Tuesday, December 3, 2013

Is Your "Friend", Your Friend?

   An interesting topic came up the other day.  The question was whether to accept random social media
requests.  Does your "friend" need to be your friend?

   Your answer to that question might vary based on the social network and how you use that social network.

   There's also an important Security Awareness angle here.  Social networks can be a vector for malicious links, phishing attempts, malware and scams.  These malicious techniques often work better when the link/attachment/request comes from a "friend", rather than via a random email or connection.

   I'll start by looking at how I consider connection requests.

   LinkedIn.  I'm a regular LinkedIn user.  I'm perhaps a typical user in that I use this network mostly for professional connections.  My personal rule for LinkedIn is that I only connect with people I actually "know".  Usually this means that I've actually met the person IRL, for example we've worked together, or perhaps met at a conference.  I've also connected with people I've "met" via email, but usually that's for some specific reason such as an ongoing conversation with a vendor.  I usually do not accept random requests, even in the same industry unless it's someone I really should know but haven't gotten around to meeting yet.

   Twitter.  I also use twitter a lot.  I don't automatically follow people who follow me.  I know that many people like to do this.  But I actually use twitter and want to keep my feed readable.  So I try to be selective with my follows.  (And I should probably spend some time with curating my feed)  Basically I follow people or groups who put out content I want to read.

   Facebook.  This network probably has the largest amount of random friending.  There are also plenty of malicious links shared.  I only accept friend requests from friends and family.  And the friends are mostly those I'm reconnecting with from the past.

   Google+.  The Google+ model is a bit different in that you can put people into circles and follow them, but it seems that there isn't the same kind of following reciprocity that we see with other social networks.
   There are also a few other interesting wrinkles.  For example, there has been plenty of discussion about teachers friending students.  And here's an interesting article about debt collectors trying to friend debtors to get more information about them and harass them about payments.

   How do you handle friend requests from people you don't know or don't know well?  Do you have any tips to share?  If you're an infosec or privacy pro, how do you advise others?

No comments:

Post a Comment