Our topic this week at the SFF Seven is an open author riff, an invitation to talk about whatever's on our minds.
I kind of want to complain about bad security advice on the Internet, but that's just me being cranky. It doesn't hurt anyone, as it's overprotective. Still, folks, I could advise you to burn sage to purify your laptop of demons and we could argue the same. It doesn't hurt anyone, but let's try to rein back superstition and separate it from computer science.
Oops, I guess I did go there.
Did I mention I'm deep into writing a book riddled with conflicts around magic, science and superstition?
Okay, since I already started down this road, let's look at this Ten Concerts thing. There's a trajectory here I notice a lot with social media.
Last week, people on Facebook started posting lists of ten concerts - nine they'd been to and one a lie. I saw a friend do it, it looked amusing, I did it too. People had fun guessing which was the lie, and we ended up riffing about great concerts we'd been to. Other people did posts of their own. Lots of people doing it, lots of engagement...
Next inevitable step is people bitching about it.
I don't know why, except that any time a bunch of people get excited about something, there have to be some other people shaking their canes at it and yelling at the concert people to get off their Facebook lawn.
Then came the article about it. This one really took the prize for me, because the New York Times did an article about how the Ten Concerts Meme was a cybersecurity risk. The had an quotes from a guy in the business who called it a "moderate security risk" because some websites ask for the first concert you went to as a security question.
Note that the Ten Concerts list wasn't necessarily about a first concert at all, even if, out there somewhere, this happens to be one of yousecurity questions. (They also dragged in that since those sites often ask for your high school or high school mascot, you should either lie on the site - and hope you remember it - or never reveal to anyone that super-sekrit information. Besides, of course the thousands of people who were associated with your high school.) They also concede that since this isn't a shared "quiz," there's no danger of embedded code.
Then the article goes on to add that any information we post can be used to target marketing, as if none of us have seen the shoes we glanced at on a catalog site later popping up in a sidebar ad. And as if the fact that I saw the Go-Go's - YES, YES I DID! - when I was 18 somehow informs my current buying patterns.
Though I have been contemplating buying some thigh-high lace stockings and big bracelets lately... HMMM.
The thing is, folks, this article is about absolutely nothing at all. You know why they wrote and posted it? BECAUSE A LOT OF PEOPLE WERE ENGAGED. Engagement = clicks = advertising dollars. Why *not* write a fluff piece making vague generalizations about moderate security risks when you can be pretty sure that a chunk of all those people who played the game would click on it?
Hurts no one, right?
Except now people are sharing the article with vague warnings of their own, stirring up fear and concern where really nothing exists. Seems to me there's a story about the dangers of calling out dangers that aren't really real.
The thing about sensationalizing news is that it's main purpose is to get people excited, not to transmit useful information.
Might as well go burn some sage over my laptop and change all of my security questions. Just in case.