Monday, January 31, 2011

Organzing your online life - a concept

Before reading on, I would like to note that there is no scientific basis for this entry and that all of this is just a subjective conceptual approach to organizing your online life along with noted risks and suggested management.

First of all, to exist online you must need a valid email. Our email not only is the core of our online life it is in itself a key to other services online. Sign up for Facebook & Twitter? They need your email! Sure, some of these services now offer linking with each other but somewhere down the line you will need your email.

Before I move on I would like to establish first that this entry does NOT make your online life safe and secure. It only explains how to manage your online life into memorable tidbits and provides a reasonable degree of risk management. I have always believed that security is a state of mind and not a state of things. Do what is reasonably in your comfort zone.

Let's face it, with all the web services being offered online, it's really a pain to remember passwords. While, it is tempting to use use a one-password-fits-all we all agree that this has always been a bad idea. If someone figures it out, goodbye to your online life! Now while I am against this approach I did manage to do a little bit of both worlds. I created a set of passwords that would cater to the type of service I would be using. i.e. A single password for my emails, a single password for my social networks and so on. Sounds familiar? It's like having keys to the front door that keeps the things in your home safe and keys to your garage to keep your cars safe (let's forget the complexity of the situation by not thinking about the car doors). That way, I only need to remember that type of service and the password for that service. How is this safer? The answer is, it's not. At least not 100% anyway.

How would I do it? Well, I followed a bottom-up one-way access approach to my accounts to minimize compromising them way up the service hierarchy. Why did I do it like this? I recently tried to imagine my online life like an organized web of services. My emails would be the center of it all and spreading outwards would be services like Instant Messaging, Social Networks & Blogs and each would occasionally be dependent on another somewhere up the line but NEVER below it.

This idea accomplishes two things for me:

  1. If a specific service gets compromised it's only isolated to that type of service and can easily be recovered back in my email provided if the services provides a mechanism to ask the old account first if the malicious person changes it. Sadly, not a lot services have this. This is one calculated risk I'll have to live with.
  2. It provides me with a degree of one way security. e.g. My Twitter can post to Facebook but not vice versa. This is so my known friends can see what my Tweets are but keep my followers oblivious of my Facebook account. Twitter's nature potentially invites a wider range of strangers compared to my Facebook so privacy becomes my concern. Yes, I could keep my Tweets private but this was not my intention at the time of this writing.

Currently, my Facebook only receives data or feeds from my other services like Twitter, FourSquare and Blogger but I NEVER let it post to those services. Why? Usually, those other services have generic information. Having Facebook post to those sites would expose my existence of a Facebook account which then implies that I have much more detailed information there.

Here's a conceptual diagram to illustrate my idea:
The arrows that meet only the line illustrates general association to those accounts.
This design is not set in stone and your online life will greatly differ from mine. What I'm selling here is the idea of HOW to organize your online life.

One tried and true testament to this paradigm of mine is demonstrated in this blog. Have you ever noticed that while I do mention my Twitter account I made no mention of my email nor my Facebook profile? This is my idea at play. NO, my Yahoo ID is not my email either!

What about those all-in-one services like Meebo?
Well, as I've said, to each his own comfort level. I use those reputable ones and only because it's a pain to to use those IMs on my mobile.

What about email that's the core of them all?
Your emails can be set up to be backups of each other. A person can know one or two of your emails but rarely all. (I'd imagine that's why you have multiple accounts in the first place, ey?) Besides, if someone tampers with the backup emails one or all of your accounts will be notified of this change and should alert you of suspicious activity.

What about sister company websites?
I would suggest treating them like you would your email since it's pretty limited to what you can do with the privacy and such. If the service allows you to set up an alias I suggest associating the sub-sites with that alias instead of your email.

Some advice
When a service asks permission to do something on your browser just follow this simple rule: If you don't understand or you don't know what it does, just say no - even if it deprives you of a service you're expecting. That's right, like saying "No" to drugs! Prevention is key!

Lastly, I will not change the universal rule that you should write your password on a piece of paper be it virtual or physical. It is and will always be the most stupid idea you'll ever make!

No comments:

What others are yacking...