Thursday, March 24, 2016

Smartphone for All: Facebook risks - predators and porn

The Facebook chapter of Smartphone for All keeps growing. I think I’m over the worst of it. I’m hopeful it will be particularly helpful, it’s going to feature in a May presentation I’m doing in the Twin Cities.

 One of the tricky sections was figuring out what to say about Facebook pornography. Here’s my current draft, I may move the “why Facebook anyway” part to a different section …

Social media is risky for everyone. Many professionals either abstain from Facebook, use a pseudonym, or read but never interact. So why am I writing a chapter about Facebook use?

I’m writing about Facebook because many teens and adults want to use Facebook, and it’s much easier to help navigate than, say, Snapchat. Facebook is hard to avoid; it’s the primary way many of us learn about community news, events, and social activities. For many users Facebook is a primary news source.

Facebook is also a social experience. For most neurotypical users it’s only one of many social experiences, but many Explorers have limited social options. For them the social connections is particularly powerful.

Facebook can also be an opportunity to learn about social interactions with a Guide’s help. Especially if an Explorer uses a pseudonym (see below) there’s an opportunity to make social mistakes that a Guide can help with. Many Explorers only learn through experience.

Assuming an Explorer is going to use Facebook, what are the risks to watch for in addition to the social mistakes that every Facebook user experiences?

I know of two related risks that can be a special problem for Explorers and and other vulnerable users: sexual predators and pornography.

I’ve been unable to find any academic or police data on sexual predator activity on Facebook. A 2012 Reuters article⁠1 tells us have read that Facebook uses AI type software to detect predator activity and that “The National Center for Missing and Exploited Children processed 3,638 reports of online "enticement" of children by adults last year, down from 4,053 in 2010 and 5,759 in 2009.” Although only a fraction of incidents are likely reported the downward trend is encouraging. Facebook is probably relatively risky territory for predators, though even one can do a lot of damage⁠2. Every Guide will need to measure this risk for both male and female Explorers, but as social networks go Facebook is likely safer and easier to monitor than most.

Pornography is a more complex problem. Facebook’s March 2016 terms of service⁠3 say “You will not post content that: is hate speech, threatening, or pornographic; incites violence; or contains nudity or graphic or gratuitous violence.” In practice Facebook relies entirely on investigating complaints, it doesn’t actively seek exceptions. I’ve seen Facebook investigators decline to act on (closed) Group content that flagrantly violated the terms of service.

Whatever Facebook may claim, as of 2016 anyone actively seeking pornography on Facebook will find it, either by information exchanged at school or through Facebook itself. Of course most teens and adults won’t bother to look, if they have unrestricted web access they will find a vast array of pornography elsewhere. Facebook pornography is really only a problem for users with Facebook access but restricted web access, including children and many Explorers.

Some Guides will, because of personal values or Explorer issues, want to monitor and block extended access to Facebook pornography regardless of related problems (there’s no way to prevent initial access). Other Guides and Explorers may not be concerned by pornography alone. Unfortunately there are two related problems that favor monitoring and restriction.

One problem is that Facebook shares a lot of data among Friends, including an Explorer’s Friends, Groups⁠4, and Likes — not to mention their posts and comments. An Explorer may unwittingly share Facebook pornography with grandparents, siblings and friends.

Another problem is that nobody creates pornography as a charitable enterprise. Facebook pornography has to make money, and since it’s technically banned it can’t rely on the usual advertising or game revenue. Facebook pornography has only a few ways to make money, including inducing Explorers to install ransomware⁠5 and other forms of malware.

Until an Explorer advances to unrestricted web access, it’s probably a good idea to monitor for pornography delivered through Facebook Groups, Friends, and Pages and to work with an Explorer to remove the offending items. A Guide may choose to report issues to Facebook, but the results can be disappointing.

 

anImage_15.tiff

1 http://www.reuters.com/article/us-usa-internet-predators-idUSBRE86B05G20120712

2 http://www.telegraph.co.uk/news/uknews/crime/9275731/Facebook-sex-predator-jailed-and-banned-from-using-the-site.html

3 https://www.facebook.com/terms

4 In theory only Public Groups. In practice information on closed groups can leak out as well.

5 Ransomware encrypts a user’s storage device and demands cash to make user data available. As of 2016 it’s a very profitable business.

Tuesday, March 22, 2016

Managing Explorer credentials with iOS 9.3 Notes.app and Android alternatives

An updated chapter from my smartphone book, revised with yesterday’s release of iOS 9.3 Notes.app:

An Explorer starts out with a smartphone unlock password (or PIN) and at least one username and password for their Apple iCloud account or their Google account. We call these usernames, passwords and other account information. “credentials”. Over time an Explorer will need credentials for everything from bank accounts to utility bills to social networks. Even if a Guide is conservative about adding new Explorer services it’s not hard to end up with 50 or more sets of credentials to manage.

For each Explorer credential a Guide needs to know the “username” (sometimes it’s your Explorer’s email address), password, site name, and site address. Unfortunately for many sites today you’ll also need to write down what “secret question” responses you provided when registering. This is even more important if you are very careful about security, and treat each secret question response as yet another unique password.

You could make this easier by reusing the same password for every site. Many people do that, but when hackers steal credentials from any site they try them on every site. You really don’t want to use the same password for a local newspaper and for a Guide’s bank account.

Guides need to create “strong” passwords for Explorer email accounts, bank accounts, Amazon accounts and the like. One way to create a strong password is to combine two randomly selected words form a dictionary, capitalize one or two letters, and mix in some numbers and a symbol like $#&:;. Avoid letters and numbers that can be confused with one another, like l and I or O and 0.

There’s no way any of us can keep secure credential information in in our heads. We have to write it down, and, because you really don’t want to lose password information, you need to have two copies.

The two copies also need to be in different places. Why two places? Well, imagine that you’re storing your passwords on your phone. One day you need to unlock your phone, but you don’t remember the phone password. If the passwords are only on your phone you won’t be able to get to them. Even if your phone is backed up the backup won’t help you, because you won’t be able to restore it without the phone password.

There are two approaches to credential management that work on both Apple iPhones and on Android smartphones. One approach is to write them by hand on paper and make a copy of the paper. This approach is approved by security experts, but it’s tedious to keep the list updated and to carry a copy in your wallet. (A Guide can do similar things with a document on a secure computer, but that’s beyond the scope of this book.)

A second, more complicated, approach is to use secure password management smartphone software, like 1Password.app. You can optionally have 1Password data stored “in the cloud” and available through a web browser; most security experts avoid that however. I strongly recommend you print out your 1Password credentials periodically, if you’re phone is lost or destroyed you don’t want to rely on Apple’s backup software. Make sure you print out your 1Password password too!

1Password is too complex for most Guides and Explorers though. What about just keeping credentials in a Note on your smartphone?

If a Guide is using and Android smartphone this can be a risky option. As of early 2015 many lower cost Android smartphones are not truly secure. Google’s Note application, Keep.app, doesn’t support Note encryption. So on an Android device I’d recommend using 1Password.app or one of its competitors — unless you are confident the Android device uses strong encryption and it is secured with a strong password.

If a Guide is using an iPhone with iOS 9.3 or later Apple’s Notes.app is a good, simple way to store an Explorer’s credentials. The iPhone itself has quite good security, and you can create an additional Notes.app password and use it to lock one or more individual Notes. iPhones that support TouchID (fingerprint unlock) make it easy to access locked notes. Just be sure to add the Notes.app password to your document and to print out the Note when it changes.

This approach is simple and secure, and it’s safe as long as a Guide keeps printed copies. It’s easy to accidentally delete critical information when editing a Note, and of course phones get lost and broken. Paper backups are reliable.

There’s another advantage to the use of secure Notes on an iPhone; many Explorers will learn this technique and in time independently maintain their own credentials. In this case the Guide’s role is to be sure that there’s a printed backup!

Saturday, March 12, 2016

Dating and relationships on the spectrum: AUSM presentation and reading list

#2 and I attended the first of a planned series of Autism Society of Minnesota (AUSM) presentations: Dating and Relationships: How Does This Work?

It was awesome.

There were two parallel tracks. A track for spectrum teens 12-19 was led by Jeannie Uhlenkamp, author of  The Guide to Dating for Teenagers with Asperger Syndrome. A session for professionals and parents was led by Sara Pahl and Dawn Brasch. The teen track would have been challenging given the variety of interests and learning features. My track is best summarized as “so we’re not the only ones”; between #1 and #2 I could have spoken to every topic. (And suggested a bunch of additional topics for a future “advanced” track.)

The frank discussion of the legal aspects of spectrum sexuality and choices was particularly appreciated.

This needs to be turned into a video series for wider use. I understand the AUSM has plans in that direction.

For now, here is a reading list from today’s session:

Friday, March 04, 2016

Managed identity for the special needs Explorer: iCloud makes aliasing easy

From Smartphone for all …

When you first begin supporting your Explorer a single address for them to send and receive email is fine. You may find, however, that you want another, secret, address for your Explorer. You might not want to expose their private email address when signing up for Facebook for example. You may not want them to be able to reset their bank account password. With experience you’ll find many occasions where want to use an email address for an Explorer that sends email to a Guide.

There are three ways to create this kind of email address for an Explorer, depending on what the Guide is familiar with.

If the Guide is using iCloud things are very simple. iCloud email has elegant support for up to 3 “aliases”. A guide can create an “alias” for an Explorer; that email becomes the Explorer’s “managed identity”. Here’s an example of an alias created for a famous Explorer - Meriwether Lewis of Lewis and Clark fame:

Meriwether Lewis alias.png

If Meriwether were my Explorer and I configured this alias on my iCloud email then I would receive email sent to mlewis_ident@icloud.com (careful, someone is sure to create this email address, I don’t use it!). I might do this so I can monitor Facebook activity and control password resets for example. (see Facebook Social and Facebook Messenger). See Apple’s support note for more information: https://support.apple.com/kb/ph2622.

If a Guide is using regular Gmail they can’t create an alias. They can, however, open a new Gmail account for the Explorer and set it to forward email. This is awkward and requires yet another password to manage, but it only has to be done once.

Lastly, technically oriented Guides will know of other email redirect options that are beyond the scope of this book. (I don’t recommend using a free redirect service however, there are too many security risks.)

All of these approaches will work to create this extra, secondary, email address. This secondary address doesn’t get entered into your Explorer’s phone, it’s just for use by a Guide, typically though a web browser like Chrome. 

You don’t need to add this second, Guide-use only Explorer email at first, but keep it in mind as you gain more Guide experience.

Why "Smartphone for all" needs to be written (and read) - special needs adults need a pocket AI too.

After reading Everyone needs an AI in their pocket I updated the “why you should read this” introduction to “Smartphones for all”

You’re reading this because your Explorer is seeking independence in a world of ubiquitous technology, technology that’s currently packaged in an Android (Google) or iOS (Apple) smartphone.  We’re growing accustomed to smartphones as our companion computers, but if you step back a bit they should inspire genuine awe, as well as some concern. The personal computer and the internet both had large impacts on society, but the smartphone, an ever present emerging artificial intelligence companion, is kicking everything up a notch. 

It’s already hard to function without a smartphone, but in time it will become almost impossible. In March of 2016 a Washington Post article⁠1 was titled Transit systems are growing too complex for the human mind. That sounds bad, but on the same day Google published an article⁠2 about the latest improvements to the “AI” (artificial intelligence) engine that provides its transit advice. Want to get around London or Manhattan or Minneapolis? No problem, just ask Google.

Everyone will needs an AI in their pocket, including the teen or adult you’re guiding. Since smartphones aren’t made to serve our Explorers I’ve written this book on how you can help them succeed. The goal of this work is to support independent living and mitigate harm that can come to a vulnerable population living with a tool of amazing, sometimes frightening, power and versatility.

anImage_9.tiff

1 https://www.washingtonpost.com/news/wonk/wp/2016/03/03/transit-systems-are-growing-too-complex-for-the-human-mind/.

2 http://googleresearch.blogspot.com/2016/03/an-update-on-fast-transit-routing-with.html