A recent survey from the Pew Internet & American Life Project found that 73 percent of online teens use social-networking sites. Updating their Facebook or MySpace page has become a regular activity for teens as is using these services to catch up on what their peers are doing. But, for the most part, teens are using social networking while they are away from school. Many schools actually ban access to services like Facebook and Twitter and often configure filtering programs to block students from accessing them.
While I can understand why it might not be educationally relevant for schools to allow students to polish their online profiles while in school, I worry that schools are disallowing the very technology that kids are using for their informal communications and learning. As my ConnectSafely.org co-director Anne Collier blogged on NetFamilyNews, “Gutenberg’s press, was pretty controversial back in the day (15th c.) and probably didn’t make it into ’school’ for a while.”
Today, of course, books are a staple in school but, as any trip to a bookstore will illustrate, not all books are appropriate for classrooms. Should educators ban books because some books are “bad?” Of course not. Educators select appropriate books for use in class and incorporate them into the educational process.
The same should be true of social networking. While I’m not convinced that school filters should prevent kids from accessing sites like Facebook and MySpace from school computers during breaks, I can understand why educators would mostly avoid them for classroom use. Of course, there are pages on these sites with educational value, so it makes sense more sense for teachers to be granular by allowing access to appropriate social-networking pages rather than banning them entirely.
Social networking designed for schools
But it also makes sense to think about ways to incorporate specialized social networking tools in class. The Flat Classroom Project is one example where educators have built social-networking sites (mostly using Ning) specifically for use in class and home assignments. Not only does this allow for educationally relevant communication for students in the classroom, but for them to interact with students in far away classrooms both in the U.S. and abroad so students around the world can reach and learn from each other.
Mary McCaffrey, CEO of SchoolCenter
(Credit: SchoolCenter)
Fortunately, the idea of school-based social networking is starting to take hold. It has caught the attention of Mary McCaffrey, CEO of SchoolCenter. School Center, which bills itself as a “Web solutions company in the education market,” is in the process of developing social-networking tools marketed specially to schools. These tools will encourage students to interact with each other, using many of the same techniques they do when away from school but focused on their educational mission.
I spoke with McCaffrey not only about what her company plans to offer but about what many schools are currently missing.
The Webcam spy case in the Lower Merion School District near Philadelphia has raised concern as to whether others with Webcams are vulnerable to remote spying. The school district admitted to activating the Webcams 42 times during a 14-month period, claiming that it did so only to track lost or stolen laptops.
But for anyone with a Webcam (and Webcams are now built in to many laptops and desktops), the question is whether you are vulnerable to having your Webcam remotely turned on. The answer is yes, though the newest version of the software used by the district to monitor its computers can no longer be used to activate Webcams or even track stolen computers.
According to Harriton High School student Phil Hayes, officials at the Lower Merion School District used a program called LANRev to manage and track the Macintosh laptops issued to students. The product was published by Pole Position Software, which was acquired last year by Vancouver, B.C.-based Absolute Software. An Absolute Software spokesman verified that it is also his understanding that the school used LANRev software.
The Philadelphia Inquirer reported that Mike Perbix, a network technician from the district, had recorded a Webcast where he talked about his use of LANRev. In a YouTube video attributed to Perbix, he says, “I’ve actually had some laptops we thought were stolen which actually were still in a classroom because they were misplaced, and by the time we found out that they were back I had to turn the tracking off and I had a good 20 snapshots of the teacher and the students using the machines in the classroom.”
In one portion of the Webcast (not in the YouTube video), Perbix says, “You can go into curtain mode, so if you’re controlling someone’s machine and you don’t want them to see what you’re doing you just click on the curtain mode icon…you can take a snapshot of the screen by clicking on the little camera icon.” Scroll down to the end of this post to listen to a 28-second audio excerpt from the Webcast, in which Perbix talks about “curtain mode.”
End users can no longer track machines
Absolute has changed the name of the program to Absolute Manager and will be marketing it for remote management of PCs, Macs, and iPhones, but the product will no longer be used for theft or loss recovery. For those functions, Absolute offers Computrace for enterprise customers (including schools) and LoJack for Laptops for consumers.
Unlike LANRev, Absolute’s current theft recovery products can’t be activated by end users, according to Vice President for Global Marketing Stephen Midgley. I interviewed Midgley by phone from his office in Vancouver.
Both the Computrace and LoJack products can be used to turn on a Webcam and photograph the user in the event of a theft investigation. But unlike the old LANRev, only Absolute engineers can track devices and activate recovery features. Company policy, according to Midgley, prohibits them for doing that until a police report is filed. “For us to begin a theft recovery process, we need a case file from the police,” he said.
Two of the recovery methods are GPS and Internet Protocol location tracking. Absolute tracks the location of devices every 24 hours, but once a device is reported stolen it increases to once every 15 minutes, according to Midgley. “That allows us to pinpoint the location of the device…we then provide the details over to the local law enforcement, who then go in and recover the device.” Midgely said the recovery team is made up of former law enforcement officers and that the company has relationships with well more than 1,000 law enforcement agencies across North America.
Midgley said the company doesn’t typically use Webcam photography, even if it’s available. “The photography doesn’t always take a picture of the criminal, and it’s not always permissible in a court of law,” he said. Often, the person who is photographed using the laptop is not the person who stole it. By the time it’s been reported, the laptop has been sold, and the person using it isn’t the same person who stole it, “so taking a photograph of them really proves no value. In that case, it’s not a photograph of the criminal. It doesn’t really help find out the location of the device,” he said.
Other ways to control Webcams
There are, however, other ways to remotely turn on a laptop’s Webcam. For one thing, there are many legitimate programs on the market that are used to control “nanny cams,” or Webcams used at vacation homes and other remote locations. If someone has physical access to a computer, it would be possible to install this software and turn it on remotely.
There are also programs such as GoToMyPC that are designed specifically to allow users to remotely control a machine via the Internet. Once connected, the person has complete remote control over the host computer, including the Webcam, microphone, and other features.
This picture was taken via GoToMyPC from a remote computer.
(Credit: Larry Magid/CNET)
To be certain that GoToMyPC can be used for this purpose, I downloaded a copy to a laptop and accessed it from my desktop PC via the Internet and then used my desktop PC to activate the camera on the laptop. To be fair, GoToMyPC puts up a notice on the remotely controlled machine indicating that there is a session in progress, but that notice can be immediately taken down from the remote computer.
You need physical access to a computer to install GoToMyPC, but it’s not uncommon for stalking victims to sometimes be in the same location as the stalker.
Malware can turn on Webcam
There are also Trojan horses and other malware programs that can be used to take remote control of a computer. According to Mike Geide, senior security researcher at cloud security company Zscaler, “there are several exploit kits out there that include rootkit functionality that allow (people) to interact with the operating system however they want, and that includes turning on specific services or running applications in the background that would include applications to report Webcams, record audio, or turn on a built-in internal microphone.”
Geide recently blogged about a Chinese government Web site that had been hacked to post malware to utilize an Internet Explorer 6 vulnerability to plant Backdoor:W32/Hupigon which, according to F-Secure, is “a remote-administration utility which bypasses normal security mechanisms to secretly control a program, computer, or network,” and “allows for recording with the user’s Webcam.”
TrendMicro education director David Perry stressed the importance of being aware of vulnerabilities. “It would do a public service, if we could make the public more aware that when you hook something like a Webcam up to your system that making it secure is your responsibility,” Perry said. “By default, it’s insecure.”
In October 2008, TGDaily reported on a “game” that could “mislead people into clicking on a link that can then remotely control the user’s Webcam and microphone.” This YouTube video shows a proof of concept of a simple game that could cause a user to turn on the remote camera for an attacker.
While security software can protect you against much of the malware, it can’t necessarily protect you against the misuse of legitimate programs designed to remotely enable a Webcam or remotely operate a PC. For that, the user has to be aware of what is running on the machine. While a sophisticated PC or Mac user may be savvy enough to determine if there are remote-control programs running on their systems, there are plenty of people who wouldn’t have a clue.
I spoke with a student at Harriton who said some students are employing a very low-tech solution to block their Webcams: they’re pasting black tape over the lens. Now all they need to do is figure out how to disable the microphone.
Click below to listen to a 28-second portion of Mike Perbix’s Webcast, where he talks about “curtain mode.” Audio taken from a longer Webcast downloaded from MacEnterprise.org.
Students at Herriton High School in Lower Merion School District near Philadelphia are given Apple MacBook laptops to use both at school and at home. Like all MacBooks, the ones issued to the students have a Webcam. And, in addition to the students’ ability to use the Webcam to take pictures or video, the school district can also use it to take photographs of whomever is using the computer.
In a civil complaint (PDF) filed in federal court, a student at the school, Blake Robbins, said he received a notice from an assistant principal informing him that “the school district was of the belief that minor plaintiff was engaged in improper behavior in his home, and cited as evidence a photograph from the Webcam.”
The district said in a statement that the “security feature was installed to help locate a laptop in the event it was reported lost, missing or stolen so that the laptop could be returned to the student.” The district further explained that “upon a report of a suspected lost, stolen or missing laptop, the feature was activated by the district’s security and technology departments. The tracking-security feature was limited to taking a still image of the operator and the operator’s screen.” The district claims it has “not used the tracking feature or Webcam for any other purpose or in any other manner whatsoever.”
Subsequently, district Superintendent of Schools Christopher W. McGinley sent a letter to parents saying that the security tracking feature is being disabled and that there will be “a thorough review of the existing policies for student laptop use” and a “review of security procedures to help safeguard the protection of privacy, including a review of the instances in which the security software was activated.”
In the mean time, the Associated Press is reporting that the FBI is investigating the district and “will explore whether Lower Merion School District officials broke any federal wiretap or computer-intrusion laws,” according to an unnamed official who spoke to the AP.
In an interview with CBS Evening News, plaintiff Blake Robbins said he was unaware that the camera could be activated at his house. “I thought that there was no way that they could do that at my home,” Robbins said, adding that the assistant principal “thought I was selling drugs, which is completely false.”
On the CBS Early Show, Harriton High sophomore Savannah Williams said she keeps the laptop in her bedroom and says that its on while she is “getting changed, doing my homework, taking a shower, everything.” She said she takes it into the bathroom with her to listen to music while showering. “I was shocked,” she added. She said “everyone is talking about it at school…everyone was really worried about ‘what are they watching me doing.’”
At least one student at Harriton isn’t particularly worried about the administration spying on students. In a podcast interview, 16-year-old junior Jon Brodo said “I don’t think anyone knows the true story…the problem is in this case is that there are so many rumors going around.” He said that he is somewhat concerned, but “I do trust that the school district knows its bounds.” Brodo said that most students, however ,”it’s been pretty hectic. It’s the conversation of everybody. I’ve seen the kid (plaintiff Blake Robbins) in the hallways. The atmosphere is definitely pro the kid and antischool district.”
On its Web site, Lower Merion School District says that it was one of the first districts in the country to issue laptops to all high-school students. And that is an extremely laudable effort on the part of the district to bring learning into the 21st century. It’s also commendable that the school put some thought into a recovery system to help locate lost and stolen laptops but it’s quite unfortunate that they used a system that enables administrators to take photographs of students using the machines away from school.
Of course, no judge has yet ruled on the plaintiff’s claim and the school has denied that it has used the cameras for anything other than helping recover missing machines. But even if that turns to be the case, the mere fact that staff members had the ability to turn on the camera remotely is problematic. While it’s fair to assume that the school could monitor what students do with district owned equipment (just as employers can with equipment used by employees even when they’re away from the office), I can understand why students and their parents would be shocked to learn that officials could remotely turn on the camera.
Google’s new Buzz service is getting some unwelcome buzz from the privacy community. On Tuesday, the Washington-based Electronic Privacy Information Center filed a complaint with the Federal Trade Commission alleging that Buzz “is a significant breach of consumers’ expectations of privacy.” EPIC, according to a press release on its website wants the FTC “to require Google to make the Buzz service fully opt-in, to stop using Gmail users’ private address book contacts to compile social networking lists, and to give Google users meaningful control over their personal data.”
The complaint was filed days after Todd Jackson, Google’s product manager for Buzz blogged “there’s been concern from some people who thought their contacts were being made public without their knowledge.” Jackson pledged to make changes to Buzz to correct this issue including making the option not to show your followers more visible, making it easier to block anyone who starts following you and providing “more clarity on which of your followers/people you follow can appear on your public profile.”
In an interview at Google headquarters on Tuesday, Google Vice President Bradley Horowitz said that the company is “making changes that will go a long way towards helping users and giving them transparency and control of how to block and how to expose their social graph.”
Product development process is social
He said that Google is “listening and reacting quickly” to what users are saying, and “reacting in days and in some cases hours.” Horowitz said that it is now clear to him and his team that “disclosures and speed bumps in place were not sufficient” and that “some user unhappiness resulted.” He was referring to an outpouring of criticism on blogs and, in some cases, on Buzz itself from users who felt that too much information about them was being shared.
Horowitz added that it’s essential for companies to get feedback from users when developing social media services such as Buzz, saying that many features that are now in Twitter were suggested by users rather than invented by the people who run the service. “My experience building social products is that you have to listen to the users. The product development process is itself social. … You can’t do it in a petri dish.”
Frequent Gmail contacts exposed
One complaint had to do with the way Google automatically created an initial set of followers based on people you communicate most often with via Gmail. The trouble with that is that the listing of who you follow on Buzz was initially made public, so that by exposing your Buzz followers, Google was also exposing the names of people you communicate with. That could be a problem if, for example, that list included a potential employer you were negotiating with while you’re still at your current job. You might not want your current employer to know you’re engaged in conversations with a competitor. It could also be an issue if you have a personal email relationship with someone that you might not want to disclose to a significant other.
Horowitz said Google will disable that feature, instead making it suggest possible friends to follow rather than having you follow them automatically.
Clearing out the clutter
Another issue with Buzz is that the amount of posts you see can be overwhelming. This is ironic because one of the points raised by Google when they announced the service last week is that Buzz would help users cut through the clutter. As Google co-founder Sergey Brin told me in a podcast interview I did for CNET news, the skill of “extracting signal from noise is one of our key competencies.”
Despite that intention, my experience with Buzz is that I am seeing far too many posts (or updates) often from people I have no interest in. For example, I follow some web-celebrities like podcaster Leo Laporte. I’m happy to read what Leo has to say but I’m also seeing updates from hundreds of people who also follow Leo. I’m sure these people have interesting things to say, but there is a limit as to how much I can digest. Horowitz said that Google is aware of that issue and is working to make it easier to hide comments from people you don’t follow.
Clearly, Buzz is a work in progress. I’m sure folks at Google hope that their developers can work faster than EPIC’s lawyers and are able to solve these issues before they — quite literally — turn Buzz’s privacy problems into a federal case.
In its search for new markets and revenue, Google seems to be taking a bite out of Apple.
For months the two companies have competed in the mobile-phone market thanks to Google’s Android operating system, and that competition is fiercer now that Google has stamped its logo on the back of the Nexus One (designed by Google and manufactured by HTC). Despite some differences, the new Google smartphone looks a lot like an iPhone.
There’s competition on other fronts as well, including the operating system business.
In its initial blog post in July, Google positioned Chrome OS as “an open source, lightweight operating system that will initially be targeted at netbooks.” That alone could harm Apple if Chrome-powered netbooks take sales away from Mac laptops. But now there’s talk about both Chrome and Android being used on tablet devices that could compete with Apple’s just announced iPad.
Concept of what a Google tablet might look like (source: Google)
There have been no product announcements, but Google’s Chrome Web site is displaying “visual explorations of how a Chrome OS tablet UI (user interface) might look in hardware.” The illustrations provide only a vague idea of what such a tablet might be like, but their very existence indicates that Google may be eyeing the market that Apple hopes to bust open.
Just in case one tablet operating system isn’t enough of a threat to Apple, Google is potentially going after the iPad with two operating systems at once. Android, in addition to Chrome, could also be used to create a potential iPad killer.
At last month’s Consumer Electronics Show, MSI displayed a 10-inch tablet running Google’s Android operating system.
It’s important to emphasize that neither the Google concept drawings nor the MSI prototype represents a real product. But what they do represent is the possibility, and perhaps the intention, of Google to quickly enter the tablet marketplace.
To be sure, there are important differences between Apple and Google. Apple is more focused and disciplined — it works long and hard on a very small number of products and keeps quiet about them until they’re almost ready for prime time. Then, with great fanfare, Steve Jobs announces them to the world and puts them on sale shortly thereafter.
Google throws lots of things against the wall to see what sticks. The company’s experimental culture is so strong that employees are allowed to devote 20 percent of their time to any project that strikes their fancy, some of which actually see the light of day as products or services.
Apple’s formula — at least with the iPhone — worked like a charm. The hype was followed by a product that delighted most early reviewers and customers. And although I questioned in last week’s column whether the iPad can live up to its hype, I acknowledge that it is an innovative product that might do well when it hits the market.
Google’s approach is usually to pre-announce months in advance and rely on partners like HTC (and now Motorola) to build devices around its open source software. Unlike the first iPhone, the initial Android phone — the HTC G1 — got tepid reviews. But with the release of the Motorola Droid and Google’s Nexus One, Android is starting to win fans and respect.
Google’s initial foray into the browser market was also a bit disappointing but that, too, is starting to change. When the Chrome browser came out, it was a bit faster than market leaders Internet Explorer and Firefox but not nearly as versatile because it lacked support for extensions that allow third parties to add functionality. However, Google recently released a beta version of Chrome that fixes that problem.
Last month Chrome overtook Apple’s Safari as the third-place browser behind Internet Explorer and Firefox, according to Net Applications. As more extensions become available and more people download the newer version, I’m confident its market share will continue to grow.
The biggest difference between Apple and Google has to do with control. Apps for both the iPhone and iPad will be distributed through Apple and be vetted and approved by Apple before being made available to users. Google has a more open approach, allowing anyone to create an app for their phone or their computer operating system.
The democrat (small d) in me sides with Google. But the part of me that’s concerned about safety and security understands the advantages of having a company like Apple examine the applications for its devices.
Mostly I’m just glad to see these two talented and resourceful companies compete with each other and, of course, Microsoft, which was once thought to be a monopoly but is now struggling to compete with both Google and Apple.
This post is adapted from a column by Larry Magid that appeared in the San Jose Mercury News
This picture was taken via GoToMyPC from a remote computer.
