The importance of privacy and safety on social media

On Monday, the Social team held an event for 100 young people who attend Co-op Academies in Greater Manchester. The students were 14 to 16 years old and they’ll soon be leaving school and thinking about what’s next. The aim of the talk was to raise awareness about:

  • social media privacy
  • online safety
  • social media and your career
  • presenting yourself online

Here’s what happened.

Privacy and safety

The focus of my talk was on privacy and safety on social media networks. I warned that if we’re not careful, the range of data we disclose across various social platforms could easily be pieced together and someone with malicious intent they could steal your identity.

The takeaway points were:

  1. Make sure you know who can see your social media interactions. Some networks, like Twitter, are ‘open’ and they’re designed for networking and engaging with people you don’t necessarily know. Facebook and Snapchat are ‘closed’ and reserved for engaging with people you know personally.
  2. Create strong passwords for all your accounts and set up 2-factor authentication on your recovery email accounts. MUO gives decent guidance on this.
  3. Don’t share photos with anyone you don’t trust. Although Snapchat photos appear to ‘disappear’ they can be screen-grabbed and saved. They also exist for a time in Snapchat’s servers and they can be retrieved by the police.

Ian in front of young people with microphone presenting.

Social media and your career

Matt Eyre helps recruit people into Co-op Digital. He shared his tips on how to use social media to find your first, or your next, job. His advice is to:

  1. Have different accounts for personal and professional purposes.
  2. Check your privacy settings on all accounts.
  3. Keep your professional profiles up-to-date.
  4. Be proactive if you’re interested in working at a particular place. Get in touch with them.

Photograph of Matt Eyre reading from prompt sheet in front of students.

How you present yourself online

Choosing how we present ourselves by controlling what we share is really important. It’s about creating an image of ourselves to people we might not have met which can be useful when we’re looking for new jobs. Catherine Storey is our Social media content planning manager at Co-op Digital. She landed her last few jobs, including this one, through her careful management of personal social media accounts.

Here are her tips:

  1. Check who can see which parts of your profile on every social media account you have. It’s ok to show you have a social life, but make sure you know who can see it and the impression you might leave them with.
  2. Your Twitter handle is searchable and it says a lot about you. It’s an online representation of you, your ‘digital name’ if you like. Where possible, your digital name should be the same across each social network which helps build your online identity.
  3. Choose what you engage with carefully. When you tweet; update your status; post a photo; send a video, you expect people to see these things and it’s easy to be mindful of your output. However, when you ‘like’ a tweet, a photo or a status or leave a comment, your engagement is more passive and it’s easier to overlook the fact that these things can reflect on you too.

Photograph of Cat Storey presenting in from of students.

Aaron’s story

To finish, Aaron Omotosho talked about his (paid) work experience at Co-op Digital. Aaron spoke about the time he spent with product and service teams within Co-op Digital and his time after this completing a coding course at Northcoders. We also heard from Jonny Rathbone from Northcoders who spoke encouragingly about the opportunities out there for young people in the digital sector.

photograph of Aaron presenting in front of students.

We hope to hold more events like this in the future. It’s all part of our work to encourage a thriving tech sector in the north-west.

Ian Ferguson
Community manager

Cryptoparty: a fun way to learn about security

At this year’s Internet Freedom Festival, Ian Drysdale and I met human rights workers from all over the world.

Many of the people we met risk their lives in the work they do. In a digital world, they rely on technology to keep themselves and their contacts safe. Too often, ‘security’ is something that’s difficult and boring. People sometimes think that passwords are annoying and that encryption is complicated.

But that’s a problem.

Encryption and anonymity, and the security concepts behind them, provide the privacy and security necessary for the exercise of the right to freedom of opinion and expression in the digital age

– Human Rights Council, United Nations, May 2015

It’s important that everyone understands this stuff so we tried to make it fun.

Cryptoparty is a fun way to learn

Screen Shot 2017-04-26 at 16.34.48Inspired by what we’d heard, the Digital Product Research team hosted the Co-op Digital’s first Cryptoparty – a fun space for people to gets hands-on with digital security. It’s a place to discuss, to play and to have a bit of fun.

Cryptoparty is a worldwide movement. It’s a community with few rules and a mission to help people learn to protect their digital lives.

We made great passwords using dice

Screen Shot 2017-04-26 at 16.35.02Passwords aren’t the best way to get a party started. We mixed in some dice and a codebook containing thousands of words, and turned it into a game. Using a jazzy worksheet, we rolled dice and looked in the codebook to make strong, memorable passwords.

People liked the physical aspect of rolling dice and looking in a book. With no computers involved, it felt safe from hackers. The only snag was the 3 desks needed to display the 36 printed pages!

We sent secret messages with Signal

The second activity had people sending secret messages to their loved ones. We installed the free, open source Signal messaging app. Signal was built from the ground up to respect your privacy. As a result, it has become the trusted choice for many journalists and NGOs.

Playing with Signal was a great way to introduce people to end-to-end encryption. That means your messages can’t be read by anyone, including those who make Signal.

If you use WhatsApp you’ll have seen that it also uses end-to-end encryption. The underlying technology is the same – WhatsApp partnered with the Signal developers to build it – but Signal is designed for a more privacy-conscious audience than WhatsApp. All of Signal’s code and design discussions are public, allowing anyone to scrutinise the organisation and the app. That helps build trust that there’s nothing sneaky going on.

We browsed the web privately

In the last activity people installed the private Tor browserCitizens in authoritarian countries use Tor to bypass internet censorship. NGOs use Tor to research illegal activities by corrupt officials. Officials and politicians themselves use Tor to carry out sensitive work. Millions of ordinary people use Tor to protect against identity thieves, unscrupulous marketers, corporations and authoritarian governments.

Tor protects your identity by bouncing your requests through servers around the world. People were surprised when they realised they were viewing the web from Canada or Sweden!

Encryption and anonymity is for everyone

Technology enables wonderful new ways of connecting with each other. How we use technology can be used against us by corporations, criminals and governments. Laws made by ‘good’ governments are inherited by ‘bad’ ones. Historically, arguments about privacy have missed the point, forgetting that privacy sits right after “innocent until proven guilty” in the universal declaration of human rights.

To face the future, we’re going to need better debate and better laws. We want to encourage open and inclusive discussion around these issues. Security and privacy affects everyone, so we all need to co-operate and have a say in shaping the future.

This stuff is important. That’s why we party with crypto!

Would you like to see more work in this area?

Paul Furley
Engineer

How much do you know about your connected devices?

The Digital Product Research (DPR) team at Co-op Digital is exploring new products and services. We’ve been trying out Google Ventures’ Design Sprint, a framework that encourages teams to develop, prototype and test ideas in just 5 days.

Recently, we’ve looked at connected devices; everyday objects that communicate between themselves or with the internet. It’s a running joke that people don’t read terms of service documents, they just dart down the page to the ‘accept’ button so how much do they really understand about what they’ve signed up for?

Many connected devices are doing things people might not expect, like selling your personal data, or they’re vulnerable to malevolent activities, like your baby monitor being hacked. These things don’t seem to be common knowledge yet but when they start getting more coverage we expect there to be a big reaction.

A right to know what connected devices are doing

In the DPR team, we have a stance that the Co-op shouldn’t express an opinion on whether what a device is doing is good or bad. We’re just interested in making the information around it accessible to everyone so that people can decide for themselves.

In our first sprint we looked at how people relate to the connected devices they have in their homes. We found that though the people we interviewed were reluctant to switch them off at first, or to disable the ‘smart’ functionality, they were open to learning about what their devices are doing.

Influencing the buying decision

With that in mind, we looked at an earlier point in the buying process. We mapped the buying journey.

Mapping the buying journey on a whiteboard. Shows customers want to buy a TV. They research products by reading expert reviews, user reviews, looking on retailer websites and asking friends. Then they make a decision.

What if journalists and reviewers of connected devices were encouraged to write about privacy and security issues? Maybe this could satisfy our aim to influence consumers. If manufacturers knew that their terms and conditions would be scrutinised by reviewers and read by potential customers, maybe they’d make them more transparent from the start.

Our prototype

We made a website in a day and named it Legalease. The purpose of the website was to gather research. It was a throwaway prototype that wouldn’t be launched. It wasn’t Co-op branded so we could avoid any preconceptions. The site showed product terms and conditions and made it easy for reviewers to identify privacy and security clauses that could be clearer.

Shows a screenshot of Legalease prototype. The page shows an LG smart TV and highlights some of the T&Cs. Eg, 'please be aware that if your spoken word includes personal or other sensitive info, it will be captured if you use voice-recognition features'. Page shows someone's comment below: 'and then what happens to it? is it transmitted anywhere?'

The product page showed ‘top highlighted’ parts of the privacy policy ranked by votes. Annotations called into question the highlighted passage.

Shows a screenshot of another tab on the same page as first screenshot. This tab shows the T&Cs in full and contributors can highlight and comment on parts.

Another page showed the ‘full text’ – the full privacy policy document with annotations. The idea is that anybody who’s interested in this sort of thing can create an account and contribute. We imagined a community of enthusiasts would swarm around the text and discuss what they found noteworthy. This would become a resource for product reviewers (who in this case were our user research participants) to use in their reviews.

We interviewed reviewers

We spoke to a mixture of journalists and reviewers from publications like the Guardian and BBC and lesser known review sites like rtings.com. We got to understand how they write their stories.

Objectivity versus subjectivity

We found that what they write can be anywhere on the scale of objective to subjective. For example, a reviewer at rtings.com used repeatable machine testing to describe product features while a writer for The Next Web was able to introduce their own personal and political slant in their articles.

Accuracy

We found that the accuracy of their article was important to them. They’d use their personal and professional contacts for corroboration and often go to the source to give them chance to reply.

Sensationalism is winning!

We’re in danger of ‘fake news’. One of our research participants said:

“Now, with everything being on the internet, it’s pretty easy for someone who just has a couple of mates to throw stuff together on a blog and it look very persuasive.”

We found that they used a mixture of analytics and social media to measure their impact. There was no mention of being concerned with the broader impact their articles might have in terms of whether or not people bought the products based on certain aspects of what they wrote about.

Reviewers thoughts on our product

Some of our research participants made comparisons with websites that have similar structure and interactions like Genius and Medium. The annotations on the Legalease prototype highlighted ambiguity in the terms and conditions but our participants didn’t find that useful – they expected more objectivity. They were also concerned about the validity of the people making the annotations and said that lawyers or similar professionals would carry more weight and authority.

How ‘Co-op’ is the idea?

Our participants thought our prototype was open, fair and community-spirited so it reflects Co-op’s values. There were question marks around whether older organisation like Co-op can reinvent themselves in this way, though.

Reviewing security as well as features

Security and privacy are starting to show up more often in:

But after our research we don’t think reviewers would use something like a Legalease site to talk about security and privacy. Some of the journalists we spoke to thought their readers didn’t care about these issues, or that people are resigned to a lack of privacy. One said:

“People tend to approach tech products with blind faith, that they do what they say they do.”

Connecting the abstract with the real world

Our participants told us their readers are bothered by being bombarded by targeted ads and being ‘ripped off’. This leads us to consider exploring how to connect the more abstract issues around data protection and privacy to these real-world manifestations of those issues. Then we should explain why these annoying things keep happening — and in plain, everyday language.

James Rice
Product designer