The Vorpal Blade Carves Borogoves

So, asketh you, what brought on that last little twitch by the See-er of Bad Guys Behind Every Tree?? ***ACRONYM CONTEST!!! Make an acronym out of that last one!! Here's a starter : SeBGuBET. (SBGBET in Lower Slobovian). Prize is a free kick in the pants. ***

Dear Brother Outlaw John Hunyadi set up a family tree on GENI. GENI is a genealogy web site -- a social networking site -- which allows people to search for their relatives. The person who sets the tree up can add a person in their (extended) family and then "invite" that person to "join" GENI, at which point the invitee can add other people and edit his own portion of the family tree.




It is actually a very neat sort of thing. The intent of the founders of GENI was to provide a world-wide family tree of everyone in the world. Theoretically, it would test the idea that everyone in the world has a common ancestor roughly eight generations back.






I would love to load that tree with the data that I have, but there is the small matter of my latent paranoia.

This is an excerpt from the GENI Privacy Policy (my bolds):

"XI. Privacy. We care about the privacy of our users. Click here to view our Privacy Policy. By using the Service, you are consenting to have your personal data transferred to and processed in the United States.

XII. Security. Geni is intended to be a private family network. We have implemented commercially reasonable technical and organizational measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration or disclosure. However, we cannot guarantee that unauthorized third parties will never be able to defeat those measures or use your personal information for improper purposes. You acknowledge that you provide your personal information at your own risk."

A bit of deeper digging uncovers a warning that once the data is accessed from a point outside the USofA, the GENI member should be aware that foreign users may be governed by different laws. The user's privacy might not be quite as respected in China as in the USofA, if you follow my line of thought.

There is also the following to be found on the GENI site (again, my bolds):
Safety Tips for Parents
Parents should review the following guidelines carefully.

• Members of the Geni.com website must be at least 13 years old. Geni.com will terminate the membership of users whom we discover are younger than 13. Members must not misrepresent their age or the ages of others on the website. If your child is under 13 and through misrepresentation has created a profile on the website, please click here to notify us so that we can remove it immediately.
  
  
• The names of children under the age of 13 may be added to a family tree on the Geni.com website for the limited purpose of establishing a family tree placeholder for such child. Such children are not invited to join Geni.com as members and are not allowed to submit any personal information to the website.
  
  
• It is important that you talk to your teenage children about how they use Geni.com and how they represent themselves on Geni.com. Although only the people in your teenager's family tree plus invited friends can see your teenager's profile, family trees may extend to people they do not know well or at all. Tell your teenager not to post anything that could enable unwanted individuals with access to their profile to find them, that could otherwise expose them to danger or that could embarrass them. Review your teenager's account settings with them to help them choose the appropriate restrictions.
  
  
• Harassment, hate speech and other inappropriate content is not permitted on the Geni.com website and should be reported. If your teenager encounters inappropriate behavior on the website, let your teenager know that they should let you know, or that they should report it to Geni.com or the authorities as soon as possible.

Now then, let's digest this a bit. Say that I set up a family tree and begin inviting other family members to join and add more information. Within a short time, the tree will indeed become part of a forest. The kind of information I add varies widely, and the intent of the founders is to join together everyone in the human family. Ultimately, if I am related to Mr. Cau Flung Pu in the Far East or Ms. Rumblin Mbele in the Far South, we will be able to share our family information. Who knows, maybe we have the same great-great-great-great-great-great-great-great grandfather who went on a Crusade, was captured by the Mohammedans, sold as a slave to an African warlord, and ended up as a mercenary in the army of the Celestial Emperor, leaving a legacy at every port of call. Fascinating, eh wot?

So what kind of information is on this tree? Anything you can think of. Where you were born, what your grandparents' names were, your favorite pet, color, food, etc. In short, you can make your life an open book. Just like blogging, which is a fine outlet for those who are exhibitionists.

Think a minute. Have you done any on-line banking? Paid any bills on-line? Accessed any service that requires answers to security questions? What kind of information is asked for in those security questions? The city you were born in? Your grandmother's maiden name? Your first pet? Your favorite color? Tell me now -- does this post make you think about leaks in the information chain?

Ah, you say, the information on GENI is private. Outside visitors are limited in what they can see. You are correct, my friend. There is, however, the Judas problem. What if there is a black sheep in the family, or an old goat? (Hey!!! Wipe that smirk off your face!!!) If you have ever had a brother or sister "borrow" from your piggy bank, can you imagine trying to control the activity of a 5th cousin 3 times removed, especially if he is running a 419 program? (If you don't know what that is, you are indeed greener than grass and should have your email license revoked.)

All in all, I think the GENI idea is a lot of fun, and could be very useful (even if it could be TOO useful to certain people). Here are my recommendations for internet security, going forward:

• Create a password list for all sites that you visit which require passwords for access. The passwords should be as random and senseless as possible, mixing upper case and lower case letters with numerals and, where permitted or required, punctuation characters. My solution involves setting up a spreadsheet with the site, my username, the password, and security question answers.
  
  
• Print out the password list, and burn the password list file to a CD. Then delete the password list file from your computer, and keep the printed list and the backup CD in a safe place, away from prying eyes.
  
  
• Revisit all those on-line bank and credit card sites and change the security question answers. It doesn't matter what is posted on GENI if the security answer to the question about your grandmother's maiden name is "superman" and your first pet was named "godzilla". Be creative, and, as noted above, be sure you record that in your password list. Remember that YOU may not have put the real information on-line, but somebody else in your family might have. Assume that an identity thief already has access to your deepest family secrets.
  
  
• Don't forget your email account and other internet access password(s) while doing this.
  
  
• Password protect every computer on your local network. If someone linked to your home router is downloading files using a peer-to-peer network, and other computers on your local network are not password protected, those other computers are wide open to the world-wide users of the peer-to-peer network.
  
  
• Password protect your home router. Especially, password protect your wireless network. We have several neighbors who have wide open wireless systems. If someone wanted, they could have free internet access using those networks. Now and again, you read about someone being arrested for "stealing" wireless bandwidth, usually by parking their car near an open network and using it. Anybody looking for an easy hack into system files (and maybe bank accounts) knows that a person who leaves a wireless network wide open probably also left a few other doors ajar, and it is worth their time and effort to check such things out.

I realize that this flies in the face of much of what you may have been told about not writing down passwords. That advice was generated in simpler times, when you were also told to use a password that was easy to remember. These are more modern times, and you need passwords that are IMPOSSIBLE to remember, and you need to change those passwords on a regular schedule. Keep in mind that the movie actor hacker who gets into a file by trying to guess the password is obsolete; the modern hacker uses special programs that may run thousands of password combinations per minute. Few of them are that dangerous; the typical password thief will give up and go after an easier target if he can't get yours after a few hundred tries.

So. Now that you are truly afraid, Happy Internetting!