Watch Me Drive

There is an advertisement on TV at the moment for an Australian car insurance company that encourages drivers to download an app to their phone to find out who is “Australia’s Best Driver“.  Here’s the ad…

When you download and install the app it starts by asking you a few questions…  your name, gender, email address, home address, etc. Then it keeps track of your driving using GPS location, timestamps, speed tracking, etc for at least the next 300km. In fact, it even defaults to an autostart mode so that you don’t have to remember to turn it on. Every so often it will check in with you to make sure that you are in fact the driver of the trips it’s been tracking. Then it scores your driving style in an attempt to find out who is the best driver in Australia.

Think about it. As well as knowing exactly who you are, it knows how fast you’re driving, when you’re driving, where you’ve been, who was driving and how long for, and even what your phone was doing as you drove. And remember, it just starts tracking automatically every time you drive. Without you even needing to turn it on.

Over time, the data will show whether you speed or not, whether you drive long distances without taking a break, whether you accelerate and brake erratically, what times of day you drive, and of course whether you’re using your phone as you drive. This is not just Big Data.  This is highly personalised data about you as an individual.

But it’s just a game right? You’re encouraged to compete with your friends via social media, so that lots of people are playing the game with you, all submitting the intimate details of their driving history as well. Let’s see who’s the best driver. Plus you can earn badges. Yay! Badges! That’s what it’s about right?

I can’t believe anyone would voluntarily give all this data to an insurance company. I mean they say it’s to make you a safer driver. Yeah, sure, that’s totally the reason. Until you apply for insurance one day and you find they know a little bit more about your driving habits than you might’ve thought and your insurance premium reflects that knowledge. If you’re a good driver, maybe you’ll pay less for you insurance. And maybe you won’t. I know which one I’m betting on.

I like to think that I’m a pretty good driver, but even with the promise of a big cash prize, to voluntarily hand over that much personal driving history data to an insurance company seems absolutely crazy to me.

Thanks AAMI, but I’ll leave this little adventure to Neil, Gaz and Loretta Jones.

Featured CC BY-NC Image “The Sunset Storm, Brisbane Australia“, by Ben Ashmole on Flickr

In Second Factor We Trust

You hear of so many security compromises and hacks these days. There are major security breaches happening, with millions of passwords being stolen and used to steal or damage your stuff. So what can you do about it?

With so much of our lives now being lived in online spaces, losing a password, losing an account, having someone get into your stuff online,  would be a nightmare. What would happen if someone got into your Google account? Your Facebook? Your bank account?

I lost my original Twitter account (betchaboy) last year after a password breach and have never been able to get it back. These security breaches DO happen.

The best thing you can do to protect yourself is to turn on Two Factor authentication. Sounds complicated? Its not. It basically means that there are two passwords required to get into your account instead of the usual one… there is the normal password that you usually use, plus a second one that changes every 30 seconds or so. Even if the bad guys were to get your password, without the second factor – which only you know because it’s generated on your phone, in your presence, on demand – the first password is useless.

It’s a bit like having a door with two locks on it. You’d need both keys to open the door, not just one. Either key on its own won’t open it.

But wait, what? A second password that changes every 30 seconds? That sounds like a lot of messing around! I know it sounds like a hassle, but it’s actually not. Most Two Factor systems form a trust relationship with the devices and computers you use often so most of the time you don’t need the second factor for the computers you use regularly. It’s just needed when you log into a different computer or phone that you don’t normally use. Just like the one that a hacker might be trying to use to log in as you. Even if they discover your password, unless they have YOUR device they only have half the password.

I’ve been using Two Factor authentication on my main Google account for a while now. I resisted turning it on for ages because it all sounded too hard. I eventually relented and decided to give it a go. It’s something I should have done a long time ago. And it’s something that you, if you haven’t already, should do too. Right now.

I spent some time tonight setting up Two Factor authentication on all my Google accounts (about 5 of them), plus my Facebook, Evernote, WordPress, PayPal, Dropbox, Lastpass and Apple ID.  Here’s a good article on how to do it.

For most of these, the second factor can be generated by an app on your phone called Google Authenticator, available for Android, iPhone, Blackberry and Windows Phone. It uses Google’s open source token generation algorithm, and it spits out a new code every 30 seconds, specific to each account. Just log in to these sites as usual, but have your phone handy to generate the second password. It’s very straightforward and easy to use, and well worth whatever minor inconvenience it might cause (which honestly isn’t much)

If you haven’t set up Two Factor yet, can I strongly encourage you to at least give it a try. You can always turn it off if you hate it, but really, you should be using this! There was a report of a password breach for Dropbox users yesterday and it was such a relief to think that it didn’t really bother me as even if they got my password it didn’t matter. It was useless to them anyway.

Do it. Do it now. Seriously.

Being Visible Is Hard

VisibleI was talking to a couple of people today about the way we use blogs with our students.  At my school we have a number of students and classes blogging, and every one of these blogs is completely open and visible to the public web. These folk were asking, with an obvious degree of concern, how we deal with this public visibility of student blogs and what steps were we taking to prevent them being seen by “just anyone”.

I’ve tried to convince many people to try blogging over the years. Usually, their biggest objection is “why would anyone want to read what I write?”  Their concern is usually about the huge waste of effort that blogging will be because they don’t truly believe that anybody will ever read or take any interest in what they have to write. They imagine that their work will go into the black hole of the Internet where it never gets seen by anyone.

And yet, when we talk about getting students blogging on the open web, the usual concern is just the opposite. We worry more about how we can stop “all those people out there” from seeing the student blogs. We worry that our students will be endangered by throngs of strangers seeing their writing online.

Well, which is it? Are we worried that nobody will see the things we post online, or are we worried that everybody will see the things we post online? It’s an interesting contradiction.

The truth is that the vast majority of blogs have a readership of close to zero.  Getting people to find and read your blog is hard work. It takes a lot of promotion and campaigning to get people to find and connect with a blog. And as much as I hate to say it, it’s probably even harder when that blog belongs to a school student.  We worry a lot about ‘stranger danger’ but unless a teacher actively pursues an audience for their students’ blogs, I suspect most would be lucky to get a visit from anyone beside mum and dad and a few family friends.

Despite our concerns about the perils of putting our kids online, the biggest challenge of blogging with students is not exposure, but obscurity.

Creative Commons photo: http://www.flickr.com/photos/andercismo/2349098787/

A Public Life

Google - Web HistoryMany people don’t realise it, but if you use Google’s search services while signed into your Google account (which you already have if you use Gmail) then your entire search history is automatically archived for you, along with statistics about how often you searched, for what, and when. It will track how many times a day you’ve Googled something, and even displays a little colour coded calendar to show you your overall search patterns. Some people may find the whole thing a little scary, a little Big Brother-ish maybe.

Perhaps it is, although it doesn’t actually bother me at all. I find it useful to have a complete history of what I’ve previously looked for, and there have been a number of times that being able to go back through my search history has been very useful. If there are negative aspects to this sort of tracking, then, for me anyway, the positives have far outweighed them. I pretty sure that I  function far more effectively by being able to turn to a search service to ask questions (and get answers), and I really don’t mind that there is a history kept of them. I’ve nothing to be embarrassed about, and seeing the hundreds of questions I’ve asked each month really does make me wonder to whom these questions were directed in pre-Google days.

Whether this sort of thing bothers you or not might depend, in part, on what the search history shows. I’m reasonably confident that I could pick a random date from my search history and have it displayed publicly and not worry too much about what it might show.

I’d like to think that the same would apply with my overall online presence, my “digital footprint” as they call it. For the last several years I’ve been pretty open about sharing a good deal of my personal life in public online places, and although I can only speak for myself, the opportunities that “publicness” has brought into my life have been overwhelmingly positive.

Whether we like it or not, in a digital age we all leave a trail behind us.

Something we constantly remind our students about is the need to leave a positive digital trail behind them. I wrote a post recently about a lesson I had with a Year 6 group. In this lesson I asked them to Google their own name and many of them were surprised that there was already considerable evidence of their existence in the Google database – evidence that they didn’t put there and that they were unaware of. As I said to them at the time, the question is not “Will I appear in search results?” but rather “What will the search results say about me?”

While working with a small group of teachers the other day, we did a similar exercise. I’ll write more about this in another post, but suffice to say that some of these teachers were shocked when they Googled their own names. One found a fairly nasty comment about herself on RateMyTeachers.com, (a site she was completely unaware of) while others found no evidence of themselves at all in the search results. I’d suggest that both of these outcomes are not desirable. Having something negative turn up about you in a search is clearly not a good thing, but having nothing at all turn up about you is probably just as bad. I know some people who go to great lengths to avoid having an online presence – usually because they want to maintain a sense of privacy – but they need to realise that not turning up in a search result also says a lot. Unfortunately, not having a digital footprint makes a statement about you too.

Like it or not, in an age where “if it’s not on Google it may as well not exist”, we need to be really mindful about what our digital footprint says about us.

The notion of a personal resumé is quickly being replaced with the digital footprint. Do you have a positive online presence? How “Googleable” are you? Are you on Twitter? Facebook? LinkedIn? Do you participate in online communities? What projects have you been involved in that support your professional practice, and are they visible to the world? If your next employer was to Google you before asking you to come for an interview, would you be proud of what they’d find, or embarrassed?

These are realities we need to teach our students, and I’d suggest we can’t do a good job of it unless we  start with ourselves. When someone wants to know a little more about you, you need to be able to proudly say “Just Google me” and know that what they find will be the right stuff.