Tuesday, August 7, 2018

On teaching kids to make good security and privacy choices themselves

February 10, 2019: Since writing the below post, I've learned of a technique that is used to get around Instagram's obscuring unsolicited direct messages. 

Instagram in general will blur DM'ed images from strangers, with a message asking if the recipient wants to accept the message. It's a simple and sometimes-effective way to reduce unwanted sexual images (more often than not sent to female accounts). To get around that, some lowlifes will begin a DM conversation benignly, engaging their mark in innocent conversation. After the target has accepted the (so-far above-board) DM, the abuser sends obscene images that are not obscured because the sender is now "known." The abuser keeps a clean "public" profile and only engages in abusive behavior through DM; since the abusive content is sent by DM, Instagram staff either cannot or will not (it's unclear which) view the content to act on abuse reports.

Educate your children that even if the conversation seems innocuous, you never really know who is on the other end of an Internet conversation.

If you or your child have received such unsolicited obscene material, you can report it to the FBI's Internet Crime Complaint Center (IC3) at https://www.ic3.gov/complaint/default.aspx/

If the recipient is under the age of 16, you can also report it to the National Center for Missing and Exploited Children (NCMEC) at https://report.cybertip.org/ 

In both cases, a screen capture of the obscene DM that includes the sender's name and/or profile alias will help preserve evidence if the abuser later deletes the DM.



Over the years I've written several posts on raising security-conscious kids.
A trend in my writing, as well as in my parenting, has been that as they grow up, my approach has evolved from technical controls to educating them to make good choices themselves. A recent conversation with my high school daughter highlights why that is.

My middle daughter maintains an active Instagram account. A household rule is, if your social media account is public, don't post anything personally identifiable; if you want to post personal stuff, keep your account private. This is a rule that gradually loosens as they grow older and can make informed decisions. As my daughter has gradually shifted from private to somewhat public, she recently was asked if she would be a "brand ambassador" for a company. 


We discussed some of the dangers and abuses a teenage girl would face as her exposure grew (abuses I have little first-hand experience with, but that I am well aware of through conversations with many of you). Her response was both shocking and encouraging: 
"Dad, I already deal with all of that. I just block and report them. Besides, Instagram obscures DM'ed photos unless I accept the request."
While not the response I expected, and not a topic I would have ever thought relevant in the not-too-distant past, I have to admit that's a pretty mature response. 

The moral? Technical controls can only go so far; as kids grow into teenagers and fledgling adults, they need the tools and skills to look after themselves.

Do you have something to add? A question you'd like answered? Think I'm out of my mind? Join the conversation below, reach out by email at david (at) securityforrealpeople.com, or hit me up on Twitter at @dnlongen

Whois David?

My photo

I have spent the better part of two decades in information technology and security, with roots in application developer support, system administration, and network security. My specialty is cyber threat intelligence - software vulnerabilities and patching, malware, social networking risks, etc. In particular, I strive to write about complex cyber topics in a way that can be understood by those outside the infosec industry.

Why do I do this? A common comment I get from friends and family is that complex security topics give them headaches. They want to know in simple terms how to stay safe in a connected world. Folks like me and my peers have chosen to make a profession out of hacking and defending. I've been doing this for the better part of two decades, and so have a high degree of knowledge in the field. Others have chosen different paths - paths where I would be lost. This is my effort to share my knowledge with those that are experts in something else.

When not in front of a digital screen, I spend my time raising five rambunctious teens and pre-teens - including two sets of twins. Our family enjoys archery, raising show and meat rabbits, and simply enjoying life in the Texas hill country.

For a decade I served as either Commander or a division leader for the Awana Club in Dripping Springs, Texas; while I have retired from that role I continue to have a passion for children's ministry. At the moment I teach 1st through 3rd grade Sunday School. Follow FBC Dripping Springs Kids to see what is going on in our children's ministries.