tag:theconversation.com,2011:/global/topics/cyber-safety-19410/articlesCyber safety – The Conversation2024-02-27T23:08:38Ztag:theconversation.com,2011:article/2231902024-02-27T23:08:38Z2024-02-27T23:08:38ZShould you be checking your kid’s phone? How to know when your child is ready for ‘phone privacy’<figure><img src="https://images.theconversation.com/files/576354/original/file-20240219-30-bolx5l.jpg?ixlib=rb-1.1.0&rect=275%2C646%2C4164%2C3181&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/child-using-smart-phone-lying-bed-2299524663">Aleksandra Suzi/Shutterstock</a></span></figcaption></figure><p>Smartphone ownership among younger children is <a href="https://www.ofcom.org.uk/__data/assets/pdf_file/0027/255852/childrens-media-use-and-attitudes-report-2023.pdf">increasing rapidly</a>. Many primary school children now own smartphones and they have become the norm in high school.</p>
<p>Parents of younger children may occasionally (or routinely) look at their child’s phone to check it’s being used responsibly and safely.</p>
<p>But as children mature into teens, parental inspections will likely feel like an invasion of privacy. Many would not ask for a high schooler’s diary, yet phones hold even more personal information. </p>
<p>So, what do parents need to consider when making the “phone rules” for their children as they get older?</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/575539/original/file-20240214-27-yg1k3s.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="A girl looks surprised while her dad talks to her about phone use." src="https://images.theconversation.com/files/575539/original/file-20240214-27-yg1k3s.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/575539/original/file-20240214-27-yg1k3s.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/575539/original/file-20240214-27-yg1k3s.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/575539/original/file-20240214-27-yg1k3s.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/575539/original/file-20240214-27-yg1k3s.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/575539/original/file-20240214-27-yg1k3s.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/575539/original/file-20240214-27-yg1k3s.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Is it OK for a parent to ask a teen to show them their phone?</span>
<span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/asian-father-asking-his-daughter-stop-1502950871">CGN089/Shutterstock</a></span>
</figcaption>
</figure>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/school-phone-bans-seem-obvious-but-could-make-it-harder-for-kids-to-use-tech-in-healthy-ways-204111">School phone bans seem obvious but could make it harder for kids to use tech in healthy ways</a>
</strong>
</em>
</p>
<hr>
<h2>Early smartphone ownership</h2>
<p>Parents get their younger children phones for many reasons. Some feel it will help keep kids safe when, for example, travelling on their own to and from school. Others have bought one after intense pressure from their child or worry their child will be left out socially if all their friends have a <a href="https://www.tandfonline.com/doi/full/10.1080/13229400.2023.2207563">phone</a>. </p>
<p>In my own research with parents, some also tell me they are reluctant to let their child use the parents’ phone for fear of risking important work files or information stored on the phone.</p>
<p>But many parents also worry getting a phone early might encourage phone addiction, or that a child might be accessing adult content. </p>
<p>Parental guidance for this age group tends to focus on safety, which usually includes checking the child’s phone activity (with or without the child’s knowledge), restricting access through passwords or <a href="https://www.tandfonline.com/doi/full/10.1080/13229400.2023.2207563">time limits</a>.</p>
<p>Parents understandably want their children to be safe. Monitoring may be part of this, but it’s not the whole story. Most important is our role in equipping children to make good, independent and responsible decisions with their phone.</p>
<p>This means teaching children a broader set of skills about how to use phones safely and in a way that maximises potential for learning, connection and <a href="https://www.tandfonline.com/doi/full/10.1080/17482798.2020.1725902">self-expression</a>.</p>
<p>Education and open dialogue about phone safety should begin the day your child gets their phone and continue as they grow. </p>
<p>The focus should be on problem-solving together and respectfully. This is what will empower them to self-regulate appropriately as they grow. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/575522/original/file-20240214-30-4ek2z3.jpg?ixlib=rb-1.1.0&rect=0%2C33%2C5580%2C3664&q=45&auto=format&w=1000&fit=clip"><img alt="A young boy looks at his phone while sitting at home." src="https://images.theconversation.com/files/575522/original/file-20240214-30-4ek2z3.jpg?ixlib=rb-1.1.0&rect=0%2C33%2C5580%2C3664&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/575522/original/file-20240214-30-4ek2z3.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/575522/original/file-20240214-30-4ek2z3.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/575522/original/file-20240214-30-4ek2z3.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/575522/original/file-20240214-30-4ek2z3.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/575522/original/file-20240214-30-4ek2z3.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/575522/original/file-20240214-30-4ek2z3.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">In the first year of a younger child owning a phone, the focus should be on safety.</span>
<span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/leisure-children-technology-internet-addiction-people-336092240">Ground Picture/Shutterstock</a></span>
</figcaption>
</figure>
<h2>A phased approach: laying the groundwork early</h2>
<p>In the first year of a younger child owning a phone, the focus should be on safety.</p>
<p>This may include controls, restrictions and monitoring, but does not necessarily need to include phone checking. Establishing the rules on safety and wellbeing for using the phone is key. </p>
<p>This means talking to your children about how and when they use their phone, why they shouldn’t answer unknown texts and calls, beware of giving out personal information online, and about being kind online. Let your children know they can always talk to you if they have a weird or bad experience online. </p>
<p>Parents should also focus on bigger picture safety and digital habits education. This can include, for example:</p>
<ul>
<li><p>reviewing privacy and app settings together</p></li>
<li><p>understanding screen time features and how to use them </p></li>
<li><p>learning how routines such as reaching for the phone when you wake can have a negative impact. </p></li>
</ul>
<p>Look for quality apps together that your child may enjoy or benefit from, such as productivity apps, creative or problem solving games, music or science-based games or other apps that will help develop their interests and life skills.</p>
<p>Trial and test apps or games together with your child to see how they work.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/575521/original/file-20240214-26-f775n6.jpg?ixlib=rb-1.1.0&rect=0%2C13%2C4479%2C2977&q=45&auto=format&w=1000&fit=clip"><img alt="A young teen looks at her mobile phone while sitting on the couch." src="https://images.theconversation.com/files/575521/original/file-20240214-26-f775n6.jpg?ixlib=rb-1.1.0&rect=0%2C13%2C4479%2C2977&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/575521/original/file-20240214-26-f775n6.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/575521/original/file-20240214-26-f775n6.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/575521/original/file-20240214-26-f775n6.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/575521/original/file-20240214-26-f775n6.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/575521/original/file-20240214-26-f775n6.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/575521/original/file-20240214-26-f775n6.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Smartphone ownership among younger children is increasing rapidly.</span>
<span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/upset-depressed-caucasian-little-kid-girl-2152037861">Iren_Geo/Shutterstock</a></span>
</figcaption>
</figure>
<h2>Adapting the approach as children mature</h2>
<p>As children mature, parental guidance also needs to change alongside it.</p>
<p>After about 12 months of the child’s phone ownership (give or take), checking phones needs to fade, and ongoing open communication needs to become the mainstay. </p>
<p>At this older stage, parents should have frequent, open discussions with their children about online safety, respect and responsibility. Ask your child questions about their phone experiences and always encourage them to ask for help in difficult situations.</p>
<p>Parents may also trial new ways of using the phone or certain apps together with their child. For example, the child and parent can use the screentime feature to discuss, and be aware of, their developing phone habits. It may also include learning to use the camera and its features well or trying new apps (such as a creative drawing app) that allow them to explore a new interest.</p>
<p>Help your child work out which habits work for them and which ones seem to cause stress. For example, if your child is on a WhatsApp group with friends and classmates, is that causing stress or worry? Talk to them about how they can handle it if they or a classmate are being talked about in the group chat. </p>
<p>The risk of routinely checking a teen’s phone is that it may end up fostering mistrust between parent and child. Regular conversations about phone and online safety, and discussing news articles on the topic are two ways of keeping safety front and centre. This helps promote good communication and trust.</p>
<h2>Alleviating fear and worry</h2>
<p>Taking a phased approach helps your child develop the skills and values they need to be able to make good, independent decisions. </p>
<p>Some children may need more or less than 12 months in the stricter hands-on initial phase. Much depends on their maturity, the home environment and their social world. </p>
<p>But taking a broader and adaptable approach will also help a parent better understand their child as a phone user. </p>
<p>This can help alleviate the fear and worry many parents have about phones and kids.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/kids-screen-time-rose-by-50-during-the-pandemic-3-tips-for-the-whole-family-to-bring-it-back-down-193955">Kids' screen time rose by 50% during the pandemic. 3 tips for the whole family to bring it back down</a>
</strong>
</em>
</p>
<hr>
<img src="https://counter.theconversation.com/content/223190/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Joanne Orlando receives funding from Office of eSafety Commissioner for funded research on online safety for 10–13 year olds. </span></em></p>Is it reasonable to occasionally inspect a 13- or 14-year-old’s device, or does this undermine a new sense of privacy at this stage?Joanne Orlando, Researcher: Digital Literacy and Digital Wellbeing, Western Sydney UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2182942023-12-08T16:14:45Z2023-12-08T16:14:45ZHow to protect yourself from cyber-scammers over the festive period<figure><img src="https://images.theconversation.com/files/562490/original/file-20231129-26-z85wnz.jpg?ixlib=rb-1.1.0&rect=0%2C0%2C6134%2C3228&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">As online shopping increases over the festive period, so does the risk of cyber-scams. </span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/merry-xmas-eve-online-shopping-store-2089436578">Chay Tee/Shutterstock</a></span></figcaption></figure><p>The festive season is a time for joy, family and festive cheer. However, it’s also a prime target for cybercriminals. As online shopping ramps up, so does the risk of falling prey to cyber-attacks. That’s why it’s crucial to be extra vigilant about your <a href="https://blog.tctg.co.uk/12-cyber-security-tips-of-christmas">cybersecurity</a> during this time. </p>
<p>Here are some essential tips to safeguard yourself and your data during the festive period:</p>
<h2>Phishing</h2>
<p>Phishing is when criminals use scam emails, text messages or phone calls to trick their victims. Their <a href="https://www.ncsc.gov.uk/collection/phishing-scams">goal</a> is often to make you visit a certain website, which may download a virus on to your computer, or steal bank details or other personal data. </p>
<p>This type of scam tends to <a href="https://www.egress.com/blog/phishing/holiday-phishing-scam-guide">increase</a> at this time due to the amount of people having bought or received new gadgets and technology. </p>
<p>Look out for there being no direct reference to your name in any communications, with wording such as “Dear Sir/Madam” or other terms such as “valued customer” being used instead. Grammar and spelling mistakes are also often present. </p>
<p>Be wary of any suspicious links or attachments within emails too, and don’t click them. It’s better to contact the company directly to check if the message is genuine. You can also <a href="https://www.ncsc.gov.uk/collection/phishing-scams">report</a> suspicious messages and phishing scams to the government’s National Cyber Security Centre. </p>
<h2>Shopping safely online</h2>
<p>The convenience of online shopping is undeniable, especially during the festive season. However, it’s crucial to prioritise your security when buying online. </p>
<p>Before entering your personal and financial information on any website, ensure it’s legitimate and secure. Look for the “https” in the address bar and a <a href="https://theconversation.com/the-vast-majority-of-us-have-no-idea-what-the-padlock-icon-on-our-internet-browser-is-and-its-putting-us-at-risk-216581">padlock</a> icon, which indicates a secure and encrypted connection. </p>
<p>When creating passwords for online shopping accounts, use strong, unique combinations of letters, numbers and symbols. Avoid using the same password for multiple accounts, as a breach on one site could compromise all your others.</p>
<p>As with shopping in the real world, be cautious when encountering offers that are significantly below usual prices or which make extravagant promises. Always conduct thorough research on the seller and product before making a purchase. If a deal seems too good to be true, it probably is. </p>
<p>And if you are out shopping in towns or city centres, there will often be a large number of public wifi options available to you. However, criminals can intercept the data that is transferred across such open and unsecured wifi. So, avoid using public wifi where possible, especially when conducting any financial transactions. </p>
<figure class="align-center ">
<img alt="A person sits at a laptop with a coffee surrounded by festive packages." src="https://images.theconversation.com/files/562672/original/file-20231130-21-u6r9en.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/562672/original/file-20231130-21-u6r9en.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/562672/original/file-20231130-21-u6r9en.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/562672/original/file-20231130-21-u6r9en.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/562672/original/file-20231130-21-u6r9en.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/562672/original/file-20231130-21-u6r9en.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/562672/original/file-20231130-21-u6r9en.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Stay vigilant, exercise caution and don’t let your excitement for gifts and deliveries compromise your cybersecurity.</span>
<span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/christmas-online-shopping-top-view-female-520279837">Prostock-studio/Shutterstock</a></span>
</figcaption>
</figure>
<h2>Social media</h2>
<p>While social media platforms provide people with a means to keep in touch with family and friends over the festive period, they are often a goldmine for <a href="https://www.which.co.uk/consumer-rights/advice/how-to-spot-a-social-media-scam-aMtwF3u1XKGt">scams</a> and malware (software designed to disrupt, damage or gain unauthorised access to a computer). In the spirit of the festive season, people often share an abundance of personal information on social media, often without considering the potential consequences. </p>
<p>This trove of data can make people vulnerable to cyber-attacks. Scammers can exploit this information to gain unauthorised access to social media accounts, steal personal information, or even commit identity theft. To protect yourself, be mindful of what you share. </p>
<p>Be wary when interacting with posts and direct messages, especially if they contain suspicious links or attachments. Before clicking on anything, hover over the link to verify its destination. If it shows a website you don’t recognise or seems unrelated to the message, do not click on it. If you receive a message from someone you know but the content seems strange or out of character, contact them directly through a trusted channel to verify its authenticity. </p>
<p>Likewise, be wary of messages containing urgent requests for money or personal information from businesses. Genuine organisations will never solicit sensitive details through social media.</p>
<p>There are many buy and sell platforms available on social media. But while such platforms can be a great place to find a unique gift, it is also important to remember that not all sellers may be legitimate. So, it’s vital that you don’t share your bank details. If the seller sends a link to purchase the item, do not use it. When meeting to collect an item, it’s generally safer to use cash rather than transferring funds electronically.</p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/aO858HyFbKI?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
<figcaption><span class="caption">Advice for staying safe online.</span></figcaption>
</figure>
<h2>Package delivery scams</h2>
<p>As well as being a time for giving and receiving gifts, the festive season is also ripe for cybercriminals to exploit the excitement surrounding <a href="https://www.citizensadvice.org.uk/about-us/about-us1/media/press-releases/scams-linked-to-parcel-deliveries-come-top-in-2023/">package deliveries</a>. </p>
<p>Scammers often pose as legitimate delivery companies, sending emails or text messages claiming that a delivery attempt was unsuccessful or requiring additional fees for processing, or even customs clearance. Typically, these messages contain links or phone numbers that, when clicked or called, lead to fake websites or automated phone systems designed to collect personal information or payments.</p>
<p>To protect yourself, always verify the legitimacy of any delivery notifications you receive. Check the sender’s email address or phone number against the official contact information for the delivery company. If the information doesn’t match or seems suspicious, don’t click any links or provide personal details. </p>
<p>Legitimate delivery companies will never ask for upfront payment or sensitive information through unsolicited messages or calls. </p>
<p>Remember, cybercriminals are skilled at manipulating the festive spirit to their advantage. Stay vigilant, exercise caution, and don’t let your excitement for gifts and deliveries compromise your cybersecurity.</p><img src="https://counter.theconversation.com/content/218294/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Rachael Medhurst does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Cyber-scams tend to ramp up at this time of year, with criminals and scammers eager to exploit people’s generosity and excitement.Rachael Medhurst, Course Leader and Senior Lecturer in Cyber Security NCSA, University of South WalesLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2064032023-05-26T05:04:02Z2023-05-26T05:04:02ZThe highly secretive Five Eyes alliance has disrupted a China-backed hacker group – in an unusually public manner<figure><img src="https://images.theconversation.com/files/528460/original/file-20230526-17-odlsck.jpg?ixlib=rb-1.1.0&rect=69%2C59%2C3233%2C2092&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">Dennis Desmond</span>, <span class="license">Author provided</span></span></figcaption></figure><p>This week the Five Eyes alliance – an intelligence alliance between Australia, the United Kingdom, Canada, New Zealand and the United States – <a href="https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF">announced its investigation</a> into a China-backed threat targeting US infrastructure. </p>
<p>Using stealth techniques, the attacker – referred to as “Volt Typhoon” – exploited existing resources in compromised networks in a technique called “<a href="https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3406058/nsa-and-partners-identify-china-state-sponsored-cyber-actor-using-built-in-netw/">living off the land</a>”.</p>
<p>Microsoft made a concurrent <a href="https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/">announcement</a>, stating the attackers’ targeting of Guam was telling of China’s plans to potentially disrupt critical communications infrastructure between the US and Asia region in the future.</p>
<p>This comes hot on the heels <a href="https://www.nknews.org/pro/how-new-us-cybersecurity-task-force-can-effectively-target-north-korean-hackers/">of news</a> in April of a North Korean supply chain attack on Asia-Pacific telecommunications provider 3CX. In this case, hackers gained access to an employee’s computer using a compromised desktop app for Windows and a compromised signed software installation package.</p>
<p>The Volt Typhoon announcement has led to a rare admission by the US National Security Agency that Australia and other Five Eyes partners are engaged in a targeted search and detection scheme to uncover China’s clandestine cyber operations.</p>
<p>Such public admissions from the Five Eyes alliance are few and far between. Behind the curtain, however, this network is persistently engaged in trying to take down foreign adversaries. And it’s no easy feat. </p>
<p>Let’s take a look at the events leading up to Volt Typhoon – and more broadly at how this secretive transnational alliance operates.</p>
<h2>Uncovering Volt Typhoon</h2>
<p>Volt Typhoon is an “advanced persistent threat group” that has been active since at least mid-2021. It’s believed to be sponsored by the Chinese government and is targeting critical infrastructure organisations in the US. </p>
<p>The group has focused much of its efforts on Guam. Located in the Western Pacific, this US island territory is home to a significant and growing US military presence, including the air force, a contingent of the marines, and the US navy’s nuclear-capable submarines. </p>
<p>It’s likely the Volt Typhoon attackers intended to gain access to networks connected to US critical infrastructure to disrupt communications, command and control systems, and maintain a persistent presence on the networks. The latter tactic would allow China to influence operations during a potential conflict in the South China Sea. </p>
<p>Australia wasn’t directly impacted by Volt Typhoon, according to official statements. Nevertheless, it would be a primary target for similar operations in the event of conflict.</p>
<p>As for how Volt Typhoon was caught, this hasn’t been disclosed. But Microsoft documents highlight previous observations of the threat actor attempting to dump credentials and stolen data from the victim organisation. It’s likely this led to the discovery of compromised networks and devices.</p>
<h2>Living-off-the-land</h2>
<p>The hackers initially gained access to networks through internet-facing Fortinet FortiGuard devices, such as routers. Once inside, they employed a technique called “living-off-the-land”. </p>
<p>This is when attackers rely on using the resources already contained within the exploited system, rather than bringing in external tools. For example, they will typically use applications such as PowerShell (a Microsoft management program) and Windows Management Instrumentation <a href="https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/">to access</a> data and network functions.</p>
<p>By using internal resources, attackers can bypass safeguards that alert organisations to unauthorised access to their networks. Since no malicious software is used, they appear as a legitimate user. As such, living-off-the-land allows for lateral movement within the network, and provides opportunity for a persistent, long-term attack.</p>
<p>The simultaneous announcements from the Five Eyes partners points to the seriousness of the Volt Typhoon compromise. It will likely serve as a warning to other nations in the Asia-Pacific region.</p>
<h2>Who are the Five Eyes?</h2>
<p><a href="https://www.theguardian.com/world/2013/dec/02/history-of-5-eyes-explainer">Formed in 1955</a>, the Five Eyes alliance is an intelligence-sharing partnership comprising Australia, Canada, New Zealand, the UK and the US. </p>
<p>The alliance was formed after World War II to counter the potential influence of the Soviet Union. It has a specific focus on signals intelligence. This involves intercepting and analysing signals such as radio, satellite and internet communications. </p>
<p>The members share information and access to their respective signals intelligence agencies, and collaborate to collect and analyse vast amounts of global communications data. A Five Eyes operation might also include intelligence provided by non-member nations and the private sector.</p>
<p>Recently, the member countries expressed concern about China’s de facto military control <a href="https://theconversation.com/explainer-why-is-the-south-china-sea-such-a-hotly-contested-region-143435">over the South China Sea</a>, its suppression of <a href="https://theconversation.com/china-is-taking-a-risk-by-getting-tough-on-hong-kong-now-the-us-must-decide-how-to-respond-139294">democracy in Hong Kong</a>, and threatening moves towards Taiwan. The latest public announcement of China’s cyber operations no doubt serves as a warning that Western nations are paying strict attention to their critical infrastructure – and can respond to China’s digital aggression.</p>
<p>In 2019, Australia was <a href="https://theconversation.com/a-state-actor-has-targeted-australian-political-parties-but-that-shouldnt-surprise-us-111997">targeted</a> by Chinese state-backed threat actors gaining unauthorised access to Parliament House’s computer network. Indeed, there is evidence that China is engaged in a concerted <a href="https://theconversation.com/australia-is-under-sustained-cyber-attack-warns-the-government-whats-going-on-and-what-should-businesses-do-141119">effort to target</a> Australia’s public and private networks.</p>
<p>The Five Eyes alliance may well be one of the only deterrents we have against long-term, persistent attacks against our critical infrastructure.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/deterring-china-isnt-all-about-submarines-australias-cyber-offence-might-be-its-most-potent-weapon-204749">Deterring China isn't all about submarines. Australia's 'cyber offence' might be its most potent weapon</a>
</strong>
</em>
</p>
<hr>
<p> </p><img src="https://counter.theconversation.com/content/206403/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Dr Desmond previously received funding through an ARC Linkage Grant and has worked with the US intelligence community and Five Eyes partners in the past. </span></em></p>The Five Eyes alliance is critical to hunting and detecting foreign cyber actors, but tends to work in secret.Dennis B. Desmond, Lecturer, Cyberintelligence and Cybercrime Investigations, University of the Sunshine CoastLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1694522021-10-17T19:12:26Z2021-10-17T19:12:26ZThere is a long history of racist and predatory advertising in Australia. This is why targeted ads could be a problem<figure><img src="https://images.theconversation.com/files/425858/original/file-20211012-21-1i5lzlq.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">The Australian Ad Observatory will investigate how targeted advertising online is affecting Aboriginal and Torres Strait Islander people.</span> <span class="attribution"><a class="source" href="https://www.gettyimages.com.au/detail/photo/laptop-bed-aboriginal-woman-royalty-free-image/498403857?adppopup=true">GettyImages</a></span></figcaption></figure><p><em>Aboriginal and Torres Strait Islander readers are advised this article contains racist images and advertising slogans.</em></p>
<hr>
<p>The internet has provided advertisers with the ability to fly below the radar of public accountability. This is because online ads are visible only to targeted individuals on their personal devices.</p>
<p>However history indicates that public accountability is crucial because advertisers have an established record of using harmful stereotypes and <a href="https://www.abc.net.au/news/2021-04-28/facebook-instagram-teenager-tageted-advertising-alcohol-vaping/100097590">targeting vulnerable populations</a>. </p>
<p><a href="https://www.admscentre.org.au/adobservatory/">The Australian Ad Observatory</a> in collaboration with the <a href="https://twitter.com/IndigFutures">Centre for Global Indigenous Futures</a> will investigate how targeted advertising online is affecting Aboriginal and Torres Strait Islander people with this in mind. </p>
<p>We will work with Aboriginal and Torres Strait Islander users to see what ads they are receiving on Facebook. <a href="https://researchers.mq.edu.au/en/publications/social-media-mob-being-indigenous-online">Research</a> indicates Facebook is one of the most popular platforms used by Aboriginal and Torres Strait Islander people. </p>
<p>Recent criticism of social media platforms has largely overlooked the significant cultural role played by advertising in reflecting and reinforcing social values and attitudes. </p>
<p>This is often done in ways harmful to Indigenous people, <a href="https://www.gizmodo.com.au/2021/10/how-facebooks-dark-ads-could-be-discriminating-against-you/">women</a> and <a href="https://thenextweb.com/news/facebook-accused-of-targeting-vulnerable-teens-for-predatory-ads">young people</a>.</p>
<p>Facebook has been criticised for amplifying <a href="https://techcrunch.com/2019/10/20/facebook-isnt-free-speech-its-algorithmic-amplification-optimized-for-outrage/">misleading, polarising and sensational information</a>. But it does this for its primary business model: to sell ads based on the <a href="https://www.nytimes.com/2018/04/11/technology/facebook-privacy-hearings.html">information</a> collected about users and their social networks.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/97-of-indigenous-people-report-seeing-negative-social-media-content-weekly-heres-how-platforms-can-help-162353">97% of Indigenous people report seeing negative social media content weekly. Here's how platforms can help</a>
</strong>
</em>
</p>
<hr>
<h2>Racist advertising and stereotyping</h2>
<p>Public scrutiny has an important role to play in challenging advertising practices that are harmful to society. A recent example of a marketing campaign resulting in public outcry and criticism, is the <a href="https://www.washingtonpost.com/news/arts-and-entertainment/wp/2018/01/19/hm-faced-backlash-over-its-monkey-sweatshirt-ad-it-isnt-the-companys-only-controversy/">H&M ad</a> that featured the image of a Black child wearing a sweatshirt that read, “coolest monkey in the jungle.”</p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"954564959496699905"}"></div></p>
<p>Another example is the <a href="https://theconversation.com/dove-real-beauty-and-the-racist-history-of-skin-whitening-85446">Dove body wash ad</a> that recycled racist associations of dark skin with dirt and uncleanliness. In both cases, public criticism led to the ads being cancelled and apologies from the companies involved.</p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"917036041076396033"}"></div></p>
<p>Critiquing racist images and stereotypes is important because of the role they play in reinforcing racist attitudes and the actions and the policies they support. </p>
<p>For example, an early 20th century ad for Velvet Soap draws on the racist dark-skin-is-unclean trope to make a connection to racist policy. The ad features a caricature of an Aboriginal woman scrubbing the “black” off the back of an Aboriginal child as she refers to the <a href="https://www.nma.gov.au/defining-moments/resources/white-australia-policy">White Australia policy</a>.</p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/425669/original/file-20211011-22-1v5vxlp.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/425669/original/file-20211011-22-1v5vxlp.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=450&fit=crop&dpr=1 600w, https://images.theconversation.com/files/425669/original/file-20211011-22-1v5vxlp.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=450&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/425669/original/file-20211011-22-1v5vxlp.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=450&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/425669/original/file-20211011-22-1v5vxlp.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=566&fit=crop&dpr=1 754w, https://images.theconversation.com/files/425669/original/file-20211011-22-1v5vxlp.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=566&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/425669/original/file-20211011-22-1v5vxlp.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=566&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Velvet soap ad.</span>
<span class="attribution"><span class="source">Special Issue of Punch, 1901</span></span>
</figcaption>
</figure>
<p><a href="https://www.researchgate.net/publication/306379190_Representation_and_Power_A_Picture_is_Worth_a_Thousand_Words_-_%27Nulla-Nulla_Australia%27s_White_Hope_The_Best_Household_Soap%27_1920s">Wiradjuri scholar Kathleen Jackson</a> highlights the connection between racist ads and harmful social policy in her discussion of the notorious Nulla-Nulla soap ad from the 1920s. The ad personified “dirt” in the form of an Aboriginal woman being beaten. </p>
<p>As Jackson puts it, </p>
<blockquote>
<p>Advertisements, such as Nulla-Nulla soap, provided subliminal support to the colonial campaign to enforce European cultural and economic values […] A single complaint about the cleanliness of an Aboriginal child could result in the exclusion of Aboriginal children from school. This exclusion could establish neglect and allow […] the removal of Indigenous children from their families.</p>
</blockquote>
<figure class="align-center ">
<img alt="A soap advertisement for Nulla Nulla soap from 1901" src="https://images.theconversation.com/files/425667/original/file-20211011-18-6diu9j.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/425667/original/file-20211011-18-6diu9j.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=651&fit=crop&dpr=1 600w, https://images.theconversation.com/files/425667/original/file-20211011-18-6diu9j.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=651&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/425667/original/file-20211011-18-6diu9j.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=651&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/425667/original/file-20211011-18-6diu9j.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=818&fit=crop&dpr=1 754w, https://images.theconversation.com/files/425667/original/file-20211011-18-6diu9j.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=818&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/425667/original/file-20211011-18-6diu9j.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=818&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">A soap advertisement for Nulla Nulla soap from 1901.</span>
<span class="attribution"><span class="source">A soap advertisement for Nulla Nulla soap from 1901</span></span>
</figcaption>
</figure>
<p>Degrading images and dehumanising stereotypes go hand-in-hand with violent and dehumanising acts. The cultural images a society feeds to itself through its commercials do much more than sell products: they reflect and reinforce social values and associations.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/sam-frost-knows-nothing-about-segregation-white-settlers-co-opting-terms-used-to-oppress-169613">Sam Frost knows nothing about segregation: white settlers co-opting terms used to oppress</a>
</strong>
</em>
</p>
<hr>
<h2>Predatory advertising</h2>
<p>Harmful and degrading stereotyping is not the only sin of advertising – and not the sole reason for supporting <a href="https://theconversation.com/facebook-ads-have-enabled-discrimination-based-on-gender-race-and-age-we-need-to-know-how-dark-ads-affect-australians-168938">ad accountability</a>. </p>
<p>Australia has an ongoing history of predatory marketing to Aboriginal and Torres Strait Islander people that could be further facilitated by online ad targeting. In 2018 the Royal Banking Commission revealed that financial institutions were deliberately targeting Aboriginal and Torres Strait Islander people with <a href="https://www.goldcoastbulletin.com.au/business/the-banking-royal-commission-has-unearthed-revelations-about-financial-institutions-deliberately-targeting-aboriginal-and-torres-strait-islander-communities-because-they-lack-financial-literacy-and-easily-accessible-assistance/video/addc4ba0242127e8a094f5d94f66f624">exploitative lending and insurance deals</a>. </p>
<p>Similarly, in 2020 the Australian Competition and Consumer Commission found some Telstra representatives had engaged in <a href="https://www.accc.gov.au/media-release/telstra-in-court-over-unconscionable-sales-to-indigenous-consumers">predatory marketing practices</a> towards Aboriginal people. They did this by misrepresenting the terms of mobile phone contracts and falsely telling customers they were receiving the phones for free. </p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1335399561666367499"}"></div></p>
<p>We do not know the extent to which stereotyping and predatory targeting are taking place online because we cannot see the ads. A lack of accountability favours shady advertisers over public interest and well being. It provides cover for advertisers who might be interested in strategies exploiting stereotypes or targeting vulnerable populations. History shows we cannot trust advertisers to hold themselves accountable. </p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1448536559800643586"}"></div></p>
<h2>New research addressing this issue</h2>
<p>The <a href="https://www.admscentre.org.au/adobservatory/">Australian Ad Observatory</a> and the <a href="https://twitter.com/IndigFutures">Centre for Global Indigenous Futures</a> are inviting Aboriginal and Torres Strait Islander people to participate in research that will allow them to see how they are being targeted online. </p>
<p>To assist in this research, participants who use Facebook on a laptop or desktop computer can install a browser extension in a minute or two. The extension does not collect any personally identifiable information – only the sponsored content appearing in their news feeds. </p>
<p>However the tool does collect some voluntarily provided information that allows us to see how Facebook users are being targeted by ethnicity, gender, age, and more. </p>
<p>The browser extension allows participants to see the history of all the ads they have received while it has been installed. Participants can then view the pattern of ads they receive, indicating whether they are being targeted for particular types of products or services. </p>
<p>If you are interested in participating in the project, more information is available <a href="https://www.youtube.com/watch?v=VutXyX0Oy2o&list=PLE_y90GftjpYv0z64TgkSWjpDhypQcOQc&index=9">in a video of the project launch</a>. </p>
<p><a href="https://www.admscentre.org.au/adobservatory/">Click here to join the project</a> </p>
<p>We will be making public our findings as they emerge, so watch this space for further updates.</p><img src="https://counter.theconversation.com/content/169452/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Bronwyn Carlson is the recipient of an Australia Research Council Discovery Indigenous Award for research on: ‘Indigenous peoples’ experiences of cyberbullying: An assemblage approach’. She is also an Investigator on a project which has received funding from Facebook's Foundational Integrity Research Award. The project is called ‘The impact of racist and violent content and threats towards Indigenous women and LBGTQI+ people on social media: a comparative analysis of Australia, New Zealand, Canada and the USA’</span></em></p><p class="fine-print"><em><span>Mark Andrejevic is a volunteer board member for Digital Rights Watch. His research receives funding from the Australian Research Council.</span></em></p>Targeted online ads allow shady advertisers to fly under radar. History shows a need for public accountability.Bronwyn Carlson, Professor, Indigenous Studies and Director of The Centre for Global Indigenous Futures, Macquarie UniversityMark Andrejevic, Professor, School of Media, Film, and Journalism, Monash University, Monash UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1591642021-05-05T10:55:24Z2021-05-05T10:55:24ZFour ways to make sure your passwords are safe and easy to remember<figure><img src="https://images.theconversation.com/files/397072/original/file-20210426-13-1l50s80.jpg?ixlib=rb-1.1.0&rect=181%2C107%2C5277%2C3474&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Many still make their passwords too simple.</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/strong-weak-easy-password-note-pad-1197236665">Shutterstock/Vitalii Vodolazskyi</a></span></figcaption></figure><p>For more than 15 years, there have been various predictions from tech leaders about the death of passwords. Bill Gates predicted it <a href="https://www.cnet.com/news/gates-predicts-death-of-the-password/">back in 2004</a> and Microsoft has <a href="https://www.neowin.net/news/microsoft-2021-is-the-year-passwords-die/">predicted it for 2021</a>. There have been numerous similar proclamations in between, alongside ongoing criticism of passwords as an inadequate means of protection. </p>
<p>Yet passwords remain a common aspect of cybersecurity, something people use every day. What’s more, passwords show little sign of disappearing yet. But many people <a href="https://theconversation.com/from-password-to-1234-why-we-still-fail-the-online-security-test-22357">still use them badly</a> and seem unaware of recommended good practice.</p>
<p>It’s very common for cybersecurity experts and <a href="https://theconversation.com/online-security-wont-improve-until-companies-stop-passing-the-buck-to-the-customer-75274">companies to blame users</a> for using passwords poorly, without recognising that systems permit their poor choices. </p>
<p>Many websites offer no upfront guidance on how to choose the passwords they require us to have, perhaps assuming we know these things already or can find it out elsewhere. But the fact that people persist <a href="https://nordpass.com/most-common-passwords-list/">in using weak passwords</a> suggests this is an optimistic view.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/four-steps-to-a-simpler-safer-password-system-27471">Four steps to a simpler, safer password system</a>
</strong>
</em>
</p>
<hr>
<h2>Outdated advice</h2>
<p>In addition to lacking guidance, it’s common to find websites enforcing outdated password requirements. You’re probably familiar with systems insisting on password complexity, by requiring upper case letters, numbers or special characters to make passwords stronger (our response to which often mirrors the video below). </p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/aHaBH4LqGsI?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
</figure>
<p>However, <a href="https://pages.nist.gov/800-63-3/sp800-63b.html">the current guidance</a> is to allow complexity but not to require it, and to basically regard password strength as synonymous with password length. </p>
<p>The <a href="https://www.ncsc.gov.uk/">National Cyber Security Centre</a> recommends creating a long password by combining three random words, enabling something longer and more memorable than many standard choices.</p>
<h2>My password attempts</h2>
<p>Also unhelpful is that, rather than giving guidance and requirements at the outset, many sites only reveal rules in response to us trying things that aren’t allowed. I tried creating a password for one such site. Most of my attempts received feedback requiring further action, until I settled on a final choice, which was accepted without complaint. But the password that was accepted, steve!, was short and rather predictable. </p>
<figure class="align-center ">
<img alt="A screenshot of four attempts to create a password." src="https://images.theconversation.com/files/397073/original/file-20210426-17-1b519le.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/397073/original/file-20210426-17-1b519le.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=312&fit=crop&dpr=1 600w, https://images.theconversation.com/files/397073/original/file-20210426-17-1b519le.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=312&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/397073/original/file-20210426-17-1b519le.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=312&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/397073/original/file-20210426-17-1b519le.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=392&fit=crop&dpr=1 754w, https://images.theconversation.com/files/397073/original/file-20210426-17-1b519le.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=392&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/397073/original/file-20210426-17-1b519le.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=392&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Wrestling with rules.</span>
<span class="attribution"><span class="source">Steven Furnell</span>, <span class="license">Author provided</span></span>
</figcaption>
</figure>
<p>When I played around a bit more, various other weak choices were accepted. For example 1234a!, abcde1 and qwert! all satisfied the rules, as did Furnell1 – which isn’t particularly strong, especially as I already entered Furnell as my last name elsewhere on the sign-up form. </p>
<p>Meanwhile, the rules often mean we can’t use passwords our devices auto-generate for us, or ones we might create for ourselves by following current guidance.</p>
<figure class="align-center ">
<img alt="Screenshot of an attempt to use a generated password." src="https://images.theconversation.com/files/397075/original/file-20210426-21-1viiqjm.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/397075/original/file-20210426-21-1viiqjm.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=257&fit=crop&dpr=1 600w, https://images.theconversation.com/files/397075/original/file-20210426-21-1viiqjm.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=257&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/397075/original/file-20210426-21-1viiqjm.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=257&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/397075/original/file-20210426-21-1viiqjm.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=324&fit=crop&dpr=1 754w, https://images.theconversation.com/files/397075/original/file-20210426-21-1viiqjm.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=324&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/397075/original/file-20210426-21-1viiqjm.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=324&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Many websites don’t allow generated passwords.</span>
<span class="attribution"><span class="source">Steven Furnell</span></span>
</figcaption>
</figure>
<p>Some sites seem to think they can compensate for a lack of guidance by using techniques such as password meters to rate our choices. However, while these give feedback, they’re not a substitute for providing guidance on what good looks like. </p>
<p>Using another site, I entered a poor password (the word password), and the only feedback I received was that the password is very weak. If a user was genuinely offering this password as an attempt, what they need to be told is why it’s weak. While you can doubtless find some sites giving better and more informative feedback, this example is unfortunately representative of many others.</p>
<h2>Rules to follow</h2>
<p>Of course, having highlighted the lack of effective guidance, it would be remiss to end without actually offering some. <a href="https://www.ncsc.gov.uk/cyberaware/home">The NCSC’s guidance</a> about choosing and using passwords are listed and briefly explained below:</p>
<ol>
<li>Use a strong and separate password for your email – as this is often your route to accessing other accounts.</li>
<li>Create strong passwords using three random words – this will give you stronger and more memorable passwords.</li>
<li>Save your passwords in your browser – this prevents you forgetting or losing them.</li>
<li>Turn on two-factor authentication – this adds an extra element of protection even if your password is compromised.</li>
</ol>
<p>It’s useful to supplement this with additional reminders not to <a href="https://theconversation.com/four-steps-to-a-simpler-safer-password-system-27471">use the same password</a> across multiple accounts for fear that a breach of one leads to breach of all, not to share them with other people because then it’s no longer your password, and not to keep a discoverable record of them. Storing them in a protected location, such as a password manager tool, is fine. </p>
<p>It’s worrying to think that passwords have been around for decades and we’re still getting it wrong. And they’re just one aspect of cybersecurity that we need to be using properly. This doesn’t bode well for cybersecurity more widely.</p><img src="https://counter.theconversation.com/content/159164/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Steven Furnell does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Passwords have been around for decades and we’re still getting it wrong.Steven Furnell, Professor of Cyber Security, University of NottinghamLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1448592020-09-07T20:12:07Z2020-09-07T20:12:07ZUniversities are a juicy prize for cyber criminals. Here are 5 ways to improve their defences<figure><img src="https://images.theconversation.com/files/356459/original/file-20200903-24-1abfnf8.jpg?ixlib=rb-1.1.0&rect=8%2C25%2C5742%2C3802&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/classmates-working-computer-room-university-243998158">Shutterstock</a></span></figcaption></figure><p>Universities worldwide are a growing target for hackers. <a href="https://www.redscan.com/media/The-state-of-cyber-security-across-UK-universities-Redscan-report.pdf">A July 2020 report</a> by cybersecurity company Redscan found more than 50% of UK universities recorded a data breach in the previous 12 months. </p>
<p>More recently, a data breach has <a href="https://www.sbs.com.au/news/australian-universities-investigating-deeply-concerning-hack-of-controversial-exam-software">affected 444,000 users of ProctorU</a>. Universities, including several Australian ones, use this online tool to supervise students sitting exams from home. Personal records from ProctorU were made available on hacker forums.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/anu-will-invigilate-exams-using-remote-software-and-many-students-are-unhappy-137067">ANU will invigilate exams using remote software, and many students are unhappy</a>
</strong>
</em>
</p>
<hr>
<p>The online-first approach universities are adopting during the COVID-19 pandemic further increases their digital footprint. This was done at very short notice. This meant risk analysis was different from the traditional processes, leading to additional cybersecurity risks.</p>
<h2>Why do unis attract attacks?</h2>
<p>Why are universities such attractive targets? It basically boils down to higher education’s “bread and butter”: they hold precious data, information and knowledge. <a href="https://www.ncsc.gov.uk/report/the-cyber-threat-to-universities#:%7E:text=and%20intellectual%20property.-,Cyber%20crime,a%20ransom%20has%20been%20paid.&text=While%20rarer%2C%20targeted%20attacks%20by,potential%20for%20greater%20financial%20impact.">Typical examples</a> include emails, personal information, technical resources, sensitive research data and intellectual property. </p>
<p>In addition, universities have attractive infrastructure – such as high-bandwidth connections via high-capacity wiring – and access to expensive resources. Their structures and processes are also inherently complex.</p>
<p>All of these factors make them vulnerable. </p>
<p><a href="https://www.emerald.com/insight/content/doi/10.1108/JIC-08-2019-0197/full/html">In a recently published research paper</a>, we sought to disentangle this complexity. We interviewed 11 cybersecurity and IT leaders in universities and research centres across Australia. We asked them about the main cyber challenges their institutions faced daily.</p>
<h2>Challenges everywhere</h2>
<p>University IT systems host a variety of users, including academics, professional staff, students and visitors. They have different levels of knowledge and understanding of cybersecurity and could create vulnerabilities, albeit unwillingly. </p>
<p>At the same time, they have work to do and they sometimes feel security controls hamper their productivity. One interviewee said:</p>
<blockquote>
<p>We regularly get pushed back by researchers saying: ‘Your controls are too tight; we can’t run software or do the experimentation we want to do.’</p>
</blockquote>
<figure class="align-right ">
<img alt="Illustration of hacker working at laptop" src="https://images.theconversation.com/files/356460/original/file-20200904-16-13tk7ev.png?ixlib=rb-1.1.0&q=45&auto=format&w=237&fit=clip" srcset="https://images.theconversation.com/files/356460/original/file-20200904-16-13tk7ev.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=554&fit=crop&dpr=1 600w, https://images.theconversation.com/files/356460/original/file-20200904-16-13tk7ev.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=554&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/356460/original/file-20200904-16-13tk7ev.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=554&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/356460/original/file-20200904-16-13tk7ev.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=696&fit=crop&dpr=1 754w, https://images.theconversation.com/files/356460/original/file-20200904-16-13tk7ev.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=696&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/356460/original/file-20200904-16-13tk7ev.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=696&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Legacy systems at highly connected universities make them vulnerable to hackers.</span>
<span class="attribution"><span class="source">Pixabay</span></span>
</figcaption>
</figure>
<p>Universities are hyper-connected organisations, whose edges are hard to establish: the boundary is no longer simply “the campus”. </p>
<p>Most universities also have to deal with old technology and networks. Once connected to the internet, these legacy systems may offer so-called “backdoors” that hackers can exploit. The <a href="https://theconversation.com/19-years-of-personal-data-was-stolen-from-anu-it-could-show-up-on-the-dark-web-118265">hacking of the Australian National University and resulting data breach</a> was an example of this.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/19-years-of-personal-data-was-stolen-from-anu-it-could-show-up-on-the-dark-web-118265">19 years of personal data was stolen from ANU. It could show up on the dark web</a>
</strong>
</em>
</p>
<hr>
<p>Universities increasingly operate as businesses. They connect with industry partners and third-sector organisations to make an impact on the “real world”. They outsource some of their services and develop entrepreneurial branches in the form of start-ups and spin-offs. </p>
<p>These activities create further complexity, as universities’ value chains are extended to involve other universities, private and public organisations and non-government organisations. <a href="https://www.bbc.com/news/technology-53516413">A breach in one component of these value chains</a> could have devastating effects on the other components.</p>
<p>Last but not least, universities have a natural inclination towards innovation. To innovate, information-sharing is essential. This, together with academic freedom, <a href="https://www.wsj.com/articles/colleges-face-education-challenge-on-cybersecurity-11597915801?mod=djemCybersecruityPro&tpl=cy">may at times clash with a culture of security</a>. As one interviewee said:</p>
<blockquote>
<p>The boards of directors are looking at growth, and there is no growth without risk.</p>
</blockquote>
<h2>It’s all about protecting intellectual capital</h2>
<p><a href="https://simplicable.com/new/intellectual-capital">Intellectual capital</a> is the mix of human capital (the knowledge of individuals), structural capital (systems, processes and technology to organise knowledge) and relational capital (the value that comes from connections with the external world). Protecting data and information held in universities ultimately means protecting their intellectual capital. </p>
<p>This cannot be achieved without bearing two levels of embeddedness in mind: <em>vertical</em> (the different end-user categories) and <em>horizontal</em> (the different organisations that engage with universities).</p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/354800/original/file-20200826-14-1o1fpov.PNG?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/354800/original/file-20200826-14-1o1fpov.PNG?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=613&fit=crop&dpr=1 600w, https://images.theconversation.com/files/354800/original/file-20200826-14-1o1fpov.PNG?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=613&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/354800/original/file-20200826-14-1o1fpov.PNG?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=613&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/354800/original/file-20200826-14-1o1fpov.PNG?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=770&fit=crop&dpr=1 754w, https://images.theconversation.com/files/354800/original/file-20200826-14-1o1fpov.PNG?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=770&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/354800/original/file-20200826-14-1o1fpov.PNG?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=770&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Intellectual capital protection in universities and levels of embeddedness.</span>
<span class="attribution"><span class="source">Author provided</span></span>
</figcaption>
</figure>
<p>Once more, this teaches us that, in cybersecurity, a one-size-fits-all approach <a href="https://www.verdict.co.uk/generations-cybersecurity/">is rarely the best solution</a>. Even more so for universities.</p>
<p>Governments are acutely aware of the issues. The recently launched <a href="https://www.homeaffairs.gov.au/cyber-security-subsite/files/cyber-security-strategy-2020.pdf">Australian Cyber Security Strategy</a> dedicates A$1.6 million over ten years to enhancing the cybersecurity of universities. </p>
<p>Will this be enough? More money for higher education could come from critical infrastructure protection, joint cyber security centres and perhaps defence, through programs such as the Defence Industry Security Program (<a href="https://www.defence.gov.au/dsvs/industry/">DISP</a>).</p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1292359680107266049"}"></div></p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/australias-cybersecurity-strategy-cash-for-cyberpolice-and-training-but-the-devil-is-in-the-detail-144070">Australia’s cybersecurity strategy: cash for cyberpolice and training, but the devil is in the detail</a>
</strong>
</em>
</p>
<hr>
<h2>What can unis do to improve cybersecurity?</h2>
<p>Here are some suggestions:</p>
<p><strong>1. Engage with all end users.</strong> Making cybersecurity easier to understand for academics, researchers, students and other users helps make them <a href="https://www.sciencedirect.com/science/article/pii/S1071581919300540">part of the solution</a>. Engagement goes a long way towards changing people’s behaviours.</p>
<p><strong>2. Share information.</strong> Analysis of past breaches and chains of events – like the <a href="https://www.anu.edu.au/news/all-news/anu-releases-detailed-account-of-data-breach">analysis by the Australian National University</a> – can help other universities improve security and repel attacks. This improves cybersecurity for all.</p>
<p><strong>3. Couple technology investment with investment in people.</strong> Universities such as Monash, Deakin and the University of Queensland <a href="https://www.itnews.com.au/news/university-of-queensland-rolls-out-mfa-to-staff-and-research-students-551016">have recently required multi-factor authentication</a> by users. Legacy systems, where possible, should be replaced or retired, but training and awareness also have to be refined, improved and personalised.</p>
<p><strong>4. Establish <a href="https://theconversation.com/how-australian-universities-can-get-better-at-cyber-security-99587">coalitions of universities</a></strong> to counter common cybersecurity challenges. This is especially important for universities that have limited resources to tackle the scourge by themselves.</p>
<p><strong>5. Understand your assets.</strong> Whether holistically as intellectual capital or specifically as data, information and knowledge assets, a better understanding helps focus investments effectively and efficiently.</p>
<hr>
<p><em>This article was co-authored by Dr David Stockdale, AusCERT Director and Deputy Director of Infrastructure Operations Information Technology Services at The University of Queensland.</em></p><img src="https://counter.theconversation.com/content/144859/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Dr David Stockdale, AusCERT Director and Deputy Director of Infrastructure Operations Information Technology Services at The University of Queensland, co-authored this article.</span></em></p><p class="fine-print"><em><span>The authors do not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and have disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Universities hold valuable information but are large and porous communities, with legacy IT systems often adding to the risks. But following a few basic rules can help counter cyber attacks.Ivano Bongiovanni, Lecturer in Information Security, Governance and Leadership / Design Thinking, The University of QueenslandKaren Renaud, Visiting Professor of Cybersecurity, Rhodes UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1362642020-04-24T05:00:02Z2020-04-24T05:00:02ZCyber threats at home: how to keep kids safe while they’re learning online<figure><img src="https://images.theconversation.com/files/329958/original/file-20200423-47820-3jteej.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/curious-interested-kid-boy-secretly-looking-1164198337">Shutterstock</a></span></figcaption></figure><p>Before COVID-19, children would spend a lot of the day at school. There they would be taught about internet safety and be protected when going online by systems that filter or restrict access to online content.</p>
<p>Schools provide protective environments to restrict access to content such as pornography and gambling. They also protect children from various threats such as viruses and unmoderated social media. </p>
<p>This is usually done using filters and blacklists (lists of websites or other resources that aren’t allowed) applied to school devices or through the school internet connection.</p>
<p>But with many children learning from home, parents may not be aware of the need for the same safeguards.</p>
<p>Many parents are also working from home, which may limit the time to explore and set up a secure online environment for their children.</p>
<p>So, what threats are children exposed to and what can parents do to keep them safe?</p>
<h2>What threats might children face?</h2>
<p>With an increased use of web-based tools, downloading new applications and a dependence on email, children could be exposed to a new batch of malware threats in the absence of school-based controls. </p>
<p>This can include viruses and ransomware – for example, <a href="https://www.techrepublic.com/article/covidlock-ransomware-exploits-coronavirus-with-malicious-android-app/">CovidLock</a> (an application offering coronavirus related information) that targets the Android operating system and changes the PIN code for the lock-screen. If infected, the user can lose complete access to their device.</p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1238626577212215296"}"></div></p>
<p>Children working at home are not usually protected by the filters provided by their school.</p>
<p>Seemingly innocent teaching activities like the use of YouTube can expose children to unexpected risks given the breadth of inappropriate adult content available. </p>
<p>Most videos end with links to a number of related resources, the selection of which is not controlled by the school. Even using YouTube Kids, a subset of curated YouTube content filtered for appropriateness, <a href="https://www.buzzfeednews.com/article/tanyachen/mom-discovered-youtube-kids-shows-school-shootings-violence">has some risks</a>. There have been reports of content featuring violence, suicidal themes and sexual references.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/can-you-keep-your-kids-safe-watching-youtube-88124">Can you keep your kids safe watching YouTube?</a>
</strong>
</em>
</p>
<hr>
<p>Many schools are using video conferencing tools to maintain social interaction with students. There have been reports of cases of class-hijacking, including <a href="https://theconversation.com/zoombombers-want-to-troll-your-online-meetings-heres-how-to-stop-them-135311">Zoom-bombing</a> where uninvited guests enter the video-conference session.</p>
<p>The FBI Boston field office has documented <a href="https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-warns-of-teleconferencing-and-online-classroom-hijacking-during-covid-19-pandemic">inappropriate comments and imagery</a> introduced into an online class. A similar case in Connecticut resulted in a <a href="https://nypost.com/2020/04/08/teen-arrested-after-zoom-bombing-high-school-classes/">teenager being arrested</a> after further Zoom-bombing incidents.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/zoombombers-want-to-troll-your-online-meetings-heres-how-to-stop-them-135311">'Zoombombers' want to troll your online meetings. Here's how to stop them</a>
</strong>
</em>
</p>
<hr>
<p>Because video conferencing is becoming normalised, malicious actors (including paedophiles) may seek to exploit this level of familiarity. They can persuade children to engage in actions that can escalate to inappropriate sexual behaviours.</p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1248023612256169984"}"></div></p>
<p>The eSafety Office has reported a <a href="https://www.esafety.gov.au/about-us/blog/covid-19-online-risks-reporting-and-response">significant increase in a range of incidents of online harm</a> since early March. </p>
<p>In a particularly sickening example, eSafety Office investigators said:</p>
<blockquote>
<p>In one forum, paedophiles noted that isolation measures have increased opportunities to contact children remotely and engage in their “passion” for sexual abuse via platforms such as YouTube, Instagram and random webchat services.</p>
</blockquote>
<p>Some families may be using older or borrowed devices if there aren’t enough for their children to use. These devices may not offer the same level of protection against common internet threats (such as viruses) as they may no longer be supported by the vendor (such as Microsoft or Apple) and be missing vital updates.</p>
<p>They may also be unable to run the latest protective software (such as antivirus) due to incompatibilities or simply being under-powered.</p>
<figure class="align-right zoomable">
<a href="https://images.theconversation.com/files/330121/original/file-20200423-47799-194qt2g.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/330121/original/file-20200423-47799-194qt2g.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=237&fit=clip" srcset="https://images.theconversation.com/files/330121/original/file-20200423-47799-194qt2g.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=361&fit=crop&dpr=1 600w, https://images.theconversation.com/files/330121/original/file-20200423-47799-194qt2g.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=361&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/330121/original/file-20200423-47799-194qt2g.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=361&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/330121/original/file-20200423-47799-194qt2g.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=454&fit=crop&dpr=1 754w, https://images.theconversation.com/files/330121/original/file-20200423-47799-194qt2g.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=454&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/330121/original/file-20200423-47799-194qt2g.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=454&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Error message when attempting to install a new application on an older device.</span>
<span class="attribution"><span class="license">Author provided</span></span>
</figcaption>
</figure>
<h2>What can parents do to protect children?</h2>
<p>It’s worth speaking with the school to determine what safeguards may still function while away from the school site. </p>
<p>Some solutions operate at device-level rather than based on their location, so it is possible the standard protections will still be applicable at home.</p>
<p>Some devices support filters and controls natively. For example, many Apple devices offer <a href="https://support.apple.com/en-au/HT208982">ScreenTime</a> controls to limit access to apps and websites and apply time limits to device use (recent Android devices might have the <a href="https://wellbeing.google/">Digital Wellbeing</a> feature with similar capabilities).</p>
<p>Traditional mechanisms like firewalls and anti-virus tools are still essential on laptops and desktop systems. It is important these are not just installed and forgotten. Just like the operating systems, they need to be regularly updated.</p>
<p>There is a wealth of advice available to support children using technology at home. </p>
<p>The Australian eSafety Commissioner’s website, for instance, provides access to:</p>
<ul>
<li><p>an <a href="https://www.esafety.gov.au/parents/children-under-5/online-safety-for-under-5s-booklet">online safety booklet</a> for children under five</p></li>
<li><p>advice on <a href="https://www.saferinternet.org.uk/advice-centre/parents-and-carers/parental-controls-offered-your-home-internet-provider">parental controls</a> such as setting up filters on the home internet</p></li>
<li><p>an <a href="https://www.esafety.gov.au/parents/online-safety-guide">on-line safety guide</a> for young people</p></li>
<li><p>specific advice on the <a href="https://www.esafety.gov.au/parents/big-issues">“big issues”</a> such as cyberbullying and unwanted contact or grooming</p></li>
<li><p><a href="https://www.esafety.gov.au/key-issues/covid-19/advice-parents-carers">global safety advice</a> to help parents deal with online abuse.</p></li>
</ul>
<p>But if you’re feeling overwhelmed by these materials, some key messages include:</p>
<ul>
<li><p>ensuring (where appropriate) the device is regularly updated. This can include updating the operating system such as Windows, Android or Mac</p></li>
<li><p>using appropriate antivirus software (and ensuring it is also kept up to date)</p></li>
<li><p>applying parental controls to limit screen time, specific app use (blocking or limiting use), or specific website blocks (such as blocking access to YouTube)</p></li>
<li><p>on some devices, parental controls can limit use of the camera and microphone to prevent external communication</p></li>
<li><p>applying age restrictions to media content and websites (the Communications Alliance has a list of accredited <a href="https://www.commsalliance.com.au/Activities/ispi/fff">family friendly filters</a>) </p></li>
<li><p>monitoring your child’s use of apps or web browsing activities</p></li>
<li><p>when installing apps for children, checking online and talking to other parents about them</p></li>
<li><p>configuring web browsers to use “safe search”</p></li>
<li><p>ensuring children use devices in sight of parents</p></li>
<li><p><a href="https://www.esafety.gov.au/parents/children-under-5/family-tech-agreement">talking to your children</a> about online behaviours.</p></li>
</ul>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/children-can-be-exposed-to-sexual-predators-online-so-how-can-parents-teach-them-to-be-safe-120661">Children can be exposed to sexual predators online, so how can parents teach them to be safe?</a>
</strong>
</em>
</p>
<hr>
<p>While technology can play a part, ensuring children work in an environment where there is (at least periodic) oversight by parents is still an important factor.</p><img src="https://counter.theconversation.com/content/136264/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>The authors do not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and have disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Just as office workers need to be aware of cyber risks when setting up a home office, parents need to think about the increased exposure their children will face to cyber threats at home.Paul Haskell-Dowland, Associate Dean (Computing and Security), Edith Cowan UniversityIsmini Vasileiou, Associate Professor in Information Systems, De Montfort UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1353112020-04-03T05:03:43Z2020-04-03T05:03:43Z‘Zoombombers’ want to troll your online meetings. Here’s how to stop them<figure><img src="https://images.theconversation.com/files/324883/original/file-20200402-74904-xa7m2f.jpg?ixlib=rb-1.1.0&rect=14%2C28%2C1876%2C1043&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">StanWilliams/Pixabay</span>, <span class="license">Author provided</span></span></figcaption></figure><p>“<a href="https://www.nytimes.com/2020/03/20/style/zoombombing-zoom-trolling.html">Zoombombing</a>” in case you haven’t heard, is the unsavoury practice of posting distressing comments, pictures or videos after gatecrashing virtual meetings hosted by the videoconferencing app <a href="https://zoom.us/">Zoom</a>. </p>
<p>With hundreds of millions around the world now reliant on the app for work, this unfortunate trend is becoming more common, <a href="https://www.cbsnews.com/news/zoom-bombing-calls-hacked-racial-slurs-pornography/">often involving a bombardment of pornographic imagery</a>.</p>
<p>In some cases, online trolls have crashed alcohol support group meetings held via the app. “Alcohol is soooo good,” <a href="https://thehill.com/policy/technology/490467-zoom-deeply-upset-after-online-trolls-interrupt-virtual-aa-meetings">the trolls reportedly said</a> to one group of recovering alcoholics. </p>
<p>In another incident, a Massachusetts-based high school teacher conducting an <a href="https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-warns-of-teleconferencing-and-online-classroom-hijacking-during-covid-19-pandemic">online class</a> had someone enter the virtual classroom and shout profanities, before revealing the teacher’s home address. </p>
<h2>Easy targets</h2>
<p>The problem is that Zoom meetings lack password protection. Joining one simply requires a standard Zoom URL, with an automatically generated nine-digit code at the end. A Zoom URL looks something like this: https://zoom.us/j/xxxxxxxxx</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/working-from-home-risks-online-security-and-privacy-how-to-stay-protected-134599">Working from home risks online security and privacy – how to stay protected</a>
</strong>
</em>
</p>
<hr>
<p>Gatecrashers may only have to try a handful of code combinations before successfully landing a victim. The meeting’s host doesn’t need to grant permission for others to join. And while hosts can disable the screen share function, they’d have to be quick. Too slow, and the damage is done. </p>
<p>Last week, Zoom upgraded security on its <a href="https://support.zoom.us/hc/en-us/articles/360041591671-March-2020-Update-to-sharing-settings-for-Education-accounts,">default settings</a>, but only for education accounts. The rest of the world needs to do this manually.</p>
<h2>Video conferencing is incredibly valuable</h2>
<p>Video conferencing technology has matured in recent years, driven by <a href="https://www.theverge.com/2020/4/1/21202584/zoom-security-privacy-issues-video-conferencing-software-coronavirus-demand-response">massive demand</a> even before COVID-19. </p>
<p>With social distancing restriction, virtual meetings are now the norm everywhere. Platforms like Zoom, Microsoft’s Skype and <a href="https://www.uctoday.com/collaboration/video-conferencing/top-10-video-conferencing-providers-2019-whos-king-of-collaboration/">others</a> have stepped up to meet demand.</p>
<p>Zoom is a <a href="https://azure.microsoft.com/en-us/overview/what-is-cloud-computing/">cloud-based</a> service that allows users to freely talk to and share video (if bandwidth allows) with others online. Notes, images and diagrams can also be shared to collaborate on projects. And meetings can have up to <a href="https://zoom.us/pricing">hundreds, even thousands, of participants</a>.</p>
<h2>How to stop the trolls</h2>
<p>Zoom is primarily a corporate collaboration tool that allows people to collaborate without hindrance. Unlike social media platforms, it was not a service that had to engineer ways to manage the bad behaviour of users – until now.</p>
<p>In January, Zoom <a href="https://support.zoom.us/hc/en-us/articles/201361953-New-Updates-for-Windows">issued a raft of security patches</a> to fix some problems.
If you get a prompt from Zoom to install updates, you should – but only if these updates are from Zoom’s own app and website, or via updates from Google Play or Apple’s App Store. Third-party downloads may contain malware (software designed to cause harm).</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/coronavirus-could-spark-a-revolution-in-working-from-home-are-we-ready-133070">Coronavirus could spark a revolution in working from home. Are we ready?</a>
</strong>
</em>
</p>
<hr>
<p>While up-to-date software is your first line of defence, another is to keep your meeting URL away from public forums such as Twitter. Anyone with meeting’s URL can join, after which they’re free to post comments, pictures and videos at will. If you’re hosting a meeting that gets Zoombombed, disable the “screen sharing” option as quickly as possible. </p>
<p>Another option for more security is to use the “waiting room” function. This makes people wanting to join visible to the host, but keeps them out of the main meeting until they’re allowed in. This option is turned off by default. You can enable it by signing-in to your Zoom account at <em><a href="https://zoom.us/">https://zoom.us/</a></em> and clicking “Settings”. </p>
<p>Other tips:</p>
<ul>
<li><p>ensure screen sharing is possible for the host only</p></li>
<li><p>turn off the function that allows file transfer</p></li>
<li><p>turn off the “allow removed participants to rejoin” setting</p></li>
<li><p>turn off the “join before host” setting</p></li>
<li><p>turn on the “require a password” setting for meetings.</p></li>
</ul>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/XhZW3iyXV9U?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
<figcaption><span class="caption">This video explains the ins and outs of setting up a safe Zoom session.</span></figcaption>
</figure>
<h2>Who are the trolls?</h2>
<p>With many Zoomombing attacks being on educational institutions, it’s likely a large number of these trolls are simply mischievous students who obtain meeting URLs from other students or chatrooms. </p>
<p>But zoombombing is by no means restricted to the classroom. With the world in lockdown, extremists of all kinds are finding ways to relieve their confinement frustration. We’ve known for some time that being able to operate anonymously on the web <a href="https://www.psychologicalscience.org/observer/who-is-that-the-study-of-anonymity-and-behavior">does not bring out the best in people</a>. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/dark-web-not-dark-alley-why-drug-sellers-see-the-internet-as-a-lucrative-safe-haven-132579">Dark web, not dark alley: why drug sellers see the internet as a lucrative safe haven</a>
</strong>
</em>
</p>
<hr>
<p>At present, it doesn’t appear Zoombombing is an organised criminal activity. That said, it’s probably only a matter of time before someone finds a way to leverage financial reward from the practice. This could take the form of business intelligence gleaned from listening in to the meetings of rivals and competitors, in a similar fashion to planting a “bug” in the room. </p>
<p>Similarly, we could see a black market for Zoom URLs emerge among professional hackers, who would have new incentives to hack various systems to obtain valuable URLs. </p>
<p>Cybersecurity experts, privacy advocates, lawmakers and law enforcement are all <a href="https://www.theverge.com/2020/4/1/21202584/zoom-security-privacy-issues-video-conferencing-software-coronavirus-demand-response">concerned</a> Zoom’s default privacy settings don’t do enough to protect users from malicious actors. </p>
<h2>The bottom line</h2>
<p>As the COVID-19 pandemic leads the world to do their work online in isolation, the technology that allows this freedom must come under close scrutiny. </p>
<p>Zoombombing is progressing from a student prank to <a href="https://www.adl.org/blog/what-is-zoombombing-and-who-is-behind-it">more serious</a> incidents of <a href="https://www.buzzfeednews.com/article/salvadorhernandez/zoom-coronavirus-racist-zoombombing">racist, sexist</a> and <a href="https://www.huffingtonpost.com.au/entry/nazi-zoombombing-jewish-yeshiva-university_n_5e84f704c5b692780506d519?ri18n=true">anti-semitic</a> hate speech.</p>
<p>Fortunately, safeguards aren’t difficult to build into such videoconferencing technologies. This just requires a willingness to do so, and needs to be done as a matter of urgency.</p><img src="https://counter.theconversation.com/content/135311/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>David Tuffley does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>‘Zoombombing’ trolls have started to infiltrate virtual meetings - bombarding unsuspecting victims with racist and sexist speech and in some cases, pornographic imagery.David Tuffley, Senior Lecturer in Applied Ethics & CyberSecurity, Griffith UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1337782020-03-24T05:12:37Z2020-03-24T05:12:37Z‘Click for urgent coronavirus update’: how working from home may be exposing us to cybercrime<p>Apart from the obvious health and economic impacts, the coronavirus also presents a major opportunity for cybercriminals. </p>
<p>As <a href="https://www.abc.net.au/life/coronavirus-covid-19-mental-health-working-from-home-advice/12062284">staff across sectors</a> and <a href="https://www.brisbanetimes.com.au/national/queensland/uq-suspends-teaching-for-one-week-amid-escalating-coronavirus-concerns-20200316-p54ada.html">university students</a> shift to working and studying from home, large organisations are at increased risk of being targeted. With defences down, companies should go the extra mile to protect their business networks and employees at such a precarious time. </p>
<p>Reports suggest hackers are already exploiting remote workers, luring them into <a href="https://www.abc.net.au/news/science/2020-03-23/coronavirus-phishing-scams-emails-texts-australians-vulnerable/12079486">online scams</a> masquerading as important information related to the pandemic. </p>
<p>On Friday, the Australian Competition and Consumer Commission’s <a href="https://www.scamwatch.gov.au/news/warning-on-covid-19-scams">Scamwatch reported</a> that since January 1 it had received 94 reports of coronavirus-related scams, and this figure could rise.</p>
<p>As COVID-19 causes a spike in telework, teleheath and online education, cybercriminals have fewer hurdles to jump in gaining access to networks.</p>
<h2>High-speed access theft</h2>
<p>The National Broadband Network’s infrastructure has afforded many Australians access to higher-speed internet, compared with <a href="https://computer.howstuffworks.com/dsl.htm">DSL connections</a>. Unfortunately this also gives cybercriminals high-speed access to Australian homes, letting them rapidly extract personal and financial details from victims. </p>
<p>The shift to working from home means many people are using home computers, instead of more secure corporate-supplied devices. This provides criminals relatively easy access to corporate documents, trade secrets and financial information.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/whats-your-it-departments-role-in-preventing-a-data-breach-25821">What's your IT department's role in preventing a data breach?</a>
</strong>
</em>
</p>
<hr>
<p>Instead of attacking a corporation’s network, which would likely be secured with advanced cybersecurity countermeasures and tracking, they now simply have to locate and attack the employee’s home network. This means less chance of discovery. </p>
<h2>Beware cryptolocker attacks</h2>
<p><a href="https://usa.kaspersky.com/resource-center/definitions/cryptolocker">Cryptolocker-based attacks</a> are an advanced cyberattack that can bypass many traditional countermeasures, including <a href="https://www.techradar.com/au/best/best-antivirus">antivirus software</a>. This is because they’re designed and built by advanced cybercriminals. </p>
<p>Most infections from a cryptolocker virus happen when people open unknown attachments, sent in malicious emails.</p>
<p>In some cases, the attack can be traced to nation state actors. One example is the infamous <a href="https://techcrunch.com/2019/05/12/wannacry-two-years-on/">WannaCry cyberattack</a>, which deployed <a href="https://www.avg.com/en/signal/what-is-malware">malware</a> (software designed to cause harm) that encrypted computers in more than 150 countries. The hackers, supposedly from North Korea, demanded cryptocurrency in exchange for unlocking them. </p>
<p>If an employee working from home accidentally activates cryptolocker malware while browsing the internet or reading an email, this could first take out the home network, then spread to the corporate network, and to other attached home networks. </p>
<p>This can happen if their device is connected to the workplace network via a <a href="https://computer.howstuffworks.com/vpn.htm">Virtual Private Network (VPN)</a>. This makes the home device an extension of the corporate network, and the virus can bypass any advanced barriers the corporate network may have. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/hackers-are-now-targeting-councils-and-governments-threatening-to-leak-citizen-data-126190">Hackers are now targeting councils and governments, threatening to leak citizen data</a>
</strong>
</em>
</p>
<hr>
<p>If devices are attached to a network that has been infected and not completely cleaned, the contaminant can rapidly spread again and again. In fact, a single device that isn’t cleaned properly can cause millions of dollars in damage. This happened during the <a href="https://www.csoonline.com/article/3233210/petya-ransomware-and-notpetya-malware-what-you-need-to-know-now.html">2016 Petya and NotPetya malware attack</a>. </p>
<h2>Encryption: not a cryptic concept</h2>
<p>On the bright side, there are some steps organisations and employees can take to protect their digital assets from opportunistic criminal activity.</p>
<p><a href="https://medium.com/searchencrypt/what-is-encryption-how-does-it-work-e8f20e340537">Encryption</a> is a key weapon in this fight. This security method protects files and network communications by methodically “scrambling” the contents using an algorithm. The receiving party is given a key to unscramble, or “decrypt”, the information. </p>
<p>With remote work booming, encryption should be enabled for files on <a href="https://www.pcworld.com/article/2858642/you-can-encrypt-your-hard-drive-but-the-protection-may-not-be-worth-the-hassle.html">hard drives</a> and <a href="https://us.norton.com/internetsecurity-how-to-encrypt-a-flash-drive.html">USB sticks</a> that contain sensitive information. </p>
<p>Enabling encryption on a <a href="https://support.microsoft.com/en-au/help/4028713/windows-10-turn-on-device-encryption">Windows</a> or <a href="https://support.apple.com/en-us/HT204837">Apple</a> device is also simple. And don’t forget to backup your encryption keys when prompted onto a USB drive, and store them in a safe place such as a locked cabinet, or off site. </p>
<h2>VPNs help close the loop</h2>
<p>A <a href="https://us.norton.com/internetsecurity-privacy-safe-vpn.html">VPN should be used</a> at all times when connected to WiFi, even at home. This tool helps mask your online activity and location, by routing outgoing and incoming data through a secure “virtual tunnel” between your computer and the VPN server.</p>
<p>Existing WiFi access protocols (<a href="https://www.tutorialspoint.com/wi-fi/wifi_access_protocols.htm">WEP, WPA, WPA2</a>) are insecure when being used to transmit sensitive data. Without a VPN, cybercriminals can more easily intercept and retrieve data. </p>
<p>VPN is already functional in <a href="https://www.windowscentral.com/how-manually-configure-vpn-windows-10">Windows</a> and <a href="https://support.apple.com/en-au/guide/mac-help/mchlp2963/10.15/mac/10.15">Apple</a> devices. Most reputable antivirus internet protection suites incorporate them. </p>
<p>It’s also important that businesses and organisations encourage remote employees to use <a href="https://www.pcworld.com/article/3219792/best-antivirus-for-windows-pc.html">the best malware and antiviral protections</a> on their home systems, even if this comes at the organisation’s expense. </p>
<h2>Backup, backup, backup</h2>
<p>People often backup their files on a home computer, personal phone or tablet. There is significant risk in doing this with corporate documents and sensitive digital files.</p>
<p>When working from home, sensitive material can be stored in a location unknown to the organisation. This could be <a href="https://computer.howstuffworks.com/cloud-computing/cloud-storage.htm">a cloud location</a> (such as iCloud, Google Cloud, or Dropbox), or via backup software the user owns or uses. Files stored in these locations may not protected under Australian laws.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/how-we-can-each-fight-cybercrime-with-smarter-habits-36686">How we can each fight cybercrime with smarter habits</a>
</strong>
</em>
</p>
<hr>
<p>Businesses choosing to save files on the cloud, on an external hard drive or on a home computer need to identify backup regimes that fit the risk profile of their business. Essentially, if you don’t allow files to be saved on a computer’s hard drive at work, and use the cloud exclusively, the same level of protection should apply when working from home. </p>
<p>Appropriate backups must observed by all remote workers, along with standard cybersecurity measures such as firewall, encryption, VPN and antivirus software. Only then can we rely on some level of protection at a time when cybercriminals are desperate to profit.</p><img src="https://counter.theconversation.com/content/133778/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Craig Valli works for Edith Cowan University and Cyber Security CRC. He has received project funding from the European Union FP7 and H2020 programs and from Australian Government programs. Craig is also a Fellow of the Australian Computer Society and member of AISA, IEEE and HTCIA.</span></em></p>Instead of going after large corporate networks, which often have multiple defenses, cybercriminals can now simply target people’s home networks.Craig Valli, Director of ECU Security Research Institute, Edith Cowan UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1206612019-08-26T19:58:14Z2019-08-26T19:58:14ZChildren can be exposed to sexual predators online, so how can parents teach them to be safe?<figure><img src="https://images.theconversation.com/files/288014/original/file-20190814-136230-1bgob5.jpg?ixlib=rb-1.1.0&rect=8%2C0%2C5982%2C3970&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Children are gaining online access at younger and younger ages.</span> <span class="attribution"><span class="source">from shutterstock.com</span></span></figcaption></figure><p>Many teenagers use mobile phones and social media <a href="https://www.pewinternet.org/2015/04/09/teens-social-media-technology-2015/">almost constantly</a>. And children are <a href="https://www.pewinternet.org/2010/12/01/is-the-age-at-which-kids-get-cell-phones-getting-younger/">gaining access</a> to these devices and platforms at increasingly younger ages.</p>
<p>This is a challenge for parents who need to keep up with their children’s use, the evolution of devices, and how this changes how they have to parent.</p>
<p><a href="https://dl.acm.org/citation.cfm?doid=2818048.2819928" title="Managing Expectations: Technology Tensions among Parents and Teens">Studies show</a> parents feel anxious and lack sufficient knowledge about their children’s use of devices. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/how-to-make-good-arguments-at-school-and-everywhere-else-121305">How to make good arguments at school (and everywhere else)</a>
</strong>
</em>
</p>
<hr>
<p>They’re worried about their children being exposed to <a href="https://dl.acm.org/citation.cfm?doid=3171581.3134699" title="'No Telling Passcodes Out Because They're Private': Understanding Children's Mental Models of Privacy and Security Online">sexual images</a> and messages online. They’re anxious their children could provide <a href="https://www.sciencedirect.com/science/article/pii/S074756321630824X" title="Teenagers' perception of risk behaviors regarding digital technologies">personal information</a> to a stranger or, worse, <a href="https://d1e2bohyu2u2w9.cloudfront.net/education/sites/default/files/tlr_component/common_sense_education_digital_citizenship_research_backgrounder.pdf">develop a relationship with a stranger online</a> whom they might meet in person.</p>
<p>When parents try to restrict their children’s online interactions, children usually find a way around it. Instead, parents should have conversations with children from a young age about cybersecurity. This will help them develop the skills they need to be safe online.</p>
<h2>What are children exposed to?</h2>
<p>Social networking – which includes interactions through gaming, as well as texting and social media – brings with it exciting opportunities and unique risks. </p>
<p><a href="https://variety.com/2018/gaming/news/roblox-little-girl-avatar-raped-1202865698/">Online gaming</a> presents unique dangers because user-generated games (where content is developed by gamers on platforms such as <a href="https://www.roblox.com/">Roblox</a>) are not regulated. This means children can be exposed to inappropriate sexualised and violent content. </p>
<p><a href="https://www.stopbullying.gov/cyberbullying/kids-on-social-media-and-gaming/index.html">Children</a> are vulnerable when they interact with other users on social media, in chat rooms and within gaming. This could involve <a href="https://journals.sagepub.com/doi/10.1177/0022427815599426" title="Online Sexual Solicitation of Minors: How Often and between Whom Does It Occur?">grooming</a> by a sexual predator either to meet in person or send <a href="https://esafety.gov.au/parents/big-issues/unwanted-contact">sexually explicit images</a>.</p>
<p>A report, <a href="https://www.esafety.gov.au/-/media/cesc/esafety-corporate/research/esafetyresearchparentingdigitalage.pdf">Latest Research: Parenting in the Digital Age</a> by the <a href="https://www.esafety.gov.au/about-the-office/research-library">Office of the eSafety Commissioner</a>, found 24% of 8-17-year-olds met someone in real life after initial online encounters. </p>
<p>While the study by the eSafety Commissioner found children and teenagers usually attempted to assess the danger of meeting someone unknown face-to-face, such as by looking for similar interests and ensuring there was no sexual content in the online communication, sexual predators use deceptive tactics to lure their victims into meeting in person.</p>
<p>Another <a href="https://www.esafety.gov.au/-/media/cesc/documents/corporate-office/youth_and_gaming_doc.docx" title="State of play – youth and online gaming">Australian study</a> found half of children played online games with someone they didn’t know. Boys were more likely to do so than girls.</p>
<h2>How do children deal with online situations?</h2>
<p>Research has been mixed on how young people manage cybersecurity risks. </p>
<p>One <a href="https://www.tandfonline.com/doi/abs/10.1080/00909882.2016.1248465" title="‘Adults don’t understand’: exploring how teens use dialectical frameworks to navigate webs of tensions in online life">study</a> found that children who are at least 11 years old seem to have some awareness of the consequences of online interactions. They use safety measures including removing comments, tags and images and blocking and deleting content when interacting online. They also rarely use photos of themselves and disable their geolocations to protect their identities.</p>
<p>But children also engage in risky behaviours such as <a href="https://www.esafety.gov.au/state-of-play-social-media-usage">sharing passwords</a> and contacting strangers. <a href="https://www.tandfonline.com/doi/full/10.1080/0144929X.2016.1181210" title="An open book on Facebook? Examining the interdependence of adolescents’ privacy regulation strategies">Some findings indicated</a> the more teens use social media sites, the more they tend to disclose personal information.</p>
<p>In <a href="https://www.jstor.org/stable/26273881" title="Middle School Students’ Social Media Use">one US study</a>, researchers asked nearly 600 students aged 11-13 about cybersafety. The results indicated 40% accepted friend requests from people they do not know, and they were more concerned with protecting their personal information from parents than strangers online. </p>
<p>Several studies found children think parental restrictions are <a href="https://www.tandfonline.com/doi/abs/10.1080/1369118X.2016.1261169" title="Youth interaction with online strangers: experiences and reactions to unknown people on the Internet">intrusive</a> and invade their privacy. This includes teens feeling <a href="https://link.springer.com/chapter/10.1007%2F978-3-030-21905-5_1" title="Examining Parent Versus Child Reviews of Parental Control Apps on Google Play">disrespected</a> and even stalked by their parents, which leads to a loss of trust.</p>
<h2>What can parents do?</h2>
<p>Restricting children’s online use is unhelpful. Parents should talk to their children about healthy and age-appropriate online interactions.</p>
<p>This includes avoiding disclosing personal information (real name, date of birth, phone number, address, school, or pictures that reveal such information). Parents should provide guidance and explain the consequences of online dangers to their children in a way that does not instil fear but explains their concern. </p>
<p>Parents should talk to their children about online risk and safety behaviours from a <a href="https://dl.acm.org/citation.cfm?doid=3171581.3134699" title="'No Telling Passcodes Out Because They're Private': Understanding Children's Mental Models of Privacy and Security Online">young age</a>, as soon as they start using online games and engaging on social media sites, to help them build a stronger foundation for their <a href="https://dl.acm.org/citation.cfm?doid=3171581.3134699" title="'No Telling Passcodes Out Because They're Private': Understanding Children's Mental Models of Privacy and Security Online">transition to adolescence</a>. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/dont-fall-for-it-a-parents-guide-to-protecting-your-kids-from-online-hoaxes-113179">Don't fall for it: a parent's guide to protecting your kids from online hoaxes</a>
</strong>
</em>
</p>
<hr>
<p>Teenagers who have frequent conversations with their parents have a <a href="https://www.sciencedirect.com/science/article/pii/S0747563215300741" title="Adolescents' privacy concerns and information disclosure online: The role of parents and the Internet">greater awareness of online risks</a>.</p>
<p>Children deserve to play online games and participate on social media, but still be protected from harm. Internet technology does have many advantages, including connecting people through social networking, education and recreation. With caution and open communication, the risks can be managed together. </p>
<p>When children are supported and can discuss safety strategies with their parents, they’re more likely to reach out when something happens that makes them feel unsure or uncomfortable about certain online interactions.</p><img src="https://counter.theconversation.com/content/120661/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Marika Guggisberg does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Parents should have conversations with children from a young age about cybersecurity if they’re to develop the skills needed to be safe online.Marika Guggisberg, Lecturer, Domestic and Family Violence, CQUniversity AustraliaLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1184012019-06-13T20:15:53Z2019-06-13T20:15:53Z6 actions Australia’s government can take right now to target online racism<figure><img src="https://images.theconversation.com/files/279275/original/file-20190613-32342-1sxolha.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Paul Fletcher, Australia's recently appointed minister for communications, cyber safety and the arts, says he wants to make the internet safe for everyone. </span> <span class="attribution"><a class="source" href="https://unsplash.com/photos/QsOEYVZvUiI">Markus Spiske / unsplash</a>, <a class="license" href="http://creativecommons.org/licenses/by/4.0/">CC BY</a></span></figcaption></figure><p>Paul Fletcher was recently appointed as Australia’s Minister for Communications, Cyber Safety and the Arts. </p>
<p>One of his <a href="https://www.paulfletcher.com.au/media-releases/media-release-fletcher-deeply-honoured-to-be-appointed-minister-for-communications">stated priorities</a> is to:</p>
<blockquote>
<p>continue the Morrison Government’s work to make the internet a safer place for the millions of Australians who use it every day. </p>
</blockquote>
<p>Addressing <a href="https://theconversation.com/racism-in-a-networked-world-how-groups-and-individuals-spread-racist-hate-online-109072">online racism</a> is a vital part of this goal. </p>
<p>And not just because racism online is hurtful and damaging – which it is. This is also important because sometimes online racism spills into the real world with deadly consequences. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/explainer-trial-of-alleged-perpetrator-of-christchurch-mosque-shootings-115041">Explainer: trial of alleged perpetrator of Christchurch mosque shootings</a>
</strong>
</em>
</p>
<hr>
<p>An Australian man brought up in the Australian cyber environment is the <a href="https://theconversation.com/explainer-trial-of-alleged-perpetrator-of-christchurch-mosque-shootings-115041">alleged murderer of 50 Muslims at prayer</a> in Christchurch. Planning and live streaming of the event took place on the internet, and across international boundaries. </p>
<p>We must critically assess how this happened, and be clearheaded and non-ideological about actions to reduce the likelihood of such an event happening again. </p>
<p>There are six steps Australia’s government can take. </p>
<h2>1. Reconsider international racism convention</h2>
<p>Our government should remove its reservation on Article 4 of the International Convention on the Elimination of All Forms of Racial Discrimination (<a href="https://www.ohchr.org/en/professionalinterest/pages/cerd.aspx">ICERD</a>). </p>
<p>In 1966 Australia <a href="https://www.humanrights.gov.au/our-work/race-discrimination/guide-law-international-convention-elimination-all-forms-racial#1">declined to sign up</a> to Article 4(a) of the ICERD. It was the only country that had signed the ICERD while deciding to <a href="https://treaties.un.org/Pages/ViewDetails.aspx?src=IND&mtdsg_no=IV-2&chapter=4&lang=en#EndDec">file a reservation on Article 4(a)</a>. It’s this section that mandates the criminalisation of race hate speech and racist propaganda. </p>
<p>The ICERD entered into Australian law, minus Article 4(a), through the 1975 Racial Discrimination Act (<a href="https://www.legislation.gov.au/Details/C2014C00014">RDA</a>). </p>
<p>Article 4 concerns, such as they were, would enter the law as “<a href="https://www.humanrights.gov.au/our-work/racial-vilification-law-australia">unlawful</a>” harassment and intimidation, with no criminal sanctions, twenty years later. This occurred through the 1996 amendments that <a href="https://www.abc.net.au/news/2016-09-01/what-is-section-18c-and-why-do-some-politicians-want-it-changed/7806240">produced Section 18 of the RDA</a>, with its right for complainants to seek civil solutions through the Human Rights Commission. </p>
<p>With Article 4 ratified, the criminal law could encompass the worst cases of online racism, and the police would have some framework to pursue the worst offenders.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/explainer-what-is-section-18c-and-why-do-some-politicians-want-it-changed-64660">Explainer: what is Section 18C and why do some politicians want it changed?</a>
</strong>
</em>
</p>
<hr>
<h2>2. Extend international collaboration</h2>
<p>Our government should extend Australia’s participation in the European cybercrime convention by adopting the First Additional Protocol. </p>
<p>In 2001 the Council of Europe opened the <a href="https://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/185">Budapest Convention on Cybercrime</a> to signatories, establishing the first international instrument to address crimes committed over the internet. The add-on <a href="https://www.humanrights.gov.au/our-work/cyber-racism-and-council-europes-reply">First Additional Protocol</a> on criminalisation of acts of a racist and xenophobic nature came into effect in 2002. </p>
<p>Australia’s government – Labor at the time – initially considered including the First Additional Protocol in cyber crime legislation in 2009, and then withdrew it soon after. Without it, our country is limited in the way we collaborate with other country signatories in tracking down cross border cyber racism.</p>
<h2>3. Amend the eSafety Act</h2>
<p>The <a href="https://www.esafety.gov.au/about-the-office/legislation">Enhancing the Online Safety of Australians Act</a> (until 2017 Enhancing the Online Safety of Children Act) established the eSafety Commissioner’s Office to pursue acts which undercut the safe use of the internet, especially through bullying.</p>
<p>The eSafety Act should be amended by Communications Minister Fletcher to extend the options for those harassed and intimidated, to include <a href="http://www.legislation.govt.nz/act/public/2015/0063/latest/whole.html">provisions similar to those found in NZ legislation</a>. In effect this would mean people harassed online could take action themselves, or require the commissioner to act to protect them. </p>
<p>Such changes should be supported by staff able to speak the languages and operate in the cultural frames of those who are the most vulnerable to online race hate. These include Aboriginal Australians, Muslims, Jews and people of African and Asian descent.</p>
<h2>4. Commit to retaining 18C</h2>
<p>Section <a href="http://www5.austlii.edu.au/au/legis/cth/consol_act/rda1975202/s18c.html">18C of the RDA</a>, known as the racial vilification provisions, allows individuals offended or intimidated by online race hate to seek redress. </p>
<p>The LNP government conducted <a href="https://www.theguardian.com/australia-news/2017/mar/30/senate-blocks-governments-changes-to-section-18c-of-racial-discrimination-act">two failed attempts</a> over 2013-2019 to <a href="https://theconversation.com/explainer-what-is-section-18c-and-why-do-some-politicians-want-it-changed-64660">remove or dilute section 18C</a> on grounds of free speech. </p>
<p>Rather than just leaving this dangling into the future, the government should commit itself to retaining 18C. </p>
<p>Even if this does happen, unless Article 4 of the (<a href="https://www.ohchr.org/en/professionalinterest/pages/cerd.aspx">ICERD</a>) is ratified as mentioned above, Australia <a href="https://www.humanrights.gov.au/our-work/7-are-current-regulatory-responses-sufficient-and-appropriate">will still have no effective laws</a> that target online race-hate speech by pushing back against perpetrators. </p>
<p>Legislation <a href="https://theconversation.com/new-livestreaming-legislation-fails-to-take-into-account-how-the-internet-actually-works-114911">introduced by the Australian government in April 2019</a> does make companies such as Facebook more accountable for hosting violent content online, but does not directly target perpetrators of race hate. It’s <a href="https://www.theverge.com/interface/2019/5/31/18646525/facebook-white-supremacist-ban-evasion-proud-boys-name-change">private online groups that can harbour and grow race hate</a> hidden from the law. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/new-livestreaming-legislation-fails-to-take-into-account-how-the-internet-actually-works-114911">New livestreaming legislation fails to take into account how the internet actually works</a>
</strong>
</em>
</p>
<hr>
<h2>5. Review best practice in combating cyber racism</h2>
<p>Australia’s government should conduct a public review of best practice worldwide in relation to combating cyber racism. For example, it could plan for an options paper for public discussion by the end of 2020, and legislation where required in 2021. </p>
<p>European countries have now a good sense of how their <a href="https://www.humanrights.gov.au/our-work/cyber-racism-and-council-europes-reply">protocol on cyber racism has worked</a>. In particular, it facilitates inter-country collaboration, and empowers the police to pursue organised race hate speech as a criminal enterprise.</p>
<p>Other countries such as New Zealand and Canada, with whom we often compare ourselves, have moved far beyond the very limited action taken by Australia. </p>
<h2>6. Provide funds to stop racism</h2>
<p>In conjunction with the states plus industry and civil society organisations, the Australian government should promote and resource “push back” against online racism. This can be addressed by reducing the online space in which <a href="https://www.adl.org/resources/backgrounders/from-alt-right-to-alt-lite-naming-the-hate">racists currently pursue their goals of normalising racism</a>. </p>
<p>Civil society groups such as the <a href="https://ohpi.org.au/">Online Hate Prevention Institute</a> and <a href="https://alltogethernow.org.au/">All Together Now</a>, and interventions like the currently stalled NSW Government program on <a href="https://removehatefromthedebate.com/">Remove Hate from the Debate</a>, are good examples of strategies that could achieve far more with sustained support from the federal government. </p>
<p>Such action characterises many European societies. Another good example is the <a href="https://webfoundation.org/">World Wide Web Foundation (W3F)</a>) in North America, whose <a href="https://webfoundation.org/2018/11/join-us-and-fight-fortheweb/">#Fortheweb campaign</a> highlights safety issues for web users facing harassment and intimidation through hate speech.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/racism-in-a-networked-world-how-groups-and-individuals-spread-racist-hate-online-109072">Racism in a networked world: how groups and individuals spread racist hate online</a>
</strong>
</em>
</p>
<hr>
<h2>Slow change over time</h2>
<p>Speaking realistically, the aim through these mechanisms cannot be to “eliminate” racism, which has deep structural roots. Rather, our goal should be to contain racism, push it back into ever smaller pockets, target perpetrators and force publishers to be far more active in limiting their users’ impacts on vulnerable targets. </p>
<p>Without criminal provisions, infractions of civil law are essentially let “through to the keeper”. The main players know this very well. </p>
<p>Our government has a responsibility to ensure publishers and platforms know what the community standards are in Australia. Legislation and regulation should enshrine, promote and communicate these standards – otherwise the vulnerable remain unprotected, and the aggressors continue smirking.</p><img src="https://counter.theconversation.com/content/118401/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Andrew Jakubowicz with colleagues has received funding from ARC for a project on cyber racism. He has published a book with colleagues through Palgrave Macmillan (2017) "Cyber Racism and Community Resilience". He has received funding from the Australian Human Rights Commission and VicHealth for this research. </span></em></p>Racism online is hurtful and damaging. But it can also spill into the real world with deadly consequences – such as the Christchurch terrorism attack.Andrew Jakubowicz, Emeritus Professor of Sociology, University of Technology SydneyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/945272018-04-17T09:05:05Z2018-04-17T09:05:05ZWith smart cities, your every step will be recorded<figure><img src="https://images.theconversation.com/files/214553/original/file-20180412-543-1i3lnv7.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><a class="source" href="https://pxhere.com/en/photo/1391338">pxhere</a></span></figcaption></figure><p>Modern cities are brimming with objects that <a href="https://theconversation.com/how-to-make-smart-cities-human-again-88453">receive, collect and transmit data</a>. This includes mobile phones but also objects actually embedded into our cities, such as traffic lights and air pollution stations. Even something as simple as <a href="https://www.theguardian.com/sustainable-business/2016/jun/14/internet-of-bins-smart-solar-powered-trashcans-in-colombian-cities">a garbage bin can now be connected to the internet</a>, meaning that it forms part of what is called the internet of things (IoT). A smart city collects the data from these <a href="https://theconversation.com/a-day-in-the-life-of-a-smart-city-commuter-and-why-its-not-so-far-from-reality-78369">digital objects</a>, and uses it to create new products and services that make cities more liveable. </p>
<p>Although they have huge potential to make life better, the possibility of increasingly smarter cities also raises serious privacy concerns. Through sensors embedded into our cities, and the smartphones in our pockets, smart cities will have the power to constantly identify where people are, who they are meeting and even perhaps what they are doing. </p>
<p>Following revelations that 87m people’s Facebook data was allegedly breached and used to <a href="https://www.theguardian.com/news/series/cambridge-analytica-files">influence electoral voting behaviour</a>, it is ever more important to properly scrutinise where our data goes and how it is used. Similarly, as more and more critical infrastructure falls victim to cyber-attacks, we need to consider that our cities are not only becoming smarter, they are also becoming more vulnerable to cyber-attacks.</p>
<h2>Smarter cities</h2>
<p>Across the world, cities are rapidly becoming smarter. Cities as different as <a href="http://www.ioti.com/smart-cities/world-s-5-smartest-cities">Singapore, London and San Francisco</a> use technologies such as urban sensing (which captures how people interact with each other and their surroundings), geo-tracking (which records the movement of people), and real-time analytics (which processes the vast amount of collected data). Smart cities use these technologies to better manage energy and water supply, reduce contamination and traffic jams, optimise garbage collection routes or help people park their cars. A good example is Chicago’s <a href="https://arrayofthings.github.io/">Array of Things project</a>. </p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/BHrsllHJHeo?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
<figcaption><span class="caption">Chicago’s ‘Array of Things’ project holds huge potential.</span></figcaption>
</figure>
<p>Smart city initiatives don’t just have the potential to help make life more liveable, they can help us better the world. In 2013, the Greek academic Vassilis Kostakos introduced interactive LCD screens which encouraged people waiting at a bus stop to help <a href="https://www.newscientist.com/article/mg21929286-300-use-a-bus-stop-touchscreen-to-kill-time-and-help-out/">identify malaria-infected blood cells</a>. </p>
<h2>Big data and privacy concerns</h2>
<p><a href="https://www.theguardian.com/news/series/cambridge-analytica-files">In the last few months</a>, following the Cambridge Analytica and Facebook revelations, concerns over how companies use accumulated data has grown exponentially. </p>
<p><a href="http://ieeexplore.ieee.org/abstract/document/5231875/?reload=true">Back in 2009, experts were already aware that stakeholders</a> could collect personal information from unaware users. Opaque privacy policies and complex data-sharing agreements allowed companies to bypass data protection law and use collected data for undeclared purposes. </p>
<p>Because of the huge and detailed information collected by internet of things (IoT) devices, smart city projects could lead to similar worries. Take for example, the <a href="http://www.cityware.org.uk/">Cityware</a> project, which demonstrated the possibility of mapping <a href="http://news.bbc.co.uk/1/hi/technology/6949473.stm">not just digital but also physical encounters between Facebook friends</a>. Cityware were able to track the movement and interaction of 30,000 people using their Facebook profile and smartphone bluetooth signals. </p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/214541/original/file-20180412-587-1g4ux96.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/214541/original/file-20180412-587-1g4ux96.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/214541/original/file-20180412-587-1g4ux96.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/214541/original/file-20180412-587-1g4ux96.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/214541/original/file-20180412-587-1g4ux96.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/214541/original/file-20180412-587-1g4ux96.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/214541/original/file-20180412-587-1g4ux96.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Smartphones collect a huge amount of data.</span>
<span class="attribution"><a class="source" href="https://pixabay.com/en/hologram-smartphone-city-2090318/">Kristian Design/Pixabay</a>, <a class="license" href="http://creativecommons.org/licenses/by/4.0/">CC BY</a></span>
</figcaption>
</figure>
<p>Most people tend to underestimate that the smartphone they carry around is a very powerful sensing tool. In order to function, your phone continuously shares data about your location, digital and physical interaction, and more. When this data is matched with further information collected from IoT devices and <a href="https://www.smartgrid.gov/the_smart_grid/smart_grid.html">smart grids</a> – electricity supply networks that rapidly detect and react to local changes in usage – it raises serious implications for people’s privacy and right to self determination. </p>
<p>Just as you give Facebook the right to own anything <a href="https://www.facebook.com/legal/terms">you post on your profile</a>, the data collected by online sensors across smart cities will be owned by a variety of corporations, including internet service providers (ISPs). Last year, the <a href="https://www.nytimes.com/2017/03/29/opinion/how-the-republicans-sold-your-privacy-to-internet-providers.html">US Congress overturned internet privacy protection</a> by granting ISPs the right to sell users’ information, such as browsing history, to third parties.</p>
<p>Once most of your gadgets are connected to the internet, the same objects could inform companies what brands and products you like and how and when you use them. This means that all the data which IoT gadgets will collect, <a href="https://gizmodo.com/the-house-that-spied-on-me-1822429852">whether in your home</a> or in your city, potentially can be sold to third parties. </p>
<h2>Cyber security worries</h2>
<p>As cities get smarter, our digital information becomes even more vulnerable to cyber-attacks. For example, ransomware, which encrypts information and then asks for a ransom to free it, can hit even the biggest data holders, such as <a href="http://www.bbc.com/news/uk-39916778">the UK National Health Service (NHS)</a>.</p>
<p>Stakes are extremely high when viruses hit local authorities. The recent cyber-attack on <a href="https://www.forbes.com/sites/dantedisparte/2018/04/02/cities-held-for-ransom-lessons-from-atlantas-cyber-extortion/#4d5b8c75996b">the city of Atlanta</a> crippled several critical systems across the city, including the police department. Europol’s <a href="https://www.nomoreransom.org/en/index.html">No More Ransom!</a> initiative gives good advice on how to deal with this type of threat. </p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/214544/original/file-20180412-549-3tg4gl.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/214544/original/file-20180412-549-3tg4gl.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/214544/original/file-20180412-549-3tg4gl.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/214544/original/file-20180412-549-3tg4gl.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/214544/original/file-20180412-549-3tg4gl.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/214544/original/file-20180412-549-3tg4gl.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/214544/original/file-20180412-549-3tg4gl.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Atlanta suffered ransomware attacks in 2018.</span>
<span class="attribution"><a class="source" href="https://pixabay.com/en/atlanta-georgia-city-cities-1584094/">Pixabay</a>, <a class="license" href="http://creativecommons.org/licenses/by/4.0/">CC BY</a></span>
</figcaption>
</figure>
<p>Hackers can take control of entire buildings or systems. The power blackout that left more than <a href="https://www.reuters.com/article/us-ukraine-cyber-attack-energy/ukraines-power-outage-was-a-cyber-attack-ukrenergo-idUSKBN1521BA">225,000 people without light in Ukraine in December 2015</a> is an example. Working out who is responsible for a cyber-attack is always challenging but <a href="https://www.reuters.com/article/us-ukraine-crisis-malware/ukraine-to-probe-suspected-russian-cyber-attack-on-grid-idUSKBN0UE0ZZ20151231">Russia was indicated as a potential suspect</a>.</p>
<p>Ultimately, even with these concerns, embedding IoT into cities is a growing trend. To take control of what that means, people need to become better informed and more involved. The business models of stakeholders need to be scrutinised and their use of data needs to be accountable. Most of all, citizens need to be listened to on how they want their cities to develop.</p><img src="https://counter.theconversation.com/content/94527/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Siraj Ahmed Shaikh receives funding from EPSRC and InnovateUK. </span></em></p><p class="fine-print"><em><span>Sara Degli-Esposti does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>As cities get smarter, we need to examine carefully who gets our data and what it is used for.Sara Degli-Esposti, Research Fellow, Coventry UniversitySiraj Ahmed Shaikh, Professor of Systems Security, Coventry UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/918372018-02-22T19:11:58Z2018-02-22T19:11:58ZCombatting online bullying is different for girls and boys: here’s why<figure><img src="https://images.theconversation.com/files/207222/original/file-20180221-5540-xjc874.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">While current interventions offer broad protocols for children and young people, specific guidelines for teenage girls are missing. </span> <span class="attribution"><span class="source">Shutterstock</span></span></figcaption></figure><p>Demands for improving online safety <a href="https://www.theaustralian.com.au/national-affairs/bullying-must-stop-turnbull-grieves-for-dolly-everett/news-story/ebbb86e838e1ef882ab82fac686bb531">continue to capture headlines, often for the worst reasons.</a>. While this outcry has signalled renewed interest in <a href="https://www.brisbanetimes.com.au/lifestyle/life-and-relationships/premier-stands-up-to-bullies-as-queensland-kids-prepare-for-school-return-20180121-p4yyoe.html">“stamping out” cyberbullying</a> and <a href="http://www.dailymail.co.uk/wires/aap/article-5244105/Government-gives-mental-health-110m-boost.html">reinvigorated health and wellbeing protocols</a> for young people, interventions continue to fall behind the fast-paced development of communication devices and <a href="https://www.acma.gov.au/theACMA/engage-blogs/engage-blogs/Research-snapshots/Aussie-teens-and-kids-online">the take-up of new social media by teenagers</a>.</p>
<p>The focus on gender in “next step” interventions is noticeably absent. Intervention protocols have viewed teenage girls’ and boys’ online interaction as more or less the same. This is a mistake. <a href="https://www.teensafe.com/blog/facts-cyberbullying-teen-girls-worst/">Teenage girls</a>, especially those aged 12 to 14, are more likely than any other demographic to <a href="https://www.unisa.edu.au/Global/EASS/EDS/184856%20Anti-bullying%20Report-FINAL-3large.pdf">experience cyberbullying, and anxiety and depression</a> after bullying episodes. </p>
<p>A greater focus on the friendship practices of teenage girls offers possibilities for developing new strategies for reducing <a href="https://theconversation.com/how-cyberbullies-overtly-and-covertly-target-their-victims-90448">cyberbullying</a> among friends.</p>
<h2>Intervention should be tailored</h2>
<p>Online participation <a href="http://www.pewinternet.org/2015/04/09/teens-social-media-technology-2015/">differs significantly</a> for girls and boys. They spend similar amounts of time online and both use technology to search for information, interact with others, and play games. But girls spend more time socialising with friends. </p>
<p>Girls’ online friendships are more visually-oriented than boys. They use social media to post and <a href="http://www.smh.com.au/good-weekend/how-social-media-has-changed-everything-for-teenage-girls-20170118-gttl9x.html">curate personal images</a>, share stories and experiences, seek advice on private matters and appearance, and <a href="http://journal.acce.edu.au/index.php/AEC/article/view/118">plan and organise social events</a>. </p>
<p>These practices place teenage girls at risk for <a href="https://www.acma.gov.au/-/media/mediacomms/Report/pdf/Like-post-share-Young-Australians-experiences-of-social-media-Qualitative-research-report.pdf?la=en">problems associated with bullying</a> such as gossip, name-calling, spreading rumours, <a href="https://doi.org/10.1016/j.chb.2015.10.003">coercion</a>, and <a href="http://journals.sagepub.com/doi/abs/10.1177/1464700113499853">shaming</a>. Unfortunately for girls, online friendships are often filled with the not-always-nice voices of other girls.</p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/207205/original/file-20180221-161920-l896bq.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/207205/original/file-20180221-161920-l896bq.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/207205/original/file-20180221-161920-l896bq.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/207205/original/file-20180221-161920-l896bq.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/207205/original/file-20180221-161920-l896bq.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/207205/original/file-20180221-161920-l896bq.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/207205/original/file-20180221-161920-l896bq.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Negative voices are far too common for young girls online.</span>
<span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/teenage-girl-victim-bullying-by-text-384225016?src=GesUpvRFAoe9fWqsiLmbBw-1-6">Shutterstock</a></span>
</figcaption>
</figure>
<p>While current interventions offer <a href="https://www.esafety.gov.au/esafety-information">broad protocols</a> for children and young people, specific guidelines for teenage girls are missing. </p>
<h2>Girls’ experiences online</h2>
<p>A recent study offers insight into girls’ interactions online. <a href="https://experts.griffith.edu.au/publication/n9728776073243a0984664f3c446fbe60">The study</a> was conducted in two stages. In stage one, 130 year eight girls from Queensland were asked to complete an online survey. The survey asked the girls questions about their online practices, providing several opportunities for them to talk about their online strategies with friends.</p>
<p>From the original group, 16 of the girls participated in online focus groups. Here, the girls watched videos and looked at pictures showing teenage girls experiencing online problems. They discussed the episodes at length, then shared their ideas and experiences in a private journal.</p>
<p>The online strategies and problems discussed by the girls were considered in two ways. First, online friendship practices were compared to established cybersafety protocols. Second, focus group exchanges and shared stories were <a href="http://thecomposingrooms.com/research/reading/2014/goffman_intro.pdf">analysed for examples</a> of what they do online, how they speak to each other, how they manage their online presence, and how they steer clear of online troubles.</p>
<p>These girls adapted online privacy rules and created in-group strategies to build and strengthen friendship connections. While they “wanted to feel safe”, they also wanted friends to see “their stuff”:</p>
<blockquote>
<p>I make up a name and tell my friends so they can look at my profile. I trust my friends to keep my stuff private.</p>
</blockquote>
<p>The girls talked to friends about online troubles:</p>
<blockquote>
<p>I go to my friends with all my problems, especially online ones. I don’t get advice from mum because she is quite old fashioned and doesn’t understand our ideas and humour.</p>
</blockquote>
<p>They did not block or report friends unless problems became critical: </p>
<blockquote>
<p>I try to work it out with someone face-to-face if they’re mean to me before blocking them, unless they are threatening me, then I tell a parent.</p>
</blockquote>
<p>They described friends’ bad behaviour as mean or “bitchy”, not as bullying. Naming events in this way minimised adult intervention and gave them authority to deal with problems themselves:</p>
<blockquote>
<p>They were rumouring about me and I felt really angry but my friends helped me to ignore it. That’s what most girls do cos doing something makes it worse.</p>
</blockquote>
<h2>Competing efforts</h2>
<p>For these girls, online friendship had a social currency that challenged safety protocols. In their determination to uphold friendship ties, they sidestepped privacy settings, used special codes and symbols, and created secret languages to open pathways for more intimate sharing. </p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/207210/original/file-20180221-161917-1ka5mxo.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/207210/original/file-20180221-161917-1ka5mxo.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/207210/original/file-20180221-161917-1ka5mxo.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/207210/original/file-20180221-161917-1ka5mxo.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/207210/original/file-20180221-161917-1ka5mxo.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/207210/original/file-20180221-161917-1ka5mxo.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/207210/original/file-20180221-161917-1ka5mxo.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">caption.</span>
<span class="attribution"><span class="source">Shutterstock</span></span>
</figcaption>
</figure>
<p>In times of trouble, they went to friends, seeking adult assistance only when things got “really nasty and horrible”. </p>
<p>They did not use bullying language to describe their difficulties. Instead, they used words with less authority or consequence. </p>
<p>Girls’ friendship practices were clearly out of sync with adult efforts to keep them safe.</p>
<h2>Reframing intervention</h2>
<p>Current cybersafety interventions need to be changed to help teenage girls safely negotiate friendships online. </p>
<p>Sophisticated strategies for sharing intimate information with friends such as using language and symbols with less obvious meaning is a good starting point. Establishing girl-friendly reporting schemes is urgent. Encouraging the use of self-help resources designed by girls, such as informational websites, safety checklists and social media apps, is critical. </p>
<p>Efforts to recognise the focus of gender in safety narratives is very important. Ideas, routines, and discourses shaping cybersafety policy need to tell the gender story. One that changes the signs of danger for both girls and boys, probes issues from different angles, and addresses ingrained assumptions about bullying behaviour.</p><img src="https://counter.theconversation.com/content/91837/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Roberta Thompson does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Because teenage boys and girls behave differently online, girls are more at risk for cyberbullying, and intervention needs to take this into account.Roberta Thompson, PostDoc Research Fellow investigating teenage girls' social media practice., Griffith UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/876192017-12-07T19:15:16Z2017-12-07T19:15:16ZHow parents and teens can reduce the impact of social media on youth well-being<figure><img src="https://images.theconversation.com/files/196434/original/file-20171127-2046-ztyc82.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Engaging with your teen's online world will make it easier to have difficult conversations about some of the risks and ways to manage them. </span> <span class="attribution"><span class="source">Shutterstock</span></span></figcaption></figure><p>Knowing how to navigate the online social networking world is crucial for parents and teens. Being educated and talking about online experiences can help reduce any negative impacts on youth mental health and well-being. </p>
<p>The Australian Psychology Society (<a href="http://www.psychology.org.au/">APS</a>) recently released a <a href="http://compassforlife.org.au/wp/wp-content/uploads/2017/11/2017-APS-Digital-Me-survey-report.pdf">national survey</a> looking at the impact of technology and social media on the well-being of Australians. </p>
<p>Around 1,000 adults over the age of 18 and 150 young people aged 14-17 years took part. The survey found more than three in four young people (78.8%) and more than half of all adults (54%) were highly involved with their mobile phones. Young people are reportedly using social media for an average of 3.3 hours each day, on five or more days of the week.</p>
<hr>
<p><iframe id="fKiRv" class="tc-infographic-datawrapper" src="https://datawrapper.dwcdn.net/fKiRv/4/" height="400px" width="100%" style="border: none" frameborder="0"></iframe></p>
<hr>
<p>The vast majority of adults and teenagers reported their screens and social media accounts were a positive part of their lives. Many use social media channels to connect with family, friends and to entertain themselves.</p>
<h2>Too much social media use can effect self-esteem</h2>
<p>Despite social media playing a positive role for most, the <a href="http://compassforlife.org.au/wp/wp-content/uploads/2017/11/2017-APS-Digital-Me-survey-report.pdf">survey found</a> the high use of social media and technology can have a negative impact on youth self-esteem. Two in three young people feel pressure to look good and nearly a third of youth have been bullied online. Nearly half (42%) of frequent users look at social media in bed before sleeping. </p>
<p>The survey also found 15% of teenagers reported being approached by strangers on a daily basis through their online world.</p>
<p>Around 60% of parents never monitor their teen’s social media account and are wrestling their own issues about how much is too much screen time. Most are unsure of how to provide good guidance of appropriate social media use with their teens.</p>
<hr>
<p><iframe id="QGQv2" class="tc-infographic-datawrapper" src="https://datawrapper.dwcdn.net/QGQv2/2/" height="400px" width="100%" style="border: none" frameborder="0"></iframe></p>
<hr>
<h2>Engage with your teen’s online world</h2>
<p>Parents and teens need to be <a href="https://aifs.gov.au/cfca/publications/online-safety">informed</a> about engaging with the online world. Parents can ask their teen to show them how they use social media and what it is. Try to navigate the social world together, rather than acting as a supervisor. Ask your teen to help you understand how they use the internet so you can make good decisions about social media use together.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/the-way-your-children-watch-youtube-is-not-that-surprising-but-it-is-a-concern-here-are-some-tips-87597">The way your children watch YouTube is not that surprising – but it is a concern. Here are some tips</a>
</strong>
</em>
</p>
<hr>
<p>Here are a few tips to connect with your teen’s online world:</p>
<ul>
<li><p>Together with your teen visit their social media channels. Take a look at what your teen is posting online. Check out their favourites and which YouTube channels they are subscribed to. Favourites and subscriptions can give you clues about what they’re watching on the site</p></li>
<li><p>Ask your teen to create playlists of their favourite videos, while you create your own. Then, sit and watch them together. You can see what they’re watching, and it gives them an opportunity to share what they enjoy online with you</p></li>
<li><p>Make using the internet together a game. For example, you can guess what kinds of videos are popular in a particular place and use the “advanced search” function to see videos only in that location. </p></li>
</ul>
<h2>Difficult conversations about social media</h2>
<p>An important step in navigating the risks of social networking is to have ongoing conversations about social media use with your teens. If you’re already engaged in your teen’s online world, it will be easier to have difficult conversations about some of the risks and ways to manage them. </p>
<p>Many people believe internet browsing is anonymous. Educate your teen about their <a href="https://www.betterhealth.vic.gov.au/health/healthyliving/internet-safety-for-children">digital reputation</a>. Whenever your teen visits a website, shares content, posts something on a blog or uploads information, they’re adding to their <a href="https://www.betterhealth.vic.gov.au/health/healthyliving/internet-safety-for-children">digital footprint</a>. </p>
<p>This information can be gathered under their real name and possibly accessed by future employers or marketing departments. This can happen without you or your teen knowing. <a href="https://www.esafety.gov.au/esafety-information/esafety-issues/social-networking">Protecting your personal information</a> and knowing it’s not truly anonymous are important conversations to have together. </p>
<p><a href="http://kidshealth.org/en/parents/cyberbullying.html">Cyberbullying</a> can occur if online users try to intimidate, exclude or humiliate others online through abusive texts or emails, hurtful messages, images or videos, or online gossip and chat. Let your teen know to try not to retaliate or respond, and to speak to a trusted adult right away. Aim to <a href="https://www.esafety.gov.au/esafety-information/esafety-issues/cyberbullying">block the bully and report the behaviour</a> to the social media platform. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/blocking-kids-from-social-media-wont-solve-the-problem-of-cyberbullying-66280">Blocking kids from social media won't solve the problem of cyberbullying</a>
</strong>
</em>
</p>
<hr>
<p>Create a <a href="https://www.healthychildren.org/English/media/Pages/default.aspx">family media plan</a> to help manage social media use with options to create different guidelines for each teen. In the plan, promote <a href="http://www.apa.org/helpcenter/digital-guidelines.aspx">healthy technology use habits</a> with your teen. This includes not using technology too close to bed time. </p>
<p><a href="https://www.ncbi.nlm.nih.gov/pubmed/23320870">Research shows</a>using technology at night can have a <a href="https://www.ncbi.nlm.nih.gov/pubmed/26789207">negative impact</a> on <a href="http://www.sciencedirect.com/science/article/pii/S0749597814000089">sleep quality</a>. Try to not to use technology for around 30 minutes to an hour before bedtime. Consider using devices in the living spaces in the house rather <a href="https://theconversation.com/wired-and-tired-why-parents-should-take-technology-out-of-their-kids-bedroom-50406">than in the bedroom </a> when it’s time to go to sleep. </p>
<hr>
<p><em>Here’s some more information on how to <a href="https://www.consumer.ftc.gov/articles/pdf-0001-netcetera_0.pdf">talk to your teens</a> about their internet use, and thriving in an <a href="http://compassforlife.org.au/">online age</a>.</em></p><img src="https://counter.theconversation.com/content/87619/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Christine Grove is a member of the Australian Psychological Society (MAPS). </span></em></p>Parents should ask their teens to show them how they use social media and how it works so they can have conversations about what the risks are and how to reduce them.Christine Grové, Educational Psychologist and Lecturer, Monash UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/693442016-11-28T19:15:37Z2016-11-28T19:15:37ZAboriginal communities embrace technology, but they have unique cyber safety challenges<figure><img src="https://images.theconversation.com/files/147681/original/image-20161128-32046-hai9lq.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Smartphones and other devices are popular in indigenous communities throughout Australia.</span> <span class="attribution"><span class="source">AAP/Dan Peled</span></span></figcaption></figure><p>For many people living in remote Aboriginal communities, mobile devices are the sole means of accessing the internet. However, when the use of mobile devices oversteps social and cultural lines, it can have serious consequences for individuals and their families. </p>
<p>While some people avoid social media and online financial transactions as a protective measure, this can result in new forms of digital exclusion.</p>
<p><a href="http://apo.org.au/resource/cyber-safety-remote-aboriginal-communities-and-towns-interim-report">Our research</a> into online risks, carried out in central Australia and Cape York, reveals unique problems in remote communities, many of which are caused by the sharing of devices.</p>
<p>For instance, some young people are using others’ social media accounts to deliberately overstep cultural authority. Borrowing or taking someone’s phone and transferring credit to another phone without permission is also causing financial hardship, particularly for older people. </p>
<p>The sharing of devices leads to insecure banking, causing some to avoid online banking and Centrelink accounts altogether. It can also mean that text messages are received by people they were not intended for, leading some people to smash phones or destroy SIM cards.</p>
<h2>Consequences</h2>
<p>The consequences of social media communication can be serious in a remote Aboriginal community. </p>
<p>For instance, a young person using someone else’s social media account without the owner’s permission might exacerbate existing inter-family tensions. This can cause conflicts to spread from a group of teens to their adult relatives, causing a “wildfire” of community fights. </p>
<p>Acts that might seem benign in other contexts, like flirting through a dating site, can breach cultural law (“wrong way” relationships), resulting in ostracism with <a href="http://dx.doi.org/10.3127/ajis.v19i0.1174">mental health consequences</a>. </p>
<p>Aboriginal people have systems for dealing with offline transgressions before they get out of hand. But <a href="http://dx.doi.org/10.1111/taja.12091">authority lines may not work</a> where communication is across multiple communities or if elders are absent from social media platforms. </p>
<p>In places where authority is already diminished, unsanctioned acts of recompense can make cyber safety an issue of immediate safety.</p>
<p>Individual protective measures against device theft and account hacking, such as concealing devices in clothing, may ensure cyber safety on one level. But these can also be damaging to kinship relationships as traditional routines of exchange and sharing practices are disrupted. </p>
<p>Community leaders and groups are experimenting with extraordinary measures, including switching off public Wi-Fi hotspots when cyber-bullying incidents threaten to escalate into community violence. Some communities have refused mobile infrastructure altogether.</p>
<h2>Solutions</h2>
<p>While the advent of mobile telephony in remote areas may be creating new problems, mobile phones and internet access are important. Social media is connecting families across vast distances, including with relatives needing to live in town for education or medical reasons. </p>
<p>In the absence of home telephones and internet, mobile phones are often the only means for individuals to access online services, such as e-government sites and internet banking. </p>
<p>Empowering people to use applications such as internet banking could also help overcome the kind of exploitation revealed through the <a href="http://www.adelaidenow.com.au/news/south-australia/general-store-in-mintabie-in-the-apy-lands-took-nearly-1-million-from-local-aborigines-bank-accounts/news-story/4481193f1bc398154408ea93db76b036">“book up” theft</a> in Mintabie, South Australia, in which A$1 million was stolen from local Aboriginal people’s bank accounts by a store keeper.</p>
<p>Paying attention to how different groups use technology can assist in determining how device and platform features evolve in ways that suit everyone.</p>
<p>We found that older people in remote communities and towns need assistance to learn how to set passwords, block people from social media and avoid scams. </p>
<p>However, we are finding that while simple security measures can make a big difference, they are not always failsafe. </p>
<p>“Find my phone” apps can be useful for when a device is “borrowed” and not returned, but the user will need access to a second device to track the first. </p>
<p>Biometric security may assist people to keep their phones from being used by others, but PINs and passwords can generally override these measures, and social pressure to share passwords can mitigate device security. </p>
<p>Further technological measures, such as filtering certain sites, or instituting a “kill switch” on a Wi-Fi network when tensions arise may give the community control, but are not likely to be accepted in larger towns where businesses and tourists rely on and expect internet freedoms.</p>
<p>Finally, we found that the term “cyber safety” is not necessarily recognised in remote communities. Instead, the word for “protection” is favoured, which suggests a far more pro-active set of behaviours, including a social obligation to watch out not only for oneself but for the entire social and family group as well. </p>
<p>While this obligation to defend each other can sometimes escalate instances of online violence in remote communities, it also demands an active rather than passive approach to online risks, a collaboratively defensive attitude that may be key to communities developing their own responses.</p><img src="https://counter.theconversation.com/content/69344/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>This research on cyber safety in remote Aboriginal communities and towns was commissioned by Telstra as part of its 2015-2018 Reconciliation Action Plan. Eleanor Hogan and Indigo Holcombe-James also contributed to the research. Ellie Rennie is a voluntary member of the Australian Communications Consumer Action Network's Independent Grants Panel. She is also a Director of the Community Broadcasting Foundation and a Director of EngageMedia. She receives research funding from the Australian Research Council.</span></em></p><p class="fine-print"><em><span>This research on cyber safety in remote Aboriginal communities and towns was commissioned by Telstra as part of its 2015-2018 Reconciliation Action Plan. Tyson lives on occupied Aboriginal land and is a member of the Aboriginal community, which has never ceded sovereignty. </span></em></p>Cyber safety can mean a different thing for those living in remote Indigenous communities, and it needs to be managed carefully.Ellie Rennie, Deputy Director, Swinburne Institute for Social Research, Swinburne University of TechnologyTyson Yunkaporta, Senior Lecturer Health, Monash UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/643092016-08-29T06:59:35Z2016-08-29T06:59:35ZFactCheck Q&A: what has the Children’s eSafety Commissioner done in its first year to tackle cyberbullying?<figure><img src="https://images.theconversation.com/files/135450/original/image-20160825-30231-oh4g1a.JPG?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Minister for Communications and Arts, Mitch Fifield, speaking on Q&A on August 23, 2016. </span> <span class="attribution"><span class="source">Q&A</span></span></figcaption></figure><p><strong>The Conversation is fact-checking claims made on Q&A, broadcast Mondays on the ABC at 9.35pm. Thank you to everyone who sent us quotes for checking via <a href="http://www.twitter.com/conversationEDU">Twitter</a> using hashtags #FactCheck and #QandA, on <a href="http://www.facebook.com/conversationEDU">Facebook</a> or by <a href="mailto:checkit@theconversation.edu.au">email</a>.</strong></p>
<hr>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/5OTdRBgIa-0?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
<figcaption><span class="caption">Excerpt from Q&A, August 23, 2016.</span></figcaption>
</figure>
<blockquote>
<p>[The Children’s eSafety Commissioner] also is a cop on the beat when it comes to cyberbullying and they’ve investigated about 11,000 cases of cyberbullying. The eSafety Commissioner has the power to direct a social media organisation to take down offensive material and if they don’t, there are penalties of up to $17,000 per day for the social media organisation. <strong>– Minister for Communications and Arts, Mitch Fifield, <a href="http://www.abc.net.au/tv/qanda/txt/s4499755.htm">speaking on Q&A</a>, August 23, 2016.</strong> </p>
</blockquote>
<p>Revelations that boys have been <a href="http://www.smh.com.au/nsw/police-investigate-pornographic-website-targeting-nsw-schoolgirls-20160817-gquo0f.html">sharing pornographic pictures of underage girls online</a> have refocused attention on how best to tackle online harassment, bullying and abuse.</p>
<p>When asked about the issue on Q&A, Communications Minister Mitch Fifield said that the <a href="https://www.esafety.gov.au/about-the-office/role-of-the-office">Office of the Children’s eSafety Commissioner</a> had investigated about 11,000 cases of cyberbullying and can order social media organisations to take down offensive material – or face fines of up to $17,000 per day. </p>
<p>Is that correct?</p>
<h2>Checking the source</h2>
<p>When asked for a source to support his statement, a spokeswoman for the minister pointed to the commissioner’s <a href="https://www.esafety.gov.au/12-month-report/12-month-report-alternative">12-month report</a> and gave more detail on the agency’s capacity to issue penalties.</p>
<p>The spokesperson’s full response can be read <a href="http://theconversation.com/full-response-from-a-spokesperson-for-mitch-fifield-64439">here</a>. </p>
<p>When The Conversation asked the Office of the Children’s eSafety Commissioner how many fines had been issued since the passage of its enabling legislation, a spokesperson for the commissioner said:</p>
<blockquote>
<p>The Office of the children’s eSafety Commissioner handled over 11,000 complaints across its investigation functions, which include prohibited online content and cyberbullying. For more information on this please see our <a href="https://www.esafety.gov.au/about-the-office/newsroom/media-releases/child-sex-abuse-images-mainly-primary-schoolers">media release</a> issued at our 12-month mark. To date we have issued no penalty notices as we have worked collaboratively with our social media partners in getting material removed, without the need for formal powers.</p>
</blockquote>
<p>The commissioner’s website notes that in the 12 months to July 2016, there were 186 complaints of “serious cyberbullying” affecting under 18s, with 71% of these cases targeting girls. 15-year-olds are the primary targets of reported cyberbullying material.</p>
<p>The agency <a href="https://www.esafety.gov.au/12-month-report/12-month-report-alternative">said</a> that reports involved factors such as:</p>
<ul>
<li>73% Nasty comments and/or serious name calling</li>
<li>26% Offensive or upsetting pictures or videos</li>
<li>21% Threats of violence</li>
<li>21% Fake and/or impersonator accounts</li>
<li>7% Hacking of social media accounts</li>
<li>7% Unwanted contact</li>
<li>3% Hate pages</li>
</ul>
<p>In its 12-month report card, the agency <a href="https://www.esafety.gov.au/12-month-report/12-month-report-alternative">said</a>:</p>
<blockquote>
<p>We conducted 11,121 online content investigations and worked with our global partners to remove 7,465 URLs of child sexual abuse material. All items actioned in one to two days.</p>
</blockquote>
<p>Of the child sexual abuse material, 95% of the victims were girls and 5% boys.</p>
<p>So Mitch Fifield’s figures are correct, but he mistakenly conflated the term “cyberbullying” with the Children’s eSafety Commissioner’s full range of investigative responsibilities. </p>
<p>The Office of the Children’s eSafety Commissioner looked at about 11,000 <a href="https://en.wikipedia.org/wiki/Uniform_Resource_Locator">URLs</a> (more commonly known as web addresses) in the last year and removed 7,465 URLs of child sexual abuse material.</p>
<p>It’s inaccurate to describe such cases as “cyberbullying”. In fact, there were 186 complaints of “serious cyberbullying” affecting under 18s in the 12-month period to July 2016.</p>
<h2>Penalties</h2>
<p>The <a href="https://www.legislation.gov.au/Details/C2015A00024/Controls/">legislation</a> that led to the creation of the Office of the Children’s eSafety Commissioner notes that:</p>
<blockquote>
<p>A person must comply with a requirement under a social media service notice to the extent that the person is capable of doing so. Civil penalty: 100 penalty units.</p>
</blockquote>
<p>It is true that the agency has the power to direct social media organisations to take offensive material down and <a href="https://www.legislation.gov.au/Details/C2015A00024/Controls/">issue daily penalties</a> until they do. </p>
<p>That said, Fifield’s figure of up to $17,000 per day is out of date. This figure was accurate when the bill was proposed, but <a href="http://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r5464">a change to the Crimes Act 1914</a> has since increased Commonwealth penalty units from $170 to $180. </p>
<p>The maximum daily penalty is now $18,000. The agency has said it is yet to actually issue any penalties. </p>
<p>Lastly, it is worth noting that Mitch Fifield’s comments on Q&A were in response to a question from the audience about what could be done to afford Australian women more protection from online harassment.</p>
<p>Whilst the questioner asked about adult women, the minister’s response relates to the Children’s eSafety Commissioner, whose powers of investigation are constrained to cases involving young people under the age of 18. </p>
<h2>The scale of cyberbullying and online harassment</h2>
<p>It can be challenging to get a sense of how pervasive cyberbullying or online harassment are, because these terms are quite broad. It encapsulates everything from name-calling to stalking and threats of sexual assault.</p>
<p>A <a href="https://www.communications.gov.au/publications/publications/research-youth-exposure-and-management-cyber-bullying-incidents-australia-synthesis-report-june-2014">2014 study</a> prepared for the Department of Communications estimated that: </p>
<blockquote>
<p>the prevalence for being cyberbullied ‘over a 12-month period’ would be in the vicinity of 20% of young Australians aged 8–17.</p>
</blockquote>
<p>A <a href="http://www.pewinternet.org/2014/10/22/online-harassment/">Pew Internet survey</a> of 2,489 internet users in the United States revealed that 40% of respondents had experienced a form of online harassment. This ranged from offensive name-calling to threats of harm, stalking, sustained and/or sexual harassment. This survey found that young women, in particular, experience severe forms of harassment at disproportionately high levels.</p>
<h2>The Children’s eSafety Commissioner’s supporting roles</h2>
<p>The Office of the eSafety Commissioner provides useful tools, support, and education for people who have been targeted by cyberbullies and online harassers. These resources are helpful and approachable, although they lack the level of
technical detail provided by resources like <a href="https://onlinesafety.feministfrequency.com/en/">Speak Up & Stay Safe(r)</a>, and <a href="http://www.crashoverridenetwork.com/resources.html">Crash Override Network</a>.</p>
<p>The Office has also delivered a range of teaching programs to young people and school teachers, as well as establishing advice and support portals with their <a href="https://www.esafety.gov.au/iparent">iParent</a> and <a href="https://www.esafety.gov.au/women">eSafetyWomen</a> initiatives. </p>
<p>While the Office of the Children’s eSafety Commissioner provides some resources for adults, <a href="https://www.esafety.gov.au/complaints-and-reporting/offensive-and-illegal-content-complaints/what-we-cant-investigate">they do not investigate reports relating to adults</a>. Adults are advised to report to another government initiative, the <a href="https://www.acorn.gov.au">Australian Cybercrime Online Reporting Network (ACORN)</a>.</p>
<p>Finally, the commissioner is also charged with the <a href="https://www.esafety.gov.au/complaints-and-reporting/offensive-and-illegal-content-complaints/what-we-can-investigate">removal of offensive and illegal content</a>, including child sexual abuse material, or gratuitous, exploitative and offensive depictions of violence or sexual violence.</p>
<h2>Verdict</h2>
<p>Mitch Fifield’s statement that the Children’s eSafety Commissioner “investigated about 11,000 cases of cyberbullying” is not accurate. The minister has mistakenly conflated the term “cyberbullying” with the Children’s eSafety Commissioner’s full range of investigative responsibilities. </p>
<p>In fact, the agency conducted 11,121 <em>online content investigations</em> and removed 7,465 URLs of child sexual abuse material. There were 186 complaints of “serious cyberbullying” affecting under 18s in the 12-month period to July 2016.</p>
<p>The minister’s statement that “The eSafety Commissioner has the power to direct a social media organisation to take down offensive material”, and impose fines of up to $17,000 per day for non-cooperation is essentially true, but the figure is outdated. As of <a href="http://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r5464">July 2015</a>, the commissioner can impose fines of up to $18,000 per day. </p>
<p>In practice, the agency is yet to impose any penalties. Organisations have opted to collaborate with the commissioner’s office to take down prohibited content. <strong>– Andrew Quodling</strong> </p>
<hr>
<h2>Review</h2>
<p>The minister is wrong to say there were investigations into 11,000 examples of cyberbullying. In fact, according to the commissioner’s own <a href="https://www.esafety.gov.au/12-month-report/12-month-report-alternative">website</a>, they helped to resolve 186 complaints of serious cyberbullying for under 18s.</p>
<p>And although the commissioner’s office now <a href="https://www.esafety.gov.au/women">provides advice for women</a> as well as children, it only investigates complaints concerning children. </p>
<p>The commissioner’s report <a href="https://www.esafety.gov.au/12-month-report/12-month-report-alternative">says</a> it conducted 11,121 online content investigations and removed 7,465 URLs of child sexual abuse material. This sounds like a lot of investigations, but remember that a single site can house many URLs. </p>
<p>And while the office of the eSafety Commissioner and the minister’s spokesperson both say the agency handled over 11,000 <em>complaints</em>, in fact that does not line up with the language used in the Commissioner’s 12-month report card. </p>
<p>It says it conducted 11,121 content <em>investigations</em>. It is possible that all of these investigations originated as complaints from the public, but it’s also possible some or many were initiated by the office of the commissioner itself or its overseas partners. </p>
<p>The fact that the commissioner’s office received only 186 complaints of cyberbullying means either people don’t realise they can report the bullying to the office, or it’s not as widespread as might be suggested.</p>
<p>I helped conduct a <a href="http://www.criminologyresearchcouncil.gov.au/reports/1516/53-1112-FinalReport.pdf">large research project</a> on sexting and young people in Australia. There were two key findings that might be of interest here - and I do caution that sexting is very different to cyberbullying, but that an image that has been “sexted” can become a tool of a cyberbully. </p>
<p>The first is that sexting is widespread among young people; around 40-50% of 13 to 15 year olds have sent a nude or semi-nude selfie. But most happens consensually and only a small proportion of children who ever receive an image send it to a third party for whom it was not intended. </p>
<p>Also, few participants report being pressured to send an image, although there is a serious gendered double standard in the way girls who send images are treated (and shamed) compared with boys. This is not the way sexting is generally reported but dealing with these facts is important for minimising harm. </p>
<p>Without trying to understate the level of damage that sexting gone wrong (or cyberbullying) can have on young lives, we must stick to the facts and not overcook the danger, nature or prevalence of either. <strong>– Murray Lee</strong></p>
<hr>
<p><div class="callout"> Have you ever seen a “fact” worth checking? The Conversation’s FactCheck asks academic experts to test claims and see how true they are. We then ask a second academic to review an anonymous copy of the article. You can request a check at checkit@theconversation.edu.au. Please include the statement you would like us to check, the date it was made, and a link if possible.</div></p><img src="https://counter.theconversation.com/content/64309/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Murray Lee receives funding from the Australian Institute of Criminology and local government funding.
</span></em></p><p class="fine-print"><em><span>Andrew Quodling does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Communications Minister Mitch Fifield told Q&A that the Children’s eSafety Commissioner has investigated 11,000 cases of cyberbullying and can fine social media firms $17,000 a day. Is that true?Andrew Quodling, PhD candidate researching governance of social media platforms, Queensland University of TechnologyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/641162016-08-19T00:52:39Z2016-08-19T00:52:39Z‘Be careful posting images online’ is just another form of modern-day victim-blaming<figure><img src="https://images.theconversation.com/files/134611/original/image-20160818-12274-1gebubi.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">No-one ever told a victim of identity fraud that they should never have stored their money electronically in the first place.</span> <span class="attribution"><span class="source">shutterstock</span></span></figcaption></figure><p>The <a href="http://www.news.com.au/lifestyle/real-life/news-life/students-from-70-australian-schools-targeted-by-sick-pornography-ring/news-story/53288536e0ce3bba7955e92c7f7fa8da">revelations this week</a> of yet another vile website where men and boys trade in the non-consensual images of women and girls has police and many in the broader Australian public concerned about these harassing behaviours.</p>
<p>Yet some of the media and public discussions of these image-sharing websites and forums also show a disturbing similarity to other examples of sexual harassment or violence against women.</p>
<p>Many, it would seem, are all too ready to <a href="http://www.dailytelegraph.com.au/rendezview/thought-the-brighton-grammar-boys-were-bad-wait-till-you-meet-some-of-the-parents/news-story/25b2c3629606df06ce8a3d0c705ef513">shift the blame towards the victims</a>. Advice circulating via various public statements, <a href="http://www.smh.com.au/queensland/nude-photos-of-hundreds-of-queensland-women-posted-online-20150622-ghuec0.html">media coverage</a> and <a href="https://www.youtube.com/watch?v=DwKgg35YbC4">school-based education resources</a> repeatedly tells girls and young women to “be careful what you share” because these images will be “out there forever”.</p>
<h2>‘Be careful what you share’</h2>
<p>There are several problems with this kind of response.</p>
<p>Perhaps most importantly, such advice contributes to the shaming and humiliation of victims by placing the responsibility back onto them for their humiliation. Feelings of shame and humiliation are common reasons many victims give for not making reports to police about sexual forms of harassment and abuse.</p>
<p>The acting Children’s eSafety Commissioner has called on victims in the most recent case <a href="http://www.theage.com.au/victoria/lilydale-girls-will-swap-police-investigate-pornographic-website-targeting-victorian-schoolgirls-20160817-gquu2a.html">to come forward</a> with information to assist in what may be an <a href="http://www.police.nsw.gov.au/news/latest_releases?sq_content_src=%2BdXJsPWh0dHBzJTNBJTJGJTJGZWJpenByZC5wb2xpY2UubnN3Lmdvdi5hdSUyRm1lZGlhJTJGNTY0MDMuaHRtbCZhbGw9MQ%3D%3D">international child-exploitation material investigation</a>. So, avoiding sentiments that may further marginalise victims is particularly important.</p>
<p>Advice to victims “not to share intimate or private images” is also problematic. It obscures the variety of methods that harassers use to obtain images. </p>
<p>While little information is publicly available in this most recent case about the range of images and how they were all obtained, research suggests privacy of images is not always in the victim’s control. </p>
<p>In <a href="https://theconversation.com/more-than-revenge-when-intimate-images-are-posted-online-32948">ongoing research</a>, my colleagues and I have found that, while many images of women and girls are obtained from public or semi-public social media accounts, many others are obtained illegally through hacking accounts and internet-enabled devices, through “upskirting” and “creep shots”, as well as through images originally shared privately with an intimate partner. </p>
<p>A further problem is that we seem to reserve a special kind of victim-blaming when it comes to sexual forms of violence, abuse or harassment. No-one ever told a victim of identity fraud that they should never have stored their money electronically in the first place, or how silly they were to make purchases online. </p>
<p>We seem to understand that cybercriminals exploit, trick and hack victims’ information in a range of ways to commit their crimes. We don’t expect people to avoid all forms of e-commerce simply to prevent themselves from being victimised. </p>
<p>Yet last year, when nude images of hundreds of Queensland women were posted online, authorities <a href="http://www.smh.com.au/queensland/nude-photos-of-hundreds-of-queensland-women-posted-online-20150622-ghuec0.html">reportedly warned victims</a> about storing sensitive images on their digital devices at all.</p>
<h2>A broader trend?</h2>
<p>It is important to provide everyone with advice on how to protect their information online and to be aware of the potential for exploitation and abuse of their material.</p>
<p>But the line between providing advice and placing responsibility back onto victims is easy to cross. Often it lies in the balance of the messages directed to both perpetrators and victims.</p>
<p>How much of the media coverage comprises “stern warnings” to potential victims as compared to potential perpetrators? How often are there calls for witnesses or bystanders to report their peers’ concerning behaviour? What further information about common patterns in crime and violence, or how victims can get help, is included? </p>
<p>There are more positive examples. When nude photos of South Australian women were found to have been shared online last year, authorities took care to balance advice to victims on protecting their information alongside <a href="http://www.adelaidenow.com.au/subscribe/news/1/index.html?sourceCode=AAWEB_WRE170_a&mode=premium&dest=http://www.adelaidenow.com.au/news/south-australia/website-featuring-nudes-of-400-adelaide-women-stopped-by-sa-police-but-no-arrests-after-11month-international-investigation/news-story/985b50e061c78e91ce0e640b866d3e79?memtype=anonymous">statements that emphasised</a>:</p>
<blockquote>
<p>None of the women were to blame for the manner in which their stolen property had been used.</p>
</blockquote>
<p>Yet research into <a href="https://uncovered.org.au/room-for-improvement-australian-media-s-reporting-of-violence-against-women">media coverage of violence against women</a> generally has repeatedly found that a majority of reports tend to focus overwhelmingly on the features of individual “incidents” and the behaviours of victims, rather than in-depth coverage of the broader issues of gender-based violence with a focus on the perpetrators.</p>
<p>Crucially, the harms of such image-trading sites are not only in what the images contain, but also in how they are being used. From “revenge porn” sites to <a href="http://www.news.com.au/technology/online/social/facebook-forces-shut-down-of-controversial-blokes-advice-social-media-page/news-story/ae7c31dcc6939af67ee8ecd1f879b747">“blokes advice” pages</a> to online forums designed to <a href="http://www.news.com.au/lifestyle/real-life/news-life/canberra-college-students-expelled-over-creepy-facebook-page/news-story/f6a7e3e08860dcd22ccd542e4d6d74d1">solicit creepshots</a> and share identifying information about women and girls, there’s a clear pattern in how those involved treat women as second-class citizens and mere sexual objects. </p>
<p>Particularly troubling is the <a href="http://www.smh.com.au/lifestyle/news-and-views/opinion/the-epidemic-of-rape-culture-in-schools-can-no-longer-be-ignored-20160817-gquv53.html">“pack mentality”</a> of some online groups. Communities and localised groups that provide <a href="https://books.google.com.au/books/about/Male_Peer_Support_and_Violence_Against_W.html?id=AWYCAQAAQBAJ&redir_esc=y">male peer support</a> for sexual violence and abuse have been linked with higher rates of violence perpetration, for example.</p>
<p>The problem thus goes far beyond the trading in images (whether obtained from public sources or illegally) to broader issues of sexual and gender-based harassment of women and girls. </p>
<p>Some images that are not at all sexually explicit are likewise posted alongside women’s identifying information. This encourages others to engage in stalking, voyeurism and/or account-hacking in order to contribute further images. Our research <a href="http://www.tandfonline.com/doi/abs/10.1080/10439463.2016.1154964">has found</a> these associated behaviours can be very dangerous. In some cases, they have been linked to further targeted harassment of individual women. </p>
<p>Take away the images, regardless of how they were originally obtained, and we still have a social problem that no amount of advice to victims is going to solve.</p>
<hr>
<p><em>If you or someone you know is impacted by sexual assault or family violence, call 1800RESPECT on 1800 737 732 or visit www.1800RESPECT.org.au. In an emergency, call 000.</em></p><img src="https://counter.theconversation.com/content/64116/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Anastasia Powell receives funding from the Australian Research Council and Criminology Research Council. Anastasia is on the Board of Directors of OurWatch, and is co-Convenor of the Gendered Violence and Abuse Research Alliance (GeVARA) at RMIT University. </span></em></p>Telling girls and young women to ‘be careful what images you share’ contributes to the shaming and humiliation of victims by placing the responsibility back onto them for their own humiliation.Anastasia Powell, Senior Research and ARC DECRA Fellow, Justice and Legal Studies, RMIT UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/466272015-09-03T04:23:02Z2015-09-03T04:23:02ZSecurity vs usability: that’s the choice we make with passwords<figure><img src="https://images.theconversation.com/files/93622/original/image-20150902-6185-1uk8ur1.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">How secure are your passwords?</span> <span class="attribution"><a class="source" href="https://www.flickr.com/photos/krynowekeine/2703085724/">Flickr/Krynowek Eine </a>, <a class="license" href="http://creativecommons.org/licenses/by-nc-nd/4.0/">CC BY-NC-ND</a></span></figcaption></figure><p>We all need some kind of authentication process if we are to access information systems at work or at home. We know why we need to do it: to make sure we have access to our data and unauthorised people don’t.</p>
<p>So why do we routinely ignore such advice, particularly given the constant <a href="https://theconversation.com/the-quick-brown-fox-can-help-secure-your-passwords-online-31954">advice from cyber security professionals</a> about the <a href="http://au.pcmag.com/opinion/23465/make-passwords-strong-and-long">need for strong passwords</a> that are changed frequently? It seems there is a significant disparity about what we do and what we want: is it security or is it usability? </p>
<p>Most authentication we encounter today is typically implemented in one (or more) of three ways:</p>
<ul>
<li>Something you know (such as the humble password)</li>
<li>Something you have (a smart card)</li>
<li>Something you are (a fingerprint).</li>
</ul>
<p>Many systems use a username/password pair for access control, largely because the interfaces to most systems have typically been some sort of keyboard. Some smart phones use a PIN or fingerprint and bank ATMs use a combination of something you have (a card) and something you know (a PIN).</p>
<h2>The trouble with passwords</h2>
<p>Having a long random password is good advice. It provides a measure of security for guarding access to important information, such as your online banking account.</p>
<p>Unfortunately, when faced with having to remember several random fifteen character passwords (characters being A to Z, a to z, 0 to 9 and an assortment of other printable characters such as ! @ # $ and %), most users apply a judgement to the value of the information protected by the password and act accordingly.</p>
<p>Some accounts may have a relatively weak password, because of the cost of undue information leakage or harm to the owner if the account is compromised. Other accounts might have a stronger password, because users don’t want their money siphoned off by a cyber-criminal. These are judgements about the perceived value of the information.</p>
<h2>How safe is your password?</h2>
<p>If you must use a password, what makes a good one? How fast can a password be cracked?</p>
<p>There are several web sites that <a href="http://www.businessinsider.com.au/most-popular-passwords-of-2014-2015-1">publish lists of common passwords</a>. I have used a list of 14 million passwords as a test with a local science discovery centre in Perth.</p>
<p>Attendees at the centre (mostly high school students) were asked to enter what they thought was a secure password and this was checked against the list. If not found on the list (a rare occurence), the password was sent to a fast computer for further processing.</p>
<p>This computer could crack a random six character password in under two seconds, using a brute-force attack by trying to match “aaaaaa”, then “aaaaab”, then “aaaaac” and so on through all combination of six characters.</p>
<p>It was surprising how little the fast computer had to do. Many users assume that words or phrases taken from well-established literature are somehow secure. They are not (forget anything from Lord of the Rings or War and Peace).</p>
<p>A longer password takes longer to crack. A random 15-character password might take a week, but then the argument comes back to the time value of information. If a cyber-criminal has to wait a week, your account will still be there and will you change your random 15-character password every week?</p>
<p>One way to add an extra level of security to your password is to enable any <a href="http://www.cnet.com/news/two-factor-authentication-what-you-need-to-know-faq/">two-step authentication</a>, whereby another code is sent to a device, such as your mobile phone, after a password is entered. <a href="http://lifehacker.com/5938565/heres-everywhere-you-should-enable-two-factor-authentication-right-now?commerce_insets_disclosure=off&utm_expid=66866090-48.Ej9760cOTJCPS_Bq4mjoww.1">Plenty of online services</a> already offer this service.</p>
<h2>We need some other authentication</h2>
<p>If the humble password is not suitable due to usability issues, then there are alternatives such as the <a href="http://www.news.com.au/finance/money/australia-hooked-on-tap-and-go-payments-visa-paywave/story-e6frfmci-1226821426268">popular pay wave</a> contactless payment system for <a href="http://www.afr.com/opinion/paywave-society-should-not-give-up-on-cold-hard-cash-just-yet-20150901-gjd276">bank cards and travel cards</a>, with no password required for small transactions.</p>
<p>The risk is that if your wallet or purse is stolen, small amounts can be siphoned from your account before it is blocked. Nonetheless, tapping a card is <a href="http://www.news.com.au/finance/money/contactless-tapandgo-payment-gains-popularity-with-australian-shoppers/story-e6frfmci-1227073203032">proving to be popular</a> with consumers and with retailers, so convenience wins over security.</p>
<p><a href="https://theconversation.com/au/topics/biometrics">Biometric methods</a>, based on some physical property of the human body, are attractive because a person doesn’t need to remember a password or carry a card. Smartphones and computer operating systems <a href="http://www.cnet.com/au/news/beyond-touch-id-where-mobile-fingerprint-scanners-are-headed/">already use fingerprint scanners</a> to provide a simple and effective means of authentication.</p>
<p>Other biometric devices in use include <a href="http://www.biometricupdate.com/201307/explainer-retinal-scan-technology">retinal scanners</a>, <a href="https://theconversation.com/iris-scanners-can-now-identify-us-from-40-feet-away-42141">iris scanners</a> and <a href="https://theconversation.com/youre-the-voice-the-science-behind-speaker-recognition-tech-31579">voice recognition</a>. Despite what is seen in popular movies, no-one likes having a laser shined into their eyes, so <a href="https://theconversation.com/listen-to-me-machines-learn-to-understand-how-we-speak-42812">voice recognition</a> might be the way forward.</p>
<p>But there are <a href="https://blog.kaspersky.com/biometric-authentication/2520/">known issues</a> with biometric technology. But those issues are the same for any authentication system. Current error rates for single-fingerprint devices are approximately 2% at best – not good enough to be used on their own yet.</p>
<p>Some systems don’t rely on matching the actual fingerprint, but match other behavioural properties of a user. For example, the angle and velocity of fingerprint scanning, which are properties that are different for each person, are measurable and repeatable. This defeats a physical attack such as removing a person’s finger in an effort to impersonate someone.</p>
<p>Returning to the ATM example: for now, we are bound to cards and PINs due to their low maintenance and production costs. From a customer’s point of view, it would be simpler to speak to an ATM and ask it for cash, once your voice print linked to your account has been confirmed. This is a much more user friendly (and safer) future.</p>
<p>Ultimately, until more robust security alternatives are widely accepted (and implementable at low cost), those who continue to ignore the advice on passwords must seriously ask what balance of security and usability they prefer, and what price they’re prepared to pay for weak security?</p><img src="https://counter.theconversation.com/content/46627/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Mike Johnstone receives funding from the European Union’s Seventh Framework Programme
for research, technological developmentand demonstration under grant agreement no: 611659</span></em></p>No matter how many times people are warned to set strong secure passwords, many don’t. So why do people take the risk? And is there anything else they can do to be more secure online?Mike Johnstone, Security Researcher, Senior Lecturer in Software Engineering, Edith Cowan UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/459442015-08-13T01:29:56Z2015-08-13T01:29:56ZDon’t panic, the internet won’t rot children’s brains<figure><img src="https://images.theconversation.com/files/91526/original/image-20150812-18088-10nsn1c.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Dire predictions on the future of children’s brains are shocking, not least because of how flimsy the evidence is to support these views.</span> <span class="attribution"><a class="source" href="https://www.flickr.com/photos/kwarz/13974382668/">zeitfaenger.at/Flickr</a>, <a class="license" href="http://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA</a></span></figcaption></figure><p>You know the deal: a social phenomenon rises from obscurity to international familiarity within the blink of an eye. Pitchforks are sharpened, torches lit, and higher thought goes out the window. <a href="http://othersociologist.tumblr.com/post/14900114577/elvis-presley">Elvis Presley’s hips</a>, the skin revealed by a bikini, <a href="https://www.questia.com/library/journal/1G1-238178966/much-ado-about-harry-harry-potter-and-the-creation">Harry Potter’s sorcery</a> – you would think by now we’d have learnt to occasionally sit back and thoughtfully stroke our collective chin before writing the eulogy for humankind.</p>
<p>You’d be wrong: an editorial published in the BMJ today <a href="http://press.psprings.co.uk/bmj/august/technology.pdf">highlights one more example</a> of our societal knickers getting into almighty knot. </p>
<p>The editorial focuses on Professor Susan Greenfield, British scientist and high-profile commentator, who has been publicising the idea that internet use and video games have harmful effects on children’s brain and behavioural development. </p>
<p>Her views are so strident that her recent book, <a href="http://www.amazon.co.uk/Mind-Change-digital-technologies-leaving/dp/1846044308">Mind Change: how digital technologies are leaving their mark on our brains</a>, draws deliberate parallels with climate change, arguing the two issues are of equal importance to our collective future. Greenfield’s dire predictions on the future of children’s brains are shocking, not least because of how flimsy the evidence is to support these views.</p>
<h2>The (lack of) evidence</h2>
<p><a href="http://www.theguardian.com/commentisfree/video/2011/aug/15/susan-greenfield-video">One claim</a> is that social networking media can negatively affect children’s sense of personal identity, and also how they develop empathy within friendships. Even more controversially, <a href="http://www.theguardian.com/society/2011/aug/06/research-autism-internet-susan-greenfield">Greenfield has drawn a link</a> between social media use and the development of autism.</p>
<p>However, a <a href="http://www.ncbi.nlm.nih.gov/pubmed/23645343">large amount of research</a> in this area has found that adolescents’ use of social networking sites often enhances the quality of existing friendships. It has also been found that most adolescents actually <a href="http://pps.sagepub.com/content/7/3/203.short">portray their identity quite accurately</a> on Facebook.</p>
<p>What’s the big deal, you may ask, isn’t this just harmless theorising? I strongly disagree. The purported link between social media and autism, which is <a href="http://deevybee.blogspot.com.au/2011/08/open-letter-to-baroness-susan.html">without evidence and scientifically implausible</a>, is insulting at best, and breathtakingly stigmatising at worst.</p>
<p><a href="http://www.news.com.au/technology/online/the-dark-side-of-social-media-baroness-susan-greenfield-says-social-media-is-rewiring-our-brains/story-fnjwnhzf-1227123736728">Another Greenfield claim</a> is that intense use of video games may lead kids to become aggressive and have shorter attention spans. Again, this view needs far more nuance than is being presented. <a href="http://www.ncbi.nlm.nih.gov/pubmed/23519430">One recent review</a>, for instance, found playing action video games may actually provide a small improvement in cognitive abilities.</p>
<p>The evidence linking violent video games and aggression in kids is not clear-cut. Some studies have found the playing of violent video games can lead to small, short-term increases in aggressive thoughts and behaviours. But <a href="https://theconversation.com/do-video-games-corrupt-childhood-9479">questions have been raised</a> about the quality of this evidence.</p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/91529/original/image-20150812-18101-ezk9d.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/91529/original/image-20150812-18101-ezk9d.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=398&fit=crop&dpr=1 600w, https://images.theconversation.com/files/91529/original/image-20150812-18101-ezk9d.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=398&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/91529/original/image-20150812-18101-ezk9d.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=398&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/91529/original/image-20150812-18101-ezk9d.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=500&fit=crop&dpr=1 754w, https://images.theconversation.com/files/91529/original/image-20150812-18101-ezk9d.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=500&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/91529/original/image-20150812-18101-ezk9d.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=500&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">The sacrifice of physical activity for more screen time is a real concern that’s in grave danger of being overshadowed by a hyperbolic discussion about how technology damages kids’ brains.</span>
<span class="attribution"><a class="source" href="https://www.flickr.com/photos/58648496@N02/5380522396/">Lighttruth/Flickr</a>, <a class="license" href="http://creativecommons.org/licenses/by-nc/4.0/">CC BY-NC</a></span>
</figcaption>
</figure>
<p>These particular studies also don’t consider the social benefits that can come with gaming. Playing video games isn’t the socially isolating experience that it once was, and the <a href="https://www.apa.org/pubs/journals/releases/amp-a0034857.pdf">friendships and social learning</a> of multiplayer gaming can also be very important.</p>
<p>This, of course, is not to downplay other concerns that may accompany the increased use of social media and video games among children. <a href="http://telethonkids.org.au/news-events/news-feed/2015/july/video-top-10-tips-for-cyber-safety/">Cyber-safety</a> and the <a href="http://www.biomedcentral.com/content/pdf/1479-5868-8-98.pdf">sacrifice of physical activity</a> that accompanies more screen time are legitimate, evidence-based concerns with which parents need to engage. </p>
<p>But these important issues are in grave danger of being over-shadowed by a hyperbolic and evidence-light discussion that frames technology as damaging kids’ brains. There is little evidence for this view.</p>
<h2>Scientists and their responsibility</h2>
<p>Perhaps the biggest issue this kerfuffle raises in my mind concerns the responsibilities of scientists. </p>
<p>There’s no admission ceremony to become a scientist, no Hippocratic-like oath, no hand placed on a holy book while pledging to uphold this or that. There’s no need for any of this, because without following the fundamentals of science, you are, quite simply, not a scientist.</p>
<p>At the very core of science is the judgement of theories in light of available evidence. Scientists are humans. We have our own beliefs and prejudices, and at times it is near-on impossible to divorce ourselves from these. </p>
<p>That’s why the only kingmaker in science is evidence: objective, irrefutable observations. For every scientific theory proven through observations, there are dozens that lie shattered on the floor. And that’s how it should be. </p>
<p>Scientists can and should play a role in public discourse, particularly with issues of such importance as the impact of technology on children. At the very least, a scientist’s voice should – hopefully – add a dispassionate dimension to a very passionate debate.</p>
<p>There is currently little evidence that internet use and video games create “mind change” in kids. The only thing needed to change this position is evidence to the contrary.</p><img src="https://counter.theconversation.com/content/45944/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Andrew Whitehouse receives funding from the National Health and Medical Research Council and the Autism Cooperative Research Centre. </span></em></p>Baseless claims about the damage done to kids’ development create needless panic. And they distract from legitimate, evidence-based concerns with which parents need to engage.Andrew Whitehouse, Winthrop Professor, Telethon Kids Institute, The University of Western AustraliaLicensed as Creative Commons – attribution, no derivatives.