Monthly Archives: June 2012


Facebook has introduced a new feature that allows users to identify any of their Facebook users that are nearby called Friendshake. Whilst it may have some useful application for making new Friends whilst out and about at a club or concert, or at a venue where you have arranged to meet up with friends, it also has a creepier side that makes every Facebook security alarm go off here at eConscious Consulting HQ, especially the Uncle Pervy and Psychotic Axe Murderer alarms.

Who knows if that hot blonde number you’ve been chatting to for a while, who’s also going to the gig/party/concert tonight that you’ve been telling them you are so excited to be going to, isn’t really a serial rapist looking for their next victim? They know where you will be and when, they know what you look like, and if you have the Friendshake feature and GPS enabled, they WILL find you. They’re good like that.

It’s a gift dropped into the laps of pedophiles and other nefarious creatures who use social networks to identify and target their victims, and who are experts at grooming and manipulating the young and vulnerable. It’s interesting that the next article we read today was about how Louisiana had just introduced a law stating the all registered sex offenders (RSO) must document their RSO status on any of their social media pages. It’s kind of a moot point on Facebook as it bans sex offenders from using its site in its Statement of Rights and Responsibilities, Section 4 – Registration and Account Security, Item 6, which reads:

“You will not use Facebook if you are a convicted sex offender.”

 There are a couple of holes here in these safety measures though:

  • A registered sex offender may open a social media account in a fraudulent name.
  • What about the sex offenders that haven’t been caught and registered? I doubt they are going to first of all, read the Statement of Rights and Responsibilities (I mean, who does?), and then say to themselves “Oh, bummer, I can’t have an account because I am a sex offender”, and pop out to the playground instead.

There’s another possible use of the Friendshake feature that also makes us feel a little uncomfortable. Let me set the scene; random person at some place where there are many people, switches on Friendshake and checks out everyone there that also has Friendshake open, grabs as much information about them as they can. They can see at least your name, profile picture, and possible any information that you have made Public.

Find Friends Nearby option is now available on Facebook’s iOS and Android apps. It’s here:

Menu > apps > find friends > other tools > Find Friends Nearby.

This path takes you to a page that looks exactly like the mobile web page.

Our recommendation for staying as safe as possible on Facebook (and other social media sites, where applicable):

  • Don’t enable GPS on your mobile device, unless it’s for a specific reason like um… navigation. Then turn it back off when you have finished.
  • Don’t enable GPS on any social media applications, but if you do, use it with awareness that you are letting all and sundry (and scheevy and axe-murdery) know where you are and when.
  • Don’t allow children and at risk persons to have GPS enabled smart phones or devices.
  • Practice good Social Media Privacy awareness (eBook from eConscious Consulting available soon).

We’ll follow uptake and evolution of this application and keep you posted.


Have you stopped and thought about the impact that having no Social Media Policy could actually have on your organisation? Take the case of Stutsel v Linfox Australia Pty Ltd.

In April 2012, a truck driver at Linfox, was dismissed for serious misconduct. His termination came as a result of comments posted on his Facebook profile concerning two of his supervisors, which were racially derogatory and sexual in nature. The main issue in the case was whether the man’s actions constituted serious misconduct. A further issue was whether the termination was harsh, unjust and unreasonable. The truck driver sought to be reinstated to his position.

The court highlighted that at the time of the incident Linfox did not have any social media policy and further it still remained without a policy at the time of the hearing. Commissioner Roberts commented about the lack of policy that “in the current electronic age, this is not sufficient and many large companies have detailed social media policies and have taken pains to acquaint their employees with those policies.”

While the court found that the truck drivers comments were distasteful and regrettable it was held that he was not guilty of serious misconduct and there was therefore no valid reason for his termination. The court also noted the inequitable treatment of Mr Strustel, The truck driver,  as some other Linfox employees who had posted comments on his wall had not received the same treatment. For this reason the termination was also held to be harsh, unjust and unreasonable.

If a social media policy had been in place the conduct may have constituted serious misconduct and thus warranted termination.

Submissions by the Applicant

  • During the Arbitration proceedings, the Applicant gave sworn evidence and submitted a witness statement which stated (among other things) that:
  • His wife and his daughter had set up his Facebook account;
  • he thought that Facebook was a place where he could privately interact with a group of people who he had accepted as Facebook ‘friends’;
  • He was told by his wife and his daughter that they set up his account with full privacy restrictions and that to his knowledge, nothing he said or did could be seen by anyone but the people he had invited to be his Facebook ‘friends’;
  • He was not sure how one of his managers was able to access his Facebook account as he did not, nor did his wife or his daughter change his privacy settings; and
  • He was not aware of any Company policy regarding Facebook, other than a general direction that it should not be accessed during work time (as opposed to breaks).

Submissions by the Company

The submissions made on behalf of the Company argued that the derogatory comments breached:

  • The implied terms of the Applicant’s contract of employment, which provided that he:
  • Act with good faith and fidelity;
  • Had breached the required obligation of trust and confidence;
  • Promote his employer’s business interests; and
  • Not take any action which would damage his employer;
  • The Company’s Workplace Diversity policy; and
  • Clause 6.1 of the Equal Opportunity and Diversity statement contained in the Linfox Red Book Induction which was provided at the Company’s induction program, which the Applicant had participated in.


Commissioner Roberts concluded and found that:

  • At the time of the Applicant’s dismissal, the Company did not have any policy relating to the use of social media by its employees;
  • Even by the time of the hearing, it still did not have such a policy;
  • The Company relied on its induction training and relevant handbook to ground its action against the Applicant; and
  • In the current electronic age, this was not sufficient as many large companies have published detailed social media policies and have taken pains to acquaint their employees with those policies. Whereas, the Company did not.

Consequently, it was held that:

  • There was no valid reason for the termination as the Applicant was not guilty of serious misconduct; and
  • The termination of the Applicant’s employment by the Company was harsh, unjust and unreasonable.
  • Therefore the Company was ordered to:
  • Reinstate the Applicant to his former position, with full continuity of employment; and
  • The Applicant be compensated.
  • This case should be a reminder to all employers that social media policies should not be seen as luxuries but as necessities. Comprehensive social media policies not only set guidelines for the online conduct of employees during and after work hours but they may protect an employer against unfair dismissal claims.

‘Enable Dislike Button’ scam spreading on Facebook


Summary: Researchers from Sophos have spotted a currently circulating “Enable Dislike Button” Facebook scam.

Researchers from Sophos have spotted a currently circulating “Enable Dislike Button” Facebook scam.

Upon clicking on the what looks like a recently added genuine Facebook feature, users are exposed to a “Follow the steps below to get the Dislike button” instructions page similar to the one seen in theOsama Execution video scam.

Spamvertised as:

Facebook now has a dislike button! Click ‘Enable Dislike Button’ to turn on the new feature!

Once the users copy and paste the obfuscated javascript in their browsers, all of their friends will be spamvertised with a wall post about the non-existent Dislike feature. The campaigners appear to be monetizing the campaign through a survey scam.

For the time being, Facebook doesn’t offer a dislike button.

On 18th May 2012, Facebook Inc. went public with an IPO (Initial Public Offering) of about $US100 billion. There was a lot of fanfare and hoo-ha and writing in the press. Comedians had a field day, the Twittersphere resembled a flock of Red-Billed Quelias foraging for food, and the rest of us just went about our normal lives. But did you give a thought to what the Facebook IPO means to you, the Facebook user?

When you are a super-large, global, public corporation, your financial imperative is to be profitable and to make your shareholders money. How does Facebook make money? After all, it’s free to all of us, to use when and how and where we like (well, not everywhere we like it seems), so the profits are not coming from us, right? Well actually, they are, kind of.

Facebook makes money by selling us, its users, to marketers and advertisers and data collectors. They want to know what we like, where we go, whom we see, and what we think of ‘stuff’. And we all readily give this information to the great Facebook machine. We Like a great variety of different things on Facebook, and clicking that <Like> button doesn’t just tell your favourite Paris restaurant that you like them, it also tells Facebook, and Facebook then sells that information to its clients.

But aren’t we Facebook’s clients? When it comes to Facebook, if you aren’t paying, then you are the product, not the client.

Facebook follows you not only when you are logged in to Facebook, but everywhere else you go on the web too, gathering information about where you go, what you look at, and where you check into. You can minimize Facebook’s ability to track you by[1]:

  • Opening Facebook in a separate browser window to the one you use to browse the web with.
  • By logging out of Facebook before browsing the web.
  • By not checking the Keep me Logged In box on the Facebook Log In screen.
  • By using the Safari browser rather than the Internet Explorer browser.

It collates all this data about you and it sells it to people who want to sell you something via adverts on Facebook.

If an advertiser of say, top of the line lingerie wants to advertise on Facebook, they know that not all of Facebook’s 900 million+ users are going to be part of their target market. Using the information that Facebook has about its user’s demographics and preferences, an advertiser can pinpoint the users that are most likely to respond to its advert.

Have you noticed those ads on the right-hand side of your Facebook page? Have you noticed how, if you have mentioned a certain holiday destination a lot in your status updates, or if you have Liked pages pertaining to holiday travel or places, or services, that those banner ads feature a lot of adverts for holiday related businesses?

Notice how some of the ads on the right-hand side feature the word “Dive”.

(Click on the picture to open it larger in another window.)

This is called Predictive Marketing, and whilst it seems kind of cool and efficient (after all, it means you don’t have to see ads for things you would never use, and you do see ads for things that interest you), Facebook takes it to a whole new level with the whole of web data it collects on you, and is going to have to do so more ferociously now it has to feed the hungry wallets of its demanding shareholders.

Facebook has to keep its advertisers happy and stop them from jumping ship like General Motors (GM) did.[2] In order to achieve this, it’s going to have to make its ads more effective, and to make its ads more effective it’s got to gather more information on you, and to do that it has to get you to give out more information. And Facebook is the master at getting you to give up your data, often, without you even knowing you’re doing it. It’s sneakier than a New York gossip columnist.

One of Facebook’s disquieting new features is frictionless sharing. This means that applications can post status items to your Facebook timeline without your intervention, or opt in. The privacy danger of this is that you may accidentally share a page or an event that you did not intend others to see. Examples of these types of applications currently making the rounds on Facebook are video applications like Viddy and Chill. You may have seen posts in your Newsfeed saying something like “John Doe just watched a video “Three-headed zebra born in Japanese zoo”.” Now imagine if the topic of the video you watched was something you didn’t actually want all your Facebook friends to see? By just clicking on the video, the application can publish your activity on your news feed.

Also, I noticed recently when I looking at a page I had Liked – Sea Shepherd Conservation Society – that the right hand panel showed activity from one of my Friends who had posted something about Sea Shepherd. Every time I go back to the Sea Shepherd page, there is a different post from one of my Friends, or from me, in this panel.

We can see in the right-hand panel that my Friend posted about Sea Shepherd on the 6th January. This panel changes every time I come to the Sea Shepherd page.

(Click on the picture to open it larger in another window.)

What Facebook is doing here is encouraging you to look at what your Friends are posting and become more interactive on Facebook. Which means that Facebook can gather more data about you. An inactive or non-interactive user is useless to Facebook. We can only guess what Facebook will come up with in the future to encourage us to give up more and more information about ourselves, our likes, wants, tendencies etc. Given Facebook’s somewhat shady history with respecting its user’s privacy, and its tendency to change privacy controls without notifying its users, we need to be more conscious of our actions on Facebook, and more informed about setting our privacy controls.