Undercover Facebook investigator highlights dilemmas in keeping children safe online

Australian Murdoch-owned tabloid the Herald Sun, published in Melbourne, Victoria, today reports on a thought-provoking war of words between two Victorian cybersecurity consultants.

Nathalie Brown, who runs a child behaviour consultancy called Easy Peasy Kids, claims in the Herald Sun that she created a fake 14-year-old Faceook persona and quickly stumbled into sexually-explicit rants about rape, violent anal sex and group sex by young teenagers.

Brown also claims to have quickly acquired 76 Facebook “friends”, despite using a profile picture of a fairy.

Brown’s rapid accumulation of friends is unsurspising. In Sophos’s own “friending” experiments, conducted in 2007 and 2009, Freddi Staur of London quickly clocked up 87 friends (out of 200 requests), whilst Daisy and Dinette from Sydney locked in 95 friends between them (from just 100 requests each). Freddi was a 27-year-old green plastic frog; Daisy was a rubber duck in her early 20s; and Dinette a cat in her late 50s.

Brown’s private digging into the adolescent cesspits of Facebook is interestingly timed. The redoundingly-named Standing Committee of Attorneys-General – which brings together the chief legal advisors of national, state and territory jurisdictions in both Australian and New Zealand – has recently been considering whether parents ought to have a legal right to access their children’s social networking accounts. No decision has yet been reached.

Of course, Brown’s lurking on Facebook wasn’t quite the same as parents accessing accounts created by their own children, because she created an account with a fake name and birthdate for her own use. Her motivation seems perfectly reasonable, though: to experience first-hand the sort of online milieu in which her own 15-year-old daughter was hanging out.

Not everyone sees it that way. The Herald Sun quotes rival Victorian online child safety expert Susan McLean – a Victoria Police officer for 27 years and now a consultant running her own business, Cyber Safety Solutions – in unequivocal disagreement. “It’s wrong in the extreme,” said McLean. “She has no right to do this. Facebook would take a very dim view of this.”

And, as several comments on the Herald Sun article point out, if Brown had been a 40-something man posing as a 14-year-old on Facebook, what she’d done would probably be in the news for being deviously creepy, rather than interestingly investigative. This is such a thorny issue that one commentator suggested that it’s time for Facebook to drop its attempts to monetise the 13-17 year-old market altogether, officially restricting membership to those 18 years and over.

And there you have it: when it comes to looking out for your children online, it seems you’re damned if you do, and damned if you don’t.

Remember, you, and your children, need to be much more circumspect about choosing social networking “friends” than those who befriended Nathalie Brown’s fairy, or Sophos’s frog, duck and cat. Many teenagers seem to think their online identity is unimportant because they don’t yet have any significant assets which a cybercriminal or cyberstalker might find worth stealing.

Brown argues differently, and she’s quite right:

I could easily copy and paste [from the adolescent posts I came across] to reveal the full names, photos and even mobile phone numbers of some of those involved. In fact anyone could, because once you write on Facebook it no longer just belongs to you. It is there forever. Even if you delete it, it is there somewhere."

If you haven’t yet thought about just how much information a crook might accumulate about you from social networks alone, and how that might have long-term value in the cybercriminal underground, watch this video we made after our experiences with Daisy the Duck and Dinette the Cat:

(Enjoy this video? Check out more on the SophosLabs YouTube channel and subscribe if you like.)

PS. You can buy the pictured T-shirt from Zazzle.