Social media behaviour

November, 2015


Precious Memories

5th birthdayYour child’s birthday party was a success. Lots of happy children, proud parents, nothing (of significance) broken, no conflicts or crying and you’ve finished cleaning up. All that remains are good memories and the photos to prove it. Once you have reviewed and removed the sub-par and redundant shots (no hoarding!) it’s time to share them with family and friends who were and weren’t there. But how to accomplish this? Choose from 1 or 2:

  1. Post/send them to your preferred social media service: Facebook, Twitter, Google+, etc.
  2. Print multiple copies and post them around public places (supermarkets, food courts, arenas, public transit) frequented by your friends and family.


What was that? You would never consider option 2 because the photos were meant only for trusted family and friends and not anonymous strangers? Well, options 1 and 2 are virtually the same. Post them to a social media account and you will typically need to set privacy settings for each photo and/or album to obtain some degree of privacy. Many social media services were designed for exchanges with multiple users. The birthday party photos are likely intended for a small number of trusted acquaintances. The path to preserving their privacy is to do no more than the specific objective. It is simple and described in the end of the fourth sentence of the first paragraph.Binary

Let’s examine five alternative measures that can, individually or in combination, limit accessing the photos to you and the recipient.

Consider attaching the photos to a text or email. These services were designed for one-to-one or one-to-few exchanges; from your Sent folder to their In Box with no central public forum involved. Once the recipient has confirmed the photos are received and saved to a secure local computer you can both delete your messages. Be aware that your email or text could be intercepted at any of a number of points through the internet once you have pushed Send. To prevent this, the messages can be encrypted, which requires the sender and recipient to use specific and for some, complex software.

Another method is to use a file transfer service or ‘cloud storage’ such as Dropbox that encrypts files that users place onto their servers. However, they can also decrypt the files, thereby compromising the users’ privacy. This is currently typical of most file transfer/cloud storage services who do not offer ‘end-to-end’ or ‘full’ encryption where files are encrypted at the sender’s end and only the sender and recipient can decrypt them. One exception is Mega, founded by the controversial Kim Dotcom. When a file is selected for transfer, a link and decryption key are generated. These can then be sent to the recipient, in separate messages, and used to download and decrypt the transferred file.

ZipFor additional protection from unauthorized access, the photos themselves can also be encrypted into an archive. A number of apps can do this – Winzip, 7zip and Winrar, available in free, ad-paid and fully paid versions. Whichever one used, ensure that when creating the archive you both password-protect and encrypt it. Use a strong password (12+ characters including upper and lower case letters, numbers and symbols) and select ‘256-bit AES encryption’.

Like with Mega, communicate the archive password to your recipient in a means other than within the email or text containing the attached archive. The encryption will prevent anyone but your recipient from analyzing the contents of the archive without opening it. Although the archived photos are not visible without the password, the file names of the photos can be. If it is important to you that the names of the photos or any other files in the archive are not visible to anyone but your recipient, also password-protect and encrypt the already password-protected and encrypted archive file.



May, 2015


Nothing to hide

You have probably heard, thought or expressed a variation of the following: “Why should I care if the government (or police) looks at my texts/posts/emails. I’m not doing anything wrong so I’ve got nothing to hide.”

Among the many atrocities committed by communist authorities during the Soviet Union era (1922-1991) was internal spying. A simple web-search for any variation of ‘Soviet Union’ and ‘spying’ will return numerous accounts of the surveillance imposed upon citizens of Russia and other former republics. It was performed not only by the KGB and Stasi (East German Ministry for State Security), but also by ‘encouraged’ citizens and family members against each other.

The early days of land-line telephone service featured the ‘party line’. Also called a ‘shared service line’, the group-usage design allowed for reduced cost per user. It also created the opportunity for the community eavesdropper to listen in on others’ calls. A common scenario went as follows: “Hello”; a few sentences of discussion, then, “Just a moment… the call is for me, Whomever.” A telltale ‘click’ followed as the Nosy Parker hung up. The conversion would then resume in private, or sometimes still not.

In June 1972, five men connected to the Republican Party of the United States were arrested and charged with breaking into the Democratic National Committee headquarters in Washington’s Watergate Hotel. The ensuing scandal led President Richard Nixon, winner of that year’s election in 49 states, to resign two years later.

Rock ’n’ roll legend Chuck Berry purchased Missouri restaurant Southern Air in the late 1980’s. Just a few years later he settled a class action lawsuit with 59 women who alleged he had video-recorded them while using the restaurant washroom. Berry’s explanation was that he had installed the camera to catch an employee supected of stealing.

According to the NCJRS (National Criminal Justice Reference Service), approximately 7% of Americans age 16 or older were victims of identity theft in 2012.

X-ray machines for scanning luggage at airports have been in use for decades. From 2009, 165 American airports began using backscatter x-ray devices that were described as non-invasive and privacy-respecting. Yet, numerous examples of virtual nakedness, targeted scanning and the sharing of images among TSA staff were publicized. All devices were replaced by 2013.

At the end of the same year, over 14,000 patients of the Rouge Valley Health System in southern Ontario received notice by mail that their personal health records had been sold to providers of Registered Education Savings Plans or baby photography.

January 29, 2014 – Senator Mark Udall, Senate Intelligence Committee: “We all are well aware of Executive Order 12333. That order prohibits the CIA from engaging in domestic spying and searches of U.S. citizens within our borders. Can you assure the committee that the CIA does not conduct such domestic spying and searches?” CIA Director John O. Brennan: “I can assure the committee that the CIA follows the letter and the spirit of the law in terms of what CIA’s authorities are, in terms of its responsibilities to collect intelligence that will keep this country safe. Yes, Senator, I do.” (Source:

July 31, 2014 – “Inquiry by C.I.A. Affirms It Spied on Senate Panel” (Source: “CIA director John Brennan apologizes for search of Senate committee’s computers” (Source:

ConfidentialEach of the previous examples demonstrate abuses of privacy. Motivations might have been noble cause, hubris or selfish gain. They could not have been judged an abuse of privacy if there had not been an expectation of it. Were the expectations based on having something to hide?

Virtually every day we take measures to protect our privacy: Password protecting our electronic accounts, drawing curtains, not tipping our cards playing Texas Hold’em and even the wearing of clothes when nudity might be more comfortable through very hot weather. The custom of sealing envelopes is gradually giving way to online communications and encrypted financial transactions. If an alternate postal service had long ago offered free postage in exchange for the right to open, read and copy the contents of the mail we sent and received, would it have been a good deal?

Maintaining the confidentiality of our personal information is also expected of others, by law in some situations: Tax assessments, medical results, salaries and performance appraisals, to name a few.

Having “done nothing wrong” and “nothing to hide” are not synonymous. The former is a matter of legal and moral judgement. The latter – unrealistic and may very well put yourself and those you care about or are responsible for at great risk.



January, 2015

Don’t forget about the home movies

VHS tapes on shelvesIn 2012, rare footage of the 1933/34 Chicago World’s Fair taken by a Wisconsin family was donated to the Chicago Film Archives. The almost 80 year-old 8mm colour film was still in good condition and quickly converted to a digital format.

Rewind to the late 1970s when video cassette recorders began to enter the mainstream market. After a relatively short battle, the VHS format developed by JVC had won the affection of buyers over Sony’s Betamax.

Along with the many benefits of the new device was the ability to have celluloid home movies converted to a handy unit that could be viewed on the VCR. Through the 1980s and 90s many took the step to have aging images preserved for present and future enjoyment.

As history has a habit of repeating itself, a new digital video format emerged in 1995 – the digital video disc. The product of multi-company research and development, it wasn’t long before the public clamoured for the ability to record onto them as had been done with the VCR tape.

In 1997 the recordable DVD was pioneered by… the Pioneer Corporation and immediately embraced by the market. The old-to-new video format conversion cycle had returned, with the current generation beginning to migrate their priceless videos from analog to digital. The process offered several playback environments this time – DVDs could be read by desktop computers and standalone tabletop players.

A yet newer (2001) and established format for conversion was MPEG, also playable by contemporary devices. But the format that currently provides the greatest flexibility and forward compatibility is MP4 (MPEG-4). These files can contain video, audio and subtitles, plus have the ability to convert to other formats. The explosive popularity of MP4 (and other format) video streaming has been pushing the DVD, along with its lovely offspring Blu-Ray, toward the door. It appears that a new format has emerged in each of the past few generations; more likely than not this will continue.

Like the World’s Fair films, videos taken prior to the last quarter of the 20th century may have begun their lives on celluloid before transformation to VHS. Images of family and events captured two or more generations ago are especially precious and may have never been seen by many members.

Countless VHS home movies sit in attics, basements and garages. Each is subject to degradation from fluctuating temperature, humidity and the gradual detachment of iron oxide, the particles that hold the images and sound to the tape. Worse, they may inadvertently join other ‘junk’ sent to the dump/incinerator, get destroyed by flood water or go up in flames.

Celluloid home movieOnce a new video format has been entrenched as the de facto standard, arrange for your videos to be converted. Organize and secure them as you (should) do for your personal data. Duplicate (back-up) and distribute copies of home videos to other family members. They will greatly appreciate it, as well as provide a potential source for replacement in the event of the loss of your version(s).

Video Conversion Overview

  1. Collect your video tapes in one place
  2. Itemize them by title/description
  3. Set aside any that don’t require conversion, for example, a TV show you recorded that is no longer important
  4. Determine the total number of tapes and hours of content. The recording speed used (SP, EP or LP) determines the duration, as does the tape length label (T-120, T-160)
  5. Decide on the output format – MP4 is best but not mandatory
  6. Decide on the output media – hard drive, USB thumb drive or DVD
  7. Equipment required will include a functioning VCR; a computer with a video capture card; software for the capture, conversion and editing; the output media and cables for connecting the devices

Unlike digital-to-digital file copy (which is easy once converted), the initial conversion from VHS must be done in real time: two hours for a T-120 recorded at Standard Play speed. Step-by-step instructions are needed for the video capture and edit software you decide to use. There are numerous to choose from, so begin searching the web for those compatible with your equipment.

Next step is to review the converted video and edit it for possible improvements in quality, for example to correct brightness or colour saturation. The duration for this will depend on the conclusions reached during the review.

Alternately, you may decide that you are like the many that have such cherished video tapes but not the facilities, know-how or time to transform them. If so, still complete the above steps #1-6. When done, contact a video conversion service provider.

Responsibilities of the Provider

  • The provider should be trustworthy and confirm that you will be the only recipient of copies resulting from the conversion.
  • The converted contents will need to be spot-checked by the provider to confirm success. Therefore, know what are on the tapes and refrain from submitting embarrassing or illegal content.
  • You should receive your tapes back after the conversion, for either continued safekeeping or destruction.
  • Copies remaining with the provider resulting from the conversion process should be securely deleted.



December, 2014



ClockSome people (publicly or privately) declare New Year’s resolutions, some do not. Objectives often include saving (more) money, losing weight or quitting smoking.

It has been said that true resolve does not require a turn of the calendar and that the declaration of resolutions might in fact create false hope. Still, if it provides a remote possibility for triggering self-improvement, then by all means begin.

If obvious bad habits aren’t on your agenda but you suspect there must be a shortcoming needing resolution, please consider improving the protection of your personal information. This should be part of your mindset and can be accomplished by a careful review of existing social media habits.

At all times when we are around others we filter our thoughts. Some are appropriate for verbal expression, some not, for all sorts of reasons. Yet, millions are skipping the filter and just braindumping into social media. When composing texts, posts and emails, ask yourself if there would be any problem if it was seen by your boss. Or mother. Or adversary. The possibility is very real.

Information thieves proliferate. Some are burglars looking to swipe iPads and cellphones from unattended homes; others, sophisticated international ‘black hats’ with intimate knowledge of corporate security systems.

Thieves are not unfamiliar with social media. It has become a very effect tool for them to discover items of value, current or forecasted absences and the addresses of both points of interest.

Consider the specific objective for postings of all types. For example, if your goal is to provide a family member, whether in the same city or across the world, with copies of photos from your children’s birthday party, do so. Send as email attachments or transferred through a service such as Dropbox. Once exchanged, you can delete them from the transition environment.

What do you gain by posting them indefinitely onto a page that requires careful review and configuration of its privacy settings? Does your family plan to look at them on an hourly basis for the next 5-10 years?

Few parents wouldn’t caution young children against posting excessive amounts of images and information about themselves, yet parents often miss the irony that the very same content may be available on the family Facebook page. A predator isn’t particular about where he acquaints himself with a child.

When you post into social media you are directing strangers to read your mind. Text reflects your thoughts, photos show what you see. If you have not subjected these to a filter, how can you expect to avoid self-inflicted embarrassment or harm? You have spent perhaps decades developing a public profile and a sense of self-protection. Is social media a good reason to abandon your instincts and behave with the recklessness of a 14 year-old?

If you do resolve to correct these bad habits, congratulations, but don’t let your new-found discipline go the way of the juicers and stair-climbers on Craigslist.

 Happy New Year


November, 2014


To the family and friends of the recently deceased has emerged a new concern of growing significance: Access to their social media accounts.

FamilyFacebook does not provide access to a deceased person’s account. Instead, they may honour an authorized request to close it, or offer ‘Memorializing’, whereby logins, friend additions/removals, timeline deletions, ‘People You May Know’ listings and birthday reminders for the account are discontinued. Pre-added friends can still post to the memorialized user’s timeline.

Facebook-owned Instagram, similarly, does not provide access to a deceased’s account, offers memorialization and will shut it down following an authorized family request.

Access to a deceased person’s email account, in this case Gmail, requires your detailed identification and the deceased person’s Gmail address, death certificate and a copy of their government-issued ID or driver’s license. From an email message that you have received at your email address you must also provide the full header from the email message (this varies among email services) plus the entire content of the message. This information must be mailed or faxed to Google.

If accepted (within no minimum length of time), they will notify you by email with a decision on the next steps of the process. This could take several months and you may be asked to provide additional legal documents. Your request for access could still be ultimately denied.

Each social media service has their own policy for responding to the death of account holders. What is your policy should your heirs suddenly want access to your account(s)? Depending on the type of behaviour you exhibit in social media you may not want them to have it. Consider this moment an opportunity for you to review your social media presence and apply greater discretion going forward. But presuming you have ‘nothing to hide’, you will need to leave them secure, accurate, up-to-date access.

This objective requires consideration, planning and action. A concise but improperly secured list of environments, userids and passwords could be vulnerable to a home break-in or computer hack. Conversely, a hidden list might just remain that, under the stress of a sudden death. Follow these steps to ensure your heirs, and no one else, obtain access to your online accounts after your death:

  • Record website/app names, userids and password hints in a spreadsheet accessible at all times by your spouse or trusted family member. Do not record the actual passwords here. These should be discussed and utilized by your spouse or trusted family member and only the first letter as a hint is recorded in the spreadsheet. The spreadsheet can contain all online userids and passwords, not just those for social media accounts.
  • Password protect the spreadsheet. It should be different from the online passwords. Again, regularly review the password with your spouse or trusted family member.
  • You may be periodically required to or for any reason change a password. Apply the discipline to change them all and update the password spreadsheet.
  • Ensure the password spreadsheet is included in a general estate plan that includes each will type.

Final consideration: Pandora’s box. Once you and your family members have secured access to their social media accounts, carefully consider whether you will really want to read through every post, message and photo of your late spouse, child or parent. You may discover matters that shock you but for which they cannot provide an explanation or clarification. It could upset you and affect your esteem for them at a very vulnerable time.



September, 2014



Clouds“Hollywood celebs targeted in nude photo hack”, or some such wording blared the headlines on August 31.

Apparently one or more persons found the means for accessing the personal photos of Jennifer Lawrence, Mary Elizabeth Winstead, Ariana Grande and other celebrities.

Reactions from the victims ranged from ‘intent to prosecute’ to ‘fakes’ to ‘long ago taken and deleted’. Those from both casual and professional commentators were equally varied. ‘Gross violation of privacy’, ‘calculated risk’ and ‘personal carelessness’ were among the expressed conclusions.

These summaries also indicate a lack of unanimity of who is most responsible. The hacker, whomever it proves to be, no doubt holds the bulk of the liability, and the FBI will ultimately measure the severity of his crimes (yes, presuming it is a male).

What about Apple? Will they be held partially liable for the violation? CRA, Target and Sony each experienced a security breach in the past several years. Like Apple’s iCloud, users expected their information to remain secure from unauthorized access in any form, yet it happened (and the irony is a bit thicker for Apple and Sony – tech companies).

Then there are the celebrities themselves, whose actions leading to the problem beg two questions:

  1. Was it necessary to take the naked photos?

  2. Was it necessary to upload them to an external environment where they had no genuine control?

That an attractive young entertainer’s livelihood relies on the interest of their audience is no coincidence, nor is the fact their current attractiveness won’t last indefinitely. So perhaps the ‘slip’, for some of them, was no accident. The danger wasn’t entirely threatening. Little chance of Jennifer Lawrence selling less movie tickets as a result; perhaps the opposite.

Finally, the tech stuff. It’s difficult to believe that none of the entertainers have heard of the aforementioned or any other security failures that resulted in loss of confidential content. Was their faith in Apple as a result of the Cupertino company’s long-running image of cool?

More likely is that Facebook, Twitter, YouTube, Netflix, iTunes and iCloud are to them virtually indistinguishable sources and destinations for content, both public and private. Their perceptions may be that it all blends into the same fun, convenient place to communicate and self-promote. But as they’ve discovered, rarely are things as they first appear, and that includes the cloud.




January 28, 2014 was International Data Privacy Day. This initiative originated at a 1981 Council of Europe convention, and in 2009 resolutions for annual acknowledgment were passed by the US Congress. Its objective was to underscore the importance of protecting privacy during online activities, especially among young people.

On the same day, the symposium ‘Big Surveillance Demands Big Privacy – Enter Privacy-Protective Surveillance’ was held at the MaRS Centre in Toronto. The event was hosted by Ontario Privacy Commissioner Ann Cavoukian and featured two groups of panelists, each of whom addressed concerns pertaining to their particular area of expertise.

Themes put forward by Ms. Cavoukian included the need for privacy mechanisms to be built into technology, and for us to press our elected representatives for policy disclosure and increased oversight of government surveillance. The second point was also emphasized by Ron Diebert, Citizen Lab Director at the University of Toronto.

Unsurprisingly, the Communications Security Establishment Canada, or CSEC, was a recurring topic amongst the speakers. Wesley Wark, Professor of Faculty of Social Sciences at the University of Ottawa, stressed that the organization must not target Canadians. He informed us that serious problems have been found by the watchdog agency, for example, that CSEC has not provided a sufficient explanation of how it acquires data. This concern has also led another speaker, BC Civil Liberties member and lawyer Micheal Vonn, to launch a lawsuit against CSEC, alleging illegal activities.

Perhaps the most emphatic warnings about the neglect and abuse of Canadian’s privacy were voiced by Nathalie Des Rosiers, Dean of Faculty of Law at the University of Ottawa and General Council of the Canadian Civil Liberties Association. Ms. Des Rosiers advocated that the context of ‘privacy’ enter daily awareness similar to the manner in which climate change has. She also stressed the need for increased accountability and punishment for transgressors. Ominously, her final point warned that, without immediate action, increasing numbers of people will be flagged globally as a ‘risk’.

During question-and-answer in the closing segment I asked the panel what practical next steps they recommended for audience members to take. Each respondent reiterated the need to put pressure for accountability and oversight on politicians. Second, the use of privacy-protecting software was advised.

The message was clear: Like an emerging stain on the ceiling or growth on your skin, ignore at your peril.