Very true. When I first received a message from George Haber on this incident via Facebook, I was suspicious. I checked, double-checked his Facebook page; sent an e-mail; but I wasn't still sure that I am talking to the right George Haber; I sent a Linked-In message; etc. and finally talked to him in person -- good old way -- via voice. It was a good thing I knew his voice.
The only real way to avoid this situation is to create a way of authenticating identity. Interestingly enough, this is seen as 'Big Brother' interference in our lives, even though the net result is increased security in terms of protecting our identities. Ideally there would be verified accounts for actual people and anonymous accounts for those who want or need them (political bloggers out of China, for example) or those just trying to be incognito. This status should be clearly indicated on each account.
The ugly truth is that doing anything on line carries a great deal of risk in exposing personal details and potential financial loss. Merely putting your phone number in an email to someone you want to have it does not prevent it from being picked up by a data mining service somewhere. From that, skilled 'miners' can find a lot more info than you would care to have out there.
Like all tools, in the wrong hands, the internet and related online 'services' can wreck non repairable harm in our lives. And laws with any teeth in them to protect the user, or punish the wrong doers, or compensate the victims, are almost totally lacking.
This week Google has put forth a plan to pay browser users IF that user would allow Google to add some more 'tracking' software to their browser "to allow them to better serve" the user.
Coupled with the unfettered ability for anyone to publish('blog')anything about you true or not, your reputation can be totally screwed. Some companies are now offering (for $$$$) to fix your online reputation.
I once read a business plan of a proposed social network company which at least told the truth by stating in the prospectus that the user should have no reason to expect any privacy at all.
That is disturbing all the way around. In a real sense, there is no protection against someone deliberately impersonating you online in Facebook, nor of you knowing about it when it happens.
Once your identity is hijacked, the impostor could request information, opinion etc or even set up a "meeting" somewhere with evil intent.
On the other side of this - how do you know you are actually communicating with an actual friend and not some stalker or government agent?
Thinking further, I use gmail for email and their Google+ is integrated in as a recent Facebook competitor. (I have not used it) I can see where attaching a social network app to a pre-existing, unique email address would be much safer and less open to spoofing/impersonation by hackers. Facebook does not have this layer of verifiable account information.
Publicizing this vulnerability could put a damper on their upcoming IPO, hence maybe why they want to keep this buried by deleting references to it?
I think a lot of us are jaded, when we hear about identity theft on social networks. I hear from my friends comments ranging from "Oh, Junko, you just need to be careful with the security settings," to "Get used to it, this happens all the time."
Maybe. But just a minute here.
If the social media means that we are "the people" and we are "the government," we'd better do a much better job telling Facebook that this is NOT acceptable.
Deleting my comment and my friends' comments on my wall without my permission is not kosher.
I am still waiting to hear from Facebook.