The 5/3 Virtualization Security Podcast had a very special guest, a teenager. This surprise guest told us about how she and her friends use their smartphones and cloud services such as FaceBook, Twitter, SMS, etc. For the panelist, it gave us a new look at our existing problems; expanding our viewpoint for end-user computing security, cloud security, and expectations of privacy.So how do teenager’s use their end-user computing devices? Their gateways to the cloud? Perhaps just a little differently than we do as adults. But this teenager seemed to be a bit more conscious about what is placed on her device on into the cloud. Here are the expectations she has when using here device:
- SMS or Text Messages sent to her friends are private (not only between her friends and herself, but from others)
- Anything placed on FaceBook is private if marked so
- Anything on the actual device is shared with her friends whether that be pictures, contacts, or just the device itself
This gets into the concept of expectation of privacy which many people have when they start to use their devices whether that be their office desktop, personal phone, tablet, or other end user computing device. The answer to this is, whomever owns the device has a right to inspect that device at anytime. Therefore, there is no expectation of privacy when using any non-personal device.
But is there an expectation of privacy when using a cloud service, the feeling of the teenager was eye-opening, for her, there is none, there is the belief that once it is on Facebook it will be read, but for telephone services such as SMS, there is an expectation of privacy. As well as a giving and taking of trust. When the phone is exchanged between friends to use perhaps for SMS, there is a giving of trust, that the friend will hold whatever is seen in confidence, but also what they do is not going to be above and beyond the acceptable daily drama of a teenager’s life.
However, look at how you and your family use their devices, I for one let me wife use my iPhone and I use hers from time to time. But there is a level of Trust established.
But what measures does a teenager take to protect their data?
- Do not put anything up on Facebook that would be considered embarrassing not only for themselves but for others.
- Do not share your smartphone with someone you do not trust
- Secondary password requests are filled in with random, non-personal, but memorable data. Such secondary passwords are for questions like Mother’s Maiden Name, etc.
We even discussed the possibilities multiple accounts so that things done in one, such as playing a game, do not impact their true account. Which lead to an interesting discussion on delegate users and false data in accounts.
Definitely an interesting view of the world, data is shared, there is some expectation of privacy but only between trusted parties, yet at the same time wariness when it comes to cloud services.