Tom Dubois

Worldwide Marketing Director, VASCO Data Security

This conversation is closed.

How aware/concerned are you about who has access to your TED profile data?

Not a day goes by without reading news about a new hack or security breach. Millions of online user accounts get compromised each year. ID theft is killing consumer confidence for e-commerce and online transactions... yet we all keep on merrily posting and sharing our personal data online, often without giving a second thought about who can access and (ab)use our data. In many ways ID theft is like cancer: we all agree that it's terrible... but we always think it's not going to happen to us.

When talking about securing your online data, It's all too easy to blame the application provider for not implementing sufficient security measures. It's a fact that we, as users, are as much to blame for the problem as the service/application provider. If we're honest we simply wouldn't use any online service if it required a highly complex yet secure login process.

So how do we break out of this loop and solve the problem? Well, before we can solve the problem, we need to be aware of it. Once we're aware of it, how willing are we to act and do something about it?
So hence my question goes: How aware/concerned are you about who has access to your TED profile data?

  • thumb
    Apr 6 2013: Tom, how concerned should we be? Our profile mostly contains the things that interest us intellectually, which I didn't think put us at danger particularly. I thought the concern was more about financial information, which generally would not be part of a TED profile.
  • thumb
    Apr 8 2013: "It's all too easy to blame the application provider for not implementing sufficient security measures"

    it would be a good argument, if providers implemented everything on their side. then they could just say, we did what we could, now it is up to you. but the fact is, majority of websites don't comply with the most basic security requirements. in my experience, 9 out of 10 web developers do not have the know-how of secure development.

    of course the one to blame is the customer at the end, but not because we refuse to bother with security, but because we do not demand secure services in the first place.
  • thumb
    Apr 8 2013: The danger lies primarily in the fact that people with bad intentions can get a pretty good overview of an individual's profile based on the information that's available on social platforms such as Facebook, LinkedIn, twitter... but also TED.
    It's not only about the actual information you post (I assume no one will actually post their back account details online), but how this information can be used in social engineering schemes to trick people into sharing more personal data which can cause damage. In this respect I refer to the "Epic Hack" article by Mat Honan from Wired Magazine: Here's also a video that gives a pretty good overview of the problem:
    There are ways to solve at least part of this problem (example: by implementing strong user authentication like for your online banking), but it's clear that not everybody is aware of the issue. Hence users will probably not accept intrusive security measures implemented by the application provider. So I see a triple responsibility here:
    * The application provider: needs to educate his users about the issue and implement the necessary measures to prevent unauthorized account access.
    * The users: needs to be aware of the issue and willing to accept stricter security measures
    * The solution providers: need to develop new and user friendly ways to secure applications and their users
  • Apr 7 2013: Yes, I am a little concerned about the access of outsiders to all the profile data stored in TED discussions. I would suggest that the TED management could set up a procedure that we should have a process that allows the discussant authors to be able to x out part of the information related to his/her personal data when s/he gets into, or reviews, the "My conversation". In other word, the authors should be given the privilege of editing his/her own data when gets into the listing in the "My conversation", at least after the "conversation" period expired. Even when the conversation is still in session, we could allow the author to modify or x out a limited portion of it as long as it really doesn't obscure the essential content of the posting.