I am talking about the coverage of that story, where the reporting has largely been horrible, gullible, naive crap. Sorry folks, but yes, that includes coverage from people I like. If you believe a lot of what you read, you would think that a lot of people were “duped” into following/friending/linking/whatevering Ms. Sage. This shows a gross lack of understanding of both social networking and the security community- both on the part of the journalists, and to a lesser extent, the researcher.
The people who “over-shared” really are a problem, and it may be interesting to see what Thomas Ryan (the person behind Robin Sage) presents at DefCon. It looks like s/he got a lot of sensitive information from people who should know better- three letter agencies, military, and more. Interesting, but “people are stupid and gullible” is not really ground-breaking, nor is mining/abusing social networking to prove this point a new idea either. It does sound like the scope and scale may be noteworthy. But not new, and being a skeptic, I’m not sure it is newsworthy.
Where things fall apart is the nonsense over stories which pretty much proclaim that MILLIONS OF SECURITY PROS DUPED, and point to the number of friends/links/etc. the virtually perky Ms. Sage gathered. I would like to point out four things:
- Different people use social networks in different ways. Just because someone accepts your connection request does not mean they are fooled by you. They may not even care if you are real or fake.
- Maybe they (sadly common) think that more connections means they are more important.
- Maybe they are public figures of some kind, and accept most requests as a matter of policy. If people are careful with what information they share, there is nothing wrong with this. Nothing. It is voluntary, get over it. It is how Social Media and Social Networking work for many people. If you don’t like this approach- don’t use it.
- The decision to accept may be based on connections offered (via friend-of-a-friend linking) instead of being based on the person making the request. Again, if you are cautious about what you share, there isn’t a risk here- even if it is a pretty shallow move. Robin certainly had some interesting friends/links to entice people. Put another way: Some days, the wingman scores.
- Once Robin Sage became fairly visible, the drama got interesting and a lot of people began following/linking to the myriad of Robin Sages (yes, there were clones and evil twins, too) just to watch the train wreck. I was one of these, and like many others I had my suspicions- but didn’t care if she was real, fake, or just another troll, there was entertainment. People were not duped, they grabbed a beer and some popcorn and watched the show.
- Robin Sage was called out. Spotted. Thoroughly outed. Many thought “something was fishy”. Some people did actual research and provided real details. People had to connect/accept to do the research and confirm their suspicions. The press almost completely missed this critical point. They also missed the fact that once this was widely known, even more people connected to and followed Robin to watch the evolving train wreck mentioned in point 2.
- Mr.. Ryan apparently convinced (socially engineered) much of the media into thinking this was something it wasn’t, then and the result was not journalism, it was an embarrassment.
Jack
[Note: since posting, the question of linking to specific examples has come up. I debated it while writing this post, but in the end I decided that the issue was so pervasive that calling out specific writers or articles would not have been productive.]
