When is social sharing too much?

Author: Jeff Coon

If one of your friends asked you to send them your latest credit card statement for the purposes of posting it online for all of your friends and family to see, would you do it?

I certainly wouldn’t – and I love and trust my friends dearly!

As much as I’m all for social networking and information sharing, this is definitely something I wouldn’t feel comfortable doing. The immediate red-flags that pop into my head are:

  1. It’s none of your business what I purchased
  2. From a personal and financial security stand point, why would I make that information public
  3. I’m setting myself up for a social engineering scam (Social engineering is the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical hacking techniques. Source:Wikipedia)

The opening scenario isn’t too far fetched. With the introduction of blippy.com (which launched in January 2010) web users are publicly sharing the transactions and purchases they make – including ATM transactions! (see screen capture below)

Blippy.com

Here’s a summary of what Blippy is (according to crunchbase.com):

“Blippy is a service that allows you to automatically share your credit card transactions as you make them. This includes the place you made the purchase, the amount, and in some cases, the item. This is all placed in a social stream where other Blippy users can comment on and “like” the various items.”

I’m trying to be open-minded about this service but am really struggling to figure out why someone would want their friends (and hackers) to know virtually everything they purchase. If you have some examples of why this is a good idea, please leave a comment below.

Addressing some of the “red-flags” I mention above, specifically the social engineering scam, we make it so easy for hackers and attackers (both online and offline) to compromise our personal and financial security. For example, if an attacker knows I just purchased a book at Amazon.com for $24, what’s to stop them from creating a fake email that looks like it’s coming from Amazon?

It would be easy to trust that the email is really from Amazon because they’d have the name of the book you purchased and the price – so, at first glance, why wouldn’t you believe it? The email could be offering you a “cash back reward” by simply “clicking this link” – which could take you to a site that downloads malware and infects your computer or compromises your browser sessions, social profiles, etc.

Addressing the offline personal security issues, blippy also lets people know where and when you hang out – and how much you spend – which makes it easy for someone to monitor your patterns of behavior. More specifically, I can find out what ATM you like to get cash from and can tell that you usually take out large sums of money. In the example above, it shows a withdrawal of “$460 from the Bank of America”

I could ramble on and on about this, but for your sake, I won’t. I just question some of the habits of social sharing. Transparency and open communication is great, but when is it taken too far and how much privacy are people willing to give up for the sake of “being connected?” Please let me know your thoughts below.

Topics: blippy, privacy issues, social engineering, social media