RAQ: Personal and Professional Identities – SMUG

Jackie Fox (@jfoxhdr), who blogs at Dispatch from Second Base, writes to ask:

I haven’t noticed this in SMUG and was hoping you might have some advice on how to mesh our professional and personal activities online. I’m beginning to suffer from a bit of an identity crisis. My professional profile is on LinkedIn and my personal profile is on Facebook (and professional on Twitter but only for monitoring purposes). That seems fairly clear-cut but what if I would like to join LinkedIn groups as a “civilian?” I don’t think the engineering company I work for is well served by seeing women’s healthcare issues on my LinkedIn profile. I guess I could list breast cancer affiliations including my blog as personal interests on my work profile but that seems just a tad weird. Or is it? Any advice from you or how others handle it would be more than welcome. Even sending you this message I had to stop and think for a second about which way to identify myself. I chose personal and I think that made sense. But yikes! If I were writing to Ann Landers I would sign this “Confused.” Thanks.

Jackie was quick to add “jfoxhdr is my Twitter name but just a reminder I have never tweeted. I’m on there primarily to monitor certain news items and follow people for work (ENR and a couple of environmental reporters) and for fun (you and Stephen Colbert.)”


Dear “Confused”…er, I mean Jackie. First, I’m honored to be in your “for fun” group in Twitter, along with Stephen Colbert. How cool is that?

Second, don’t apologize for the way you use Twitter. It’s perfectly fine to be in “Listen Only” mode if that works for you. Much better than being a spam machine.

Now to your main question:

I really think it comes down to Integrity, which my handy Mac Dictionary app defines as:

1 the quality of being honest and having strong moral principles; moral uprightness : he is known to be a man of integrity.
2 the state of being whole and undivided : upholding territorial integrity and national sovereignty.

I personally don’t think it’s a problem for your business and professional colleagues to know that you’re concerned about breast cancer and active in advocacy related to it.

Doing this advocacy on work time wouldn’t be good. But knowing that you have this interest helps your clients, customers and colleagues know you better. And if all your LinkedIn posts were about non-work passions, that probably would indicate that you’re really not that interested in your engineering work.

If you have clients to whom you are “selling” it’s better for them to get to know you as a person, not just as a disembodied voice at the end of the phone line. That makes it less likely they would drop your company for a $5 an hour discount they might get from a competitor.

If you’re involved in a jihadist group, that would be a different story. Probably best to keep that off your LinkedIn profile, because while it might not bar you from boarding a U.S.-bound plane from Amsterdam, it likely would turn off potential business associates.

But for almost any other kind of personal interest, it just comes down to proportion. Don’t go overboard in advocating for a cause so that’s all your professional colleagues and customers see.

In summary, I would just say: “Don’t be a Sybil.” Be one integrated personality (and online persona).

Be yourself.

How about the rest of you? How would you advise Jackie?

Blogging 110: Private Blogs

This course could have been called Blogging for Cowards. It’s a way of test-driving WordPress without letting anyone else see what you’re doing. But there actually are some legitimate reasons why you might want to consider a private blog to accomplish your goals.

First, I will show you how to create a private blog. It’s really simple.

Start a WordPress.com blog. If you already have a WordPress.com blog, it’s easy to register another one.

Then go to your dashboard and click the Settings link,

Then choose the Privacy Tab,

and select the “I would like my blog to be visible only to users I choose” option.

It’s that simple.

So why would you use this option?

In addition to being a risk-free way for you to experiment with blogging and learn how to do it without anyone else seeing, it could also be a way to have the equivalent of an intranet blog for your organization, but without needing IT support to install blogging software on your servers. You just need to have everyone who wants to have access to the blog sign up for a wordpress.com account. They don’t need to have their own blogs; they can simply get an account.

Then, on your blog’s administrative dashboard, click the “Users” link (which is right next to the “Settings” link) and scroll to the bottom, where you can “Add User from the Community”

Just enter their e-mail addresses and choose what level of access you want to give them (Contributor, Author, Editor or Administrator) and they will be able to participate in your blog. But no one else can.

I’ve used this method as a way to introduce colleagues to blogging so they could get hands-on experience. It takes away the mystery and fear of the unknown.

But particularly if you work for a small organization, it could be a way to in essence create the equivalent of an intranet if you don’t already have one…and without any IT expense.

So you can use this approach either to take away your own trepidation (by creating a private blog that only you can see) or to allay the fears of others in your organization or workgroup who don’t want to be blogging out there on the internet for all to see. And you can have up to 35 users (I believe) for your private blog on wordpress.com without paying for an upgrade. The upgrade to allow unlimited private users is $30 a year.

If such fears have been keeping you from experimenting with blogging, start a private wordpress.com blog today. And if you later overcome your blogophobia and want to make your blog public, it’s as simple as going back to the dashboard and changing the privacy settings.

Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to Ma.gnoliaAdd to TechnoratiAdd to FurlAdd to Newsvine

Get started today!

Facebook 210: Professional Profile, Personal Privacy

Note: This post is part of the Facebook curriculum at Social Media University, Global.

I have written previously that the ability to segregate personal and professional friends in Facebook will be essential to its growth into the all-purpose social and business networking platform. I also said this separation was logically required if Facebook is to accomplish its goal of accurately representing real-world relationships in the online environment. The reality is not all friends are the same.

Facebook made some progress toward this goal in December when it introduced Friend Lists, which enable users to group friends according to common characteristics. So, for example, here’s my list of Friend Lists:

But that only accomplished half of the goal: grouping is great, but the real need was to have different privacy settings that enable users to fully engage in Facebook personally and professionally without worrying about their work colleagues or customers getting “too much information” about their past or present extracurricular activities. What if a high school friend writes on your Wall and calls you by a nickname you’ve tried to put in your past? Or a college buddy tags you in a picture that you now find embarassing? The only solution was a single limited profile.

About a month or so ago, Facebook took the next step by enabling users to specify different privacy settings for particular groups or individuals. At the time, however, some users said the settings were hard to figure out. And I was busy at the time with launching a new work-related blog, so I didn’t have time to work with it.

Now that I’ve explored the privacy settings, I have to say Facebook has done a good job with implementation, and I’ve developed this 200-level course for Social Media University, Global students. The slideshow below includes an audio track, in which I describe:

  1. The societal trends that support development of a unified personal/professional networking platform
  2. The barriers to adoption of such a platform
  3. How Facebook has addressed the potential concerns
  4. How I have implemented these privacy controls to create an all-purpose networking site on Facebook, including the rationale for which portions I have made off-limits to professional friends.

Homework Assignments:

  1. Join Facebook if you haven’t already done so, and enroll in SMUG by joining this group.
  2. Add me as a friend. I will add you to my “Blog Friends” list, which has the same privacy settings as my “Professional Friends” list.
  3. Create your own “Professional Friends” or “SMUG Friends” list in Facebook, and adjust your Privacy settings either according to what I’ve done, or in a way that makes sense to you. Add me to that list.
  4. Send me an e-mail message when you’re created that list and adjusted your privacy settings, and I will reply and send you a screen shot of your Professional profile in Facebook.

In this way, Facebook can be both your souped-up Rolodex (and the way you represent your personal brand on the Internet), while still allowing you to make personal, non-professional connections. LinkedIN, by contrast, only allows one kind of connection: professional.

What do you think? How would you adjust your privacy settings for professional networking in Facebook? Are there still elements in Facebook you would like to be able to make off-limits to professional colleagues and customers?

Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to Ma.gnoliaAdd to TechnoratiAdd to FurlAdd to Newsvine

Ending the Facebook Hacker Challenge

It’s time to bring the SMUG $100 Facebook Hacker Challenge to an end. No one has been successful (and I don’t think they would be), but in a comment today, Erik Giberti raised a good point that I hadn’t fully considered.

Lee, I’m not a lawyer, but I think you’re violating at least the Facebook Terms of Use and possibly the DMCA  (although that’s a tricky moving target) by encouraging this generally considered illegal activity; that is cracking Facebook vulnerabilities.

My purpose in issuing the Hacker challenge was to counter the FUD (Fear, Uncertainty and Doubt) being spread about Facebook’s secret groups. “Can you really trust that the data you put in a secret Facebook group would be safe? What about trade secrets, or marketing plans? Aren’t you putting those at risk by using Facebook instead of having them securely behind your firewall?”

I was comfortable enough with Facebook’s security that I was willing to risk $100 that no one would be able to get into the secret group I set up for purposes of testing. But while I thought the risk of losing $100 was worth taking to prove a point, the risk of having my Facebook account suspended isn’t.
So here’s my advice for people who are thinking about using Facebook groups for business discussions:

  • A secret Facebook group should be at least as secure as e-mail. Everyone uses e-mail to discuss business issues, even though e-mail messages can be forwarded to an unintended party, or possibly intercepted in transit. By contrast, it’s relatively harder to get into a secret Facebook group.
  • Create a legal warning notice for your secret Facebook group. Lots of companies put legal notices on the bottom of their e-mail messages or on faxes (remember when you used to send those?) saying that the information is confidential and intended only for its recipients. I’m sure a good lawyer could develop the same kind of language to post in the descriptions of secret Facebook groups.
  • A secret Facebook group will be even more secure if you keep it, well… SECRET. For someone to hack into your secret group, they first need to know it exists! I put out a challenge to the world, saying that if anyone could find out what was in the recent news section of my secret group, I would give them $100. Then I published not just the name of the group, but its URL. No one was successful, although one person talked big about being willing to do it for $1,000. If you don’t tell anyone other than your intended participants about your secret group, it would be that much harder to hack.
  • Be Smart. If information is truly critical, so that disclosure would have serious negative ramifications, don’t put it in a secret Facebook group. You wouldn’t put your Social Security number, your bank account PIN, credit card numbers or the launch codes for nuclear missiles in an e-mail. Don’t put them in Facebook, either. But lots of less-critical information could be shared within Facebook secret groups with relatively low risk.
  • The calculation should always be risks vs. rewards. If a Facebook group enables you to collaborate more effectively than you can using your current methods, and if an information leak wouldn’t bring financial ruin or global thermonuclear war, the reward probably makes the risk worth taking.

I’ve done my own calculation of risks vs. rewards based on Erik’s comment and Robert Scoble’s experience in being kicked off Facebook, and that has led me to declare that the SMUG challenge has ended, as of 12:01 a.m. CST on Wednesday, Feb. 20, 2008. I am not encouraging anyone to hack Facebook’s security. The $100 offer to get into my secret group, and the $200 offer for posting a photo to it, is withdrawn.

I find Facebook too valuable that I would not want to risk an account suspension on the grounds that I had encouraged others to violate the Facebook TOS. A rock star like Scoble can get his Facebook reinstated quickly. For the rest of us, it might take longer.

My challenge was meant to be supportive of Facebook as a place for business interactions. And I think it has accomplished its purpose, if it has helped to banish the FUD.

SMUG Facebook Hacker Challenge Update

The SMUG $100 Facebook Hacker Challenge, which I conceived in response to a question during this podcast interview, has attracted some interest.

Anthony at AllFacebook put out the all-points-bulletin for hackers to give it a shot. And Goob said

Frankly, I think it’s just a great publicity event. Promise some money if people can do something you’re confident is impossible, let a ton of other sites write about it and link back to you, and sit back and relax. I can [sic] the same thing though. I’ll give $1 million dollars to anybody who can figure out the number I’m thinking of between 1 and 78 gazillion. See, it’s that easy.

And Justin Flowers added, while misspelling my name,

While reading the post, I suddenly realized that I had a similar challenge that I wanted to make, and that, in fact, I was willing to offer more money for mine.

You see, I, Justin Flowers, trust the security at the US treasury so much that I’m willing to offer a $1000 dollar reward to anyone that can break into the US Treasury, and steal $1,000,000 US. If you show me the 1 million, I’ll pay up. I’m willing to double my payout if you bring me a picture of you in a vault at the Treasury.

In their rush to sarcasm, they both Goob and Justin missed the point. The security of the US Treasury isn’t in question, and this isn’t about mind reading. No one doubts whether the banking system is safe from being hacked (even by Danny Ocean and his 10 friends).

But data security for business information is precisely the issue with Facebook. I get the question a lot, as I did on the MindComet podcast:

“If I use a secret Facebook group for business planning, can I feel confident that my data will be secure?”

And that’s the reason for the SMUG Facebook Hacker Challenge. I’m betting $100 that the answer is “yes.”

Do I hope lots of people link to the hacker challenge and spread the word? Yes, because that will help us find the answer to our question about data security in Facebook secret groups. This is a real academic research project.

Unlike Goob, I’m not thinking of a random number for someone to guess. I have a real answer for someone to find on this secret Facebook group, if they can beat Facebook’s group security. It’s right there, in the recent news section of the group. And the information itself is worth a lot more than the $100 bounty.

Yet in the blog discussions of the hacker challenge, one question that’s been raised is whether the $100 prize is lucrative enough to attract the attention of a really proficient hacker. In fact, in the comments on the post announcing the challenge, the mysterious jmprei offered to do it for $1,000. I guess the $100 isn’t enough for her or him.

As a professor at SMUG, I do have the security of tenure (after all, I’m the Chancellor), but since

  • we don’t charge any tuition for our online university, and
  • our University Endowment is…well…zero, and therefore
  • My SMUG salary also is nonexistent…

I’m not ready to raise the ante on my own. (In fact, my wife says the current hacker challenge prize has to come out of my Christmas money.)

So if anyone else thinks it’s worth raising the payout to find out how safe your business-related data would be in a secret Facebook group, here’s an opportunity for you to provide some extramural research funding for SMUG.

I’ve established a PayPal account for the SMUG Research Fund, and have transferred $100 into it. Whoever meets the SMUG Hacker challenge first gets whatever is in the account at the time of the hack.

So it becomes a fun little game of chicken for any hackers who think a $100 prize (and worldwide fame) isn’t worthy of their time and talents. As SMUG students or any interested bystanders make their $1, $2, $5, $10 or larger contributions to the SMUG Research Fund, I will update this post to indicate the new prize level.

I think it may eventually reach the point at which Greed and Fear will intersect for some hacker. They would then have the Deal or No Deal decision to make: Do I wait for the prize to go up and increase the payoff, or do I claim it now to avoid having someone else snipe it?

Please note: None of our 40 students (cool!) should feel any obligation to contribute.  Social Media University, Global is a free university. Also, contributions to the SMUG Research Fund are not tax deductible. But if anyone does want to help advance our practical knowledge of whether Facebook is safe for business data, click here or in the SMUG Research Endowment widget at the bottom of the right sidebar.