[Security] Bảo mật cho Pinterest như thế nào


I recently signed up for Pinterest.com, a hip, trendy pin board style website that allows beefed up sharing of your interests with friends via a large visual bulletin board style forum where fans of a particular subject can post what they find compelling, and want to share. Then other friends can weigh in on the subject “pinned”, thereby creating a crowd-ranked list of what folks in that sector are talking about, with the more popular, relevant, and timely pins rising toward the top. The service is heavily integrated with other social media venues, specifically Facebook and Twitter. In fact, you’ll need your account information from one of them to sign up. This means much of the personalized information you may already have on Facebook, for example, might be used to form a composite of what you might also be interested in on Pinterest.

Is it popular? The numbers have been going crazy lately. Who knew? Other than some half-starved startup team somewhere who hit it big, the idea is sickly engaging and addictive, likely because the site is all about you and what others following your same interests find, well, interesting. I also thought Twitter was a hard sell, but now, well, the numbers speak for themselves on that crazy 140 character status update app that's also addictive and successful.

Here in this article we dive into Pinterest.com, show you what's involved in signing up, securing your profile and feeling your way around the world of Pinterest, with an eye toward your own privacy, security, and best practices.

One thing to note: If you're in a hurry and just click through the default options without an eye for security, privacy, and the possible spread of personal information (either semi-automatically or inadvertently aided by unwitting friends), you may end up with more than you bargained for. Allowing your information to be shared with nearly everyone by default might cause heartache down the road, so locking things down a bit seems like a good stance to take.
Let’s Get Started

If you haven't signed up already, it's tougher than it looks. First, you have to sign up for a waiting list to be invited, or better yet, get someone on the service already to invite you. This hearkens back to the early days of gmail, which was pretty successful as well, despite the curious process.

Once you’ve received your invite, continue the process like:



I opted in this test to sign up using Facebook, so when you click the Facebook link, you are directed to the Facebook login on behalf of Pinterest.com, like:



Once you login, you are faced with the option to go back to Pinterest, or fine tune your Facebook interface settings. Notice the default selection is to share with friends.



Note the notification that says by default this app will share “other activity” on Facebook. That seems like a very broad term for information sharing. If you are more privacy/security conscious, it may be a good idea to restrict the visibility like:



I changed it to look like this:



When you are finished customizing your Facebook sharing settings, select the “Go to App” button and it will take you back to the Pinterest.com signup page to continue the process of creating an account there.



Since there really isn’t a way to sign up without a Facebook or Twitter account as well, it would be difficult to totally isolate the information flow from those sources. Your best bet is to review your account settings in Facebook, and make sure you’re only sharing what you intend to share, as default permissions tend to be set more lenient than security/privacy fans might prefer.

Now you’ll have a chance to tell Pinterest.com what interests you might have:



This will continue to build a profile of what/who you might be interested in following.

You now have a chance to create your own Boards:



On the same screen it will highlight those who you may be already following. Next there is a screen where you can customize your tastes, again building the profile the service will target for specific interests:



Once you enter your interests, the next time you visit, you’ll see more subjects presented that relate to these preferences.

You now have an option to integrate Pinterest preferences with your browser, for another level of integration:



Now let’s look at some of the settings you might choose to adjust. You have access the settings under the menu shown below:



On the settings page you will see options to control how Pinterest.com integrates with Facebook/Twitter:



Notice that they are set to integrate by default. For those who want more privacy/security, it may be wise to disable the buttons above, thereby segregating the services a bit more. Notice how tightly the sharing may be integrated, including a feature to tap into your Facebook Friends yet another way.
Summary:

While Pinterest grabs market share and your friends become familiar with the service, expect more fine-tuned controls to be available. Being aware of these settings may help you have a more secure profile and sharing stance while using the service. It also may prevent sharing more information than you planned on, both now and in the future.
What else to watch for:

As with many websites that soar to popularity, we are already seeing scams like fake apps bundled with borderline or outright malicious functionality that users could download for smartphones like Android. The folks at gottabemobile.com point out an app, purportedly for using Pinterest on Android, was not an app at all, but a platform for scams. Many users would simply click through the installation prompts, only to find out later they’ve gotten more than they bargained for.

As Pinterest.com continues to catch on, expect more scams that try to do things like tricking users into revealing credentials through fake notifications, spam texts to your mobile devices, efforts at phishing and other emerging scams. As Pinterest.com grows, we will revisit this in a security series about the platform, helping to keep users safe online.

[Via]

Comments

Popular posts from this blog

[Hack crack] Tổng hợp Google Dork

[Security] Internet blackout scheduled in protest of SOPA