. attaches via USB). That way your PC cannot be maliciously hacked and that information lost/erased. Take notes in Notepad (Start/Programs/Accessories/Notepad) or Wordpad and save it to that same external storage device or disk. It may seem like a chore to take notes and screen shots and save it to a diskette, but it may save your life or someone else's. I know most of us like to come online and not be harrassed. We want to get on, do our thing, and get off. But other folks "live" online 24 hours a day. And not all of them are nice folks.
  • KEEP ALERT
When you are in a chat room and observe the conversation between a couple of users as sending you a "red flag" -- maybe one of the users keeps asking personal questions of the other user who is obviously trying to avoid answering them, but not escaping completely... then go to a Moderator and alert them to the conversation, if one is available. Whether or not they are available, take a screen shot of what is being said. Some chats give the option of saving the chat conversation: Do it. If that option isn't available, try clicking inside the chat and then [CTRL] and [A] at the same time to copy ALL the chat. Paste the chat into Notepad, Wordpad, or some other Word program. Save the chat in an external storage device or disk with the date and time somewhere. You might get a call from a law enforcement agency if you happen to be in a chatroom at the time something criminal was going on...so either you were paying attention to the activity or you weren't. But if you can help in anyway, then these measures will assist those authorities to help the victim(s).
  • DON'T GIVE OUT PERSONAL INFORMATION
This is the one most of us already know. And though we know it, some of us still give SOME information out about ourselves. For certain, do not give out things like:
  • Your phone number
  • Do you know that there are websites people can go to, INCLUDING GOOGLE, where all someone has to do is type in a phone number and it will pinpoint where you live? yeah. So don't give it out.
  • Your address
  • I think this is a given - unless you want people knocking on your door whom you know online as D@Z=d&c0NfuZ=D ? Or how about as Me+hBaLLeR? Yeah, thought so. This includes giving out your city or town name. If someone is persistent, give them the name of the most popular city there...or most unpopular. Either way. Or just tell them to buzz off.
  • Your real name
  • Unless your name is Sue Jones. Or how about Bob Jones? Or Jessica Simpson? Find a name in the phone book that is listed about 100 times and choose that for a name. *LOL* Remember the movie with Arnold Schwarzennegar where he goes back in time to find some woman and he uses the phone book and starts killing every person by that name? Yeah. Point taken. (That movie was Terminator, by the way.) That's why you don't give out your location and name.
  • Where you work
  • I sent daffodils to someone for their birthday at their place of work when I found out that information from them. I met them on the Internet. Kind of shocked them. See, all I did was learn their GENERAL PLACE of work. Then from there, I knew how to find them. That's why I make a good (but scary) investigator. Scary because I can think in the frame of mind that criminals use to do bad things. Except I use that mindset to do good things - like help people (like this post)...or send beneficial gifts.
  • Your childrens' school name
  • Bad decision when put in bad hands. Yeah. Children are innocent and say things they shouldn't because most do not understand the whole concept of security. They're trusting little individuals and a criminal can manipulate them into believing he or she is harmless, helping, or a good person. yeah.
  • WOMEN!
  • Listen women. A lot of us have the gift of gab. Watch out what you tell others. Be careful how much information you share with another person YOU DON'T KNOW except over the Internet. I do not care if you WEBCAM them and they "SUPPOSEDLY" share their life history with you. HELLO! A pregnant woman in Kentucky got her stomach slashed open and her fetus removed at EIGHT MONTHS because she trusted another woman on the other side of the state! yeah. Ok. Get the point? Not a good scenario there. If you want to go telling people how happy you are about something...complications you are experiencing in something...how upset you are about something or somebody...just beware. Don't offer to meet them - and if you do, BRING YOUR HUSBAND WITH YOU. Or your boyfriend. Or brother. AND -- notice I did not say OR...I said AND -- meet them in a public place where there are plenty of other people around. Malls are cool because you can park on one side of the building and they can park on the other. If they exit one way and that's the same direction you parked, then you can exit another way and watch for them to leave if you do not trust them. Or better yet, get the security staff to walk with you to your vehicle. It is not enough to simply meet at a public place. Remaining alive after the meeting is essential.

  • INSTALL AN ANTIVIRUS SOFTWARE PROGRAM AND A FIREWALL
Both. Not one or the other. Both. There are good ones out there. I've used ZoneAlarm Pro in the past as a firewall and it was a really good firewall. I have used Norton SystemWorks and McAfee and decided I liked Norton better. Personal preference maybe? I like when pop-ups display on my screen with messages like IP ADDRESS ###.###.###.## ATTEMPTED TO SEND A TROJAN SUBSEVEN VIRUS THROUGH UDP PORT 67 or something like that. Then I go do my little thing with finding out where that IP address registers, logging & storing that information in a database where I can perform matches & compare dates/times, and eventually send letters to the right folks who can get things done to knock them offline. A computer user should not be harrassed by hack attempts, but they are out there. And if you wish to put an end to it, then you'll need to keep a log of all the information. ZoneAlarm keeps those logs for you as do other programs. I just keep specific information separate from those general logs.

At any rate, if a gravatar account user chose to display all the comment links of every comment he or she made all over the Internet, then that should be an option to turn on or off. Profiling someone is made easy by reading the things they type about and the websites they "hit". This could be good or bad, depending on who is using that information...if they are. But for the lackadaisical throng of folks who surf the Net for enjoyment, this information is simply a way for them to go and read more interesting material from someone they either love to hate or have found to be a skilled writer. *shrug*

Pros and cons to everything. I tend to see a big picture so I try to paint as much of it as possible for people to make their own decisions about things. It's all a matter of personal preference. Truly.

No comments: