Tuesday, August 7, 2018

On teaching kids to make good security and privacy choices themselves

February 10, 2019: Since writing the below post, I've learned of a technique that is used to get around Instagram's obscuring unsolicited direct messages. 

Instagram in general will blur DM'ed images from strangers, with a message asking if the recipient wants to accept the message. It's a simple and sometimes-effective way to reduce unwanted sexual images (more often than not sent to female accounts). To get around that, some lowlifes will begin a DM conversation benignly, engaging their mark in innocent conversation. After the target has accepted the (so-far above-board) DM, the abuser sends obscene images that are not obscured because the sender is now "known." The abuser keeps a clean "public" profile and only engages in abusive behavior through DM; since the abusive content is sent by DM, Instagram staff either cannot or will not (it's unclear which) view the content to act on abuse reports.

Educate your children that even if the conversation seems innocuous, you never really know who is on the other end of an Internet conversation.

If you or your child have received such unsolicited obscene material, you can report it to the FBI's Internet Crime Complaint Center (IC3) at https://www.ic3.gov/complaint/default.aspx/

If the recipient is under the age of 16, you can also report it to the National Center for Missing and Exploited Children (NCMEC) at https://report.cybertip.org/ 

In both cases, a screen capture of the obscene DM that includes the sender's name and/or profile alias will help preserve evidence if the abuser later deletes the DM.

Over the years I've written several posts on raising security-conscious kids.
A trend in my writing, as well as in my parenting, has been that as they grow up, my approach has evolved from technical controls to educating them to make good choices themselves. A recent conversation with my high school daughter highlights why that is.

My middle daughter maintains an active Instagram account. A household rule is, if your social media account is public, don't post anything personally identifiable; if you want to post personal stuff, keep your account private. This is a rule that gradually loosens as they grow older and can make informed decisions. As my daughter has gradually shifted from private to somewhat public, she recently was asked if she would be a "brand ambassador" for a company. 

We discussed some of the dangers and abuses a teenage girl would face as her exposure grew (abuses I have little first-hand experience with, but that I am well aware of through conversations with many of you). Her response was both shocking and encouraging: 
"Dad, I already deal with all of that. I just block and report them. Besides, Instagram obscures DM'ed photos unless I accept the request."
While not the response I expected, and not a topic I would have ever thought relevant in the not-too-distant past, I have to admit that's a pretty mature response. 

The moral? Technical controls can only go so far; as kids grow into teenagers and fledgling adults, they need the tools and skills to look after themselves.

Do you have something to add? A question you'd like answered? Think I'm out of my mind? Join the conversation below, reach out by email at david (at) securityforrealpeople.com, or hit me up on Twitter at @dnlongen