Feeds

Can you judge a man by his Twitter followers?

The enemy of my enemy is my Facebook friend

Top three mobile application threats

Sysadmin blog Is following someone on Twitter (or friending them on Facebook) an endorsement of that person? Social networking isn't going away, and increased corporate awareness of it means that systems administrators need to be prepared to answer these sorts of murky questions.

As a case study, I am going to pick apart my own use of social networks and try to identify potential problem points.

I have a Facebook account. Not because I actually use the smegging thing myself, but because part of the service my consulting company offers customers is managing corporate Facebook presences. Being able to see these pages from the viewpoint of a logged-on user is useful.

Not actually using Facebook much should theoretically provide a near-zero attack surface; unfortunately, real life is rarely so generous. I made the mistake of letting a relative know that I did in fact have a Facebook account. I was instantly bombarded with an unceasing stream of nagging until I folded and accepted the friend requests.

If I log onto Facebook with my user profile to show the customer their Facebook page "as a user would see it", Facebook cheerfully displays all sorts of random inanity from the collection of people on my personal list. Even if we set that aside for a moment, Facebook still pops up a roll of your friends in the weirdest places.

"It's a small world" happens to me all too often; I've little interest in having a client become disgruntled because I am associated on Facebook with someone they dislike. How do you explain "they aren't actual friends, they're Facebook friends" to a room full of grumpy middle-aged clients who are allergic to the internet?

Now I have two profiles; one to stop the nagging, and one to use for demos.

There's more to life than Facebook

As soon as my generation – I am nearly 30 – realised our parents were on Facebook, we evacuated wholesale for other sites such as Twitter. As with Facebook, I have two accounts. A sanitised corporate one and my personal account. The corporate account is about as boring as it sounds. The personal account, well... I mostly use that for trolling.

I think that it's fairly straightforward to accept that what I write – even when I am just rattling cages – is entirely my responsibility. They are words I chose to tweet; I must live with them forever*.

But a murkier question surrounds who I follow. Is it an endorsement of an individual – and by extension all of their speech – to follow that individual? What about following corporate Twitter accounts? If Intel or Microsoft does something spectacularly appalling, is my following them on Twitter an endorsement of the company and thus that company's actions?

Some people do indeed see it this black and white. For most, context seems to matter. If you follow thousands of people, you appear to simply be indiscriminately following as much of your industry as possible. Accusations of endorsement are rarer.

If you only follow a fraction of the number who follow you – as king-of-the-geeks Wil Wheaton does – it's much easier to read endorsement into each individual you choose to follow.

What about The Register's Twitter account? El Reg gives a (limited) form of endorsement to my sysadmin blog, because it publishes them. (Though they may periodically toss in wise disclaimers of "author's opinion only".) @Regvulture only follows 43 people, all of whom could reasonably be said to be affiliated with Vulture Central in one form or another. Is that endorsement of those individuals or their speech?

If I say "product A is a pile of shite", should that blow back on El Reg? When I submit an article to The Register, I am wearing my professional hat. It goes to a sub-editor and an editor who ensure that nothing truly egregious is slipping through. A medium like Twitter simply doesn't have that.

Degrees of separation

Younger folks seem to see personal accounts on social networks as entirely personal. We view them as vehicles for personal expression that should be considered separate and distinct from our employers, clients and so forth. Reality unfortunately, doesn't work that way. There are a lot of people – say, your boss – who cannot (or choose not to) separate the two.

How do you deal with this reality? One approach is to demand that all employees and contractors always behave in public and online with the utmost professionalism as though they were corporate ambassadors 24/7.

Personally, this grinds against my understanding of concepts like "freedom of speech". To ask someone not to speak their mind in their own free time because it might offend a client is in the exact same category as asking someone to always wear floor-length clothing in case someone finds ankles offensive.

If you look hard enough, you can dig up someone who is offended by anything of your choosing. Where does the balance lie between asking a staff member to relinquish their freedom of expression and trying to maintain a corporate image that clients will accept? The law on this is different all around the world, and social customs are often more restrictive still.

I don't have any easy answers, but it is something we all need to consider. These questions will be asked of us sooner or later, and we had better have answers ready. My consulting company is maintaining a strictly hands-off policy for now. A personal social web account is personal. This is – mostly – accepted custom here in Canada. 

How are you handling it? ®

Bootnote

* Yes, I am aware of the irony in talking about the perpetuity of online speech while operating a Twitter account composed almost entirely of contentless blather.

Combat fraud and increase customer satisfaction

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Kingston DataTraveler MicroDuo: Turn your phone into a 72GB beast
USB-usiness in the front, micro-USB party in the back
AMD's 'Seattle' 64-bit ARM server chips now sampling, set to launch in late 2014
But they won't appear in SeaMicro Fabric Compute Systems anytime soon
Brit boffins use TARDIS to re-route data flows through time and space
'Traffic Assignment and Retiming Dynamics with Inherent Stability' algo can save ISPs big bucks
Microsoft's Nadella: SQL Server 2014 means we're all about data
Adds new big data tools in quest for 'ambient intelligence'
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.