Main Nav

Starting today (through January 30), you can download Matt Ivester's book - "lol...OMG! What Every Student Needs to Know About Online Reputation Management, Digital Citizenship, and Cyberbullying" - for free from Amazon in honor of Data Privacy Day: http://www.lolomgbook.com/#!vstc5=ebook Matt Ivester will also be joining us for a special EDUCAUSE Policy webinar next Monday, January 30, 1-2 pm EST. http://www.educause.edu/policy/dataprivacy We hope you'll have a chance to read the book and join us for a lively discussion on Monday! Thanks, Valerie _______________ Valerie M. Vogel Program Manager, EDUCAUSE office: (202) 331-5374 e-mail: vvogel@educause.edu _______________ Follow us on Twitter! @HEISCouncil ********** Visit the EDUCAUSE Policy website at http://www.educause.edu/policy.

Comments

Message from john.ladwig@so.mnscu.edu

And, you can't download the free book without logging in to Amazon. And, near as I can tell, it's Kindle- or Kindle-apps-only. In honor of Data Privacy Day. The irony, it drips. -jml
Please note: Although the download is only for Kindle, Amazon has free reading apps for the iPad and other devices. http://www.amazon.com/gp/feature.html?ie=UTF8&docId=1000493771 They also have a new Kindle Cloud Reader so you can read it on your computer using a browser: https://read.amazon.com/ If the previous download link does not work, go to http://www.amazon.com/lol-OMG-Reputation-Citizenship-Cyberbullying-ebook...
John, Pardon the rant but what is the irony here? I mean I suppose you were hoping that you could just download an ePub copy, right? So far as I can tell the author hasn't produced the book in that format. It is Kindle-only which is not my preference but for goodness sakes as "security people" must we always find something to complain about? I'm not sure what privacy concerns you have with Amazon but it didn't take much info at all to create an account and download the app (an e-mail address, which doesn't even require verification; a name which you can make up; and a password). What privacy are you giving away, your IP and user-agent? As a security community we'd probably get a lot more traction with our users if we didn't come off as negative, know-it-alls. Done ranting, -------------Baylor University------------- Derek Tonkin Information Security Analyst Information Technology Services - Security derek_tonkin@baylor.edu        254-710-7061 ---------------Sic 'em Bears---------------
Message from mclaugkl@ucmail.uc.edu

I love my Kindle, I love my Kindle IPhone App, I love my Kindle Android app and I love my Kindle computer app. By the way did I mention that I love my Kindle? :-) Thanks for pointing out the free gift of weekend reading. Have a great weekend everyone, - Kevin Kevin L. McLaughlin,  CISM, CISSP, GIAC-GSLC, CRISC, PMP Chief Information Security Officer (CISO) and Assistant Vice President Administration and Finance University of Cincinnati 513-556-9177 TEWG-Region 6 TLO   The University of Cincinnati is one of America's top public research institutions and the region's largest employer, with a student population of more than 41,000.
Message from don@donblumenthal.com

I have an Amazon account from which I download Kindle books regularly for a Kindle, iPad, and Android phone, and have no reason to question Amazon's security or privacy practices. I'm also part of the "security community" but I intend what' s to follow merely as an observation, not a criticism. I intend to download the book but, despite the fact that I can understand why free distribution is being done this way, I still find it ironic that I must disclose information in order to get something that's being made available at no charge in honor of DPD. Don
Valarie, I find that irony like beauty is frequently in the eye of the beholder. Unfortunately, unlike acknowledging beauty, irony can also be mistaken for criticism. I doubt the amazon.com requirement is a problem at all for most of us. For those who wish to read it anonymously, well, Barnes & Noble can provide a printed copy in exchange for cash. This is a nice present. Thanks to EduCause, the author and the publisher. It's a thoughtful gesture and maybe good marketing too. Chuck Charles F. Dunn Information Security Officer University at Buffalo 716-645-3582 On 1/27/12 2:30 PM, Valerie Vogel wrote: > Please note: Although the download is only for Kindle, Amazon has free reading apps for the iPad and other devices. http://www.amazon.com/gp/feature.html?ie=UTF8&docId=1000493771 > > They also have a new Kindle Cloud Reader so you can read it on your computer using a browser: https://read.amazon.com/ > > If the previous download link does not work, go to > http://www.amazon.com/lol-OMG-Reputation-Citizenship-Cyberbullying-ebook... > >
I apologize for the tone, I shouldn't have been so direct. I suppose where I'm confused is that I view Data Privacy Day as a time to educate users on where it is appropriate for them to divulge information and what information it is reasonable for companies, organizations, etc. to be asking for. I had not thought of it as teaching users to never disclose information. I'm curious what the stance is of others on the list. As someone who participated in the Educause working group for DPD I'd like to be sure that my approach more or less aligns with the rest of the Educause Security community so that we are headed in the right direction for next year. We have a DPD post-mortem meeting coming up and I'd like to have some information as to where you all stand on what the purpose of DPD is. If you'd like to reply directly I'll summarize and report back to the list with the results. Thanks, -------------Baylor University------------- Derek Tonkin Information Security Analyst Information Technology Services - Security derek_tonkin@baylor.edu        254-710-7061 ---------------Sic 'em Bears--------------- -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY@LISTSERV.EDUCAUSE.EDU] On Behalf Of Don M. Blumenthal Sent: Friday, January 27, 2012 2:10 PM To: SECURITY@LISTSERV.EDUCAUSE.EDU Subject: Re: [SECURITY] Free Download of Matt Ivester's Book Available Now (until Jan. 30)! I have an Amazon account from which I download Kindle books regularly for a Kindle, iPad, and Android phone, and have no reason to question Amazon's security or privacy practices. I'm also part of the "security community" but I intend what' s to follow merely as an observation, not a criticism. I intend to download the book but, despite the fact that I can understand why free distribution is being done this way, I still find it ironic that I must disclose information in order to get something that's being made available at no charge in honor of DPD. Don
On 01/27/2012 02:30 PM, Tonkin, Derek K. wrote: > John, > > Pardon the rant but what is the irony here? > > I mean I suppose you were hoping that you could just download an ePub copy, right? So far as I can tell the author > hasn't produced the book in that format. > > It is Kindle-only which is not my preference but for goodness sakes as "security people" must we always find > something to complain about? I'm not sure what privacy concerns you have with Amazon but it didn't take much info at > all to create an account and download the app (an e-mail address, which doesn't even require verification; a name > which you can make up; and a password). What privacy are you giving away, your IP and user-agent? As a security > community we'd probably get a lot more traction with our users if we didn't come off as negative, know-it-alls. > > Done ranting, > > -------------Baylor University------------- Derek Tonkin Information Security Analyst Information Technology Services > - Security derek_tonkin@baylor.edu 254-710-7061 ---------------Sic 'em Bears--------------- As someone who understood John's irony (and agrees with it), the reason for the irony is that to some of us, the word "free" means completely unencumbered by DRM, not just "ostensibly costing $0.00 in terms of capital outlay." Additionally, it seems (to me) a fairly clever marketing ploy by Amazon. They offer this book for "free" and in exchange they (probably? hopefully?) get a bunch of new people to sign up for Amazon accounts. Pretty good deal for them. Am I being cynical? Or realistic? Or both? Derek, I don't think your rant was unwarranted either, I can see your side of things. But I hope no one minds me sharing (I hope politely) my opinion. be well, ~c -- Charlie Derr Director of Instructional Technology Bard College at Simon's Rock
On Jan 30, 2012 Derek wrote: I apologize for the tone, I shouldn't have been so direct. I suppose where I'm confused is that I view Data Privacy Day as a time to educate users on where it is appropriate for them to divulge information and what information it is reasonable for companies, organizations, etc. to be asking for. I had not thought of it as teaching users to never disclose information. > My preference is to take the first approach of education rather than prescription. My experience indicates that we cannot protect users from themselves. I believe we have a duty to educate users so they can make informed decisions based on their understanding of data responsibility and accountability. If we have been effective they should be better able to protect their data and privacy. IMHO, Wayne
And actually you can now read it in the Cloud -- you don't have to install the Kindle software anywhere (you just have to have and login to an Amazon account).
They might even get a few to install the Kindle app or buy a Kindle.
Message from john.ladwig@so.mnscu.edu

I need to look over the descriptions of DPD, to see to what degree they cover the issue of the current massive trend of providers/developers/etc offering "free" - which actually isn't free, because they're collecting data which they reuse/resell/etc in order to cover costs. Like yesterday's massive Google thread mentioned a time or two. I haven't dug down deeply into Amazon's Kindle and other user/privacy agreements, at least not in long enough that they've no doubt "evolved." I suspect that Amazon, like Apple, will generally have enough use internally for monetizing "customer" (or, "product" in the case of those on the Facebook end of the continuum) data that they're not doing bulk-reselling or partner-ad networks. But I'd wager a pitcher of real ale that getting an ebook onto a Kindle/-app and reading it discloses or links to rather more than an IP address and a User-Agent string. And that, for at least some of us, makes it a privacy consideration. Didn't mean in any way to criticize DPD, anyone involved in it, or the author of what seems like it could be a very helpful book. -jml -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY@LISTSERV.EDUCAUSE.EDU] On Behalf Of Derek K. Tonkin Sent: Friday, January 27, 2012 2:27 PM To: The EDUCAUSE Security Constituent Group Listserv; John Ladwig Subject: Re: [SECURITY] Free Download of Matt Ivester's Book Available Now (until Jan. 30)! I apologize for the tone, I shouldn't have been so direct. I suppose where I'm confused is that I view Data Privacy Day as a time to educate users on where it is appropriate for them to divulge information and what information it is reasonable for companies, organizations, etc. to be asking for. I had not thought of it as teaching users to never disclose information. I'm curious what the stance is of others on the list. As someone who participated in the Educause working group for DPD I'd like to be sure that my approach more or less aligns with the rest of the Educause Security community so that we are headed in the right direction for next year. We have a DPD post-mortem meeting coming up and I'd like to have some information as to where you all stand on what the purpose of DPD is. If you'd like to reply directly I'll summarize and report back to the list with the results. Thanks, -------------Baylor University------------- Derek Tonkin Information Security Analyst Information Technology Services - Security derek_tonkin@baylor.edu        254-710-7061 ---------------Sic 'em Bears--------------- -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY@LISTSERV.EDUCAUSE.EDU] On Behalf Of Don M. Blumenthal Sent: Friday, January 27, 2012 2:10 PM To: SECURITY@LISTSERV.EDUCAUSE.EDU Subject: Re: [SECURITY] Free Download of Matt Ivester's Book Available Now (until Jan. 30)! I have an Amazon account from which I download Kindle books regularly for a Kindle, iPad, and Android phone, and have no reason to question Amazon's security or privacy practices. I'm also part of the "security community" but I intend what' s to follow merely as an observation, not a criticism. I intend to download the book but, despite the fact that I can understand why free distribution is being done this way, I still find it ironic that I must disclose information in order to get something that's being made available at no charge in honor of DPD. Don
Message from pollockj@evergreen.edu

My response was immediate and reflexive when I saw I would have to create an Amazon account - No Way. It's not worth the bother of having yet another vender nag me. I've reached the point where I don't download most white papers or technical info, because in the current climate it guarantees a sales call. I don't have a thick enough skin to be comfortable telling the caller that I wanted information only and have no current projects, only to be told "We'll call you back in a couple months and see if things have changed." And I have been in the business long enough to remember when technical magazines were real information sources, not just slightly disguised sales pitches. Think "Data Communications" when it was put out by McGraw Hill. I'm not singling out DPD - this is a general issue with Net culture as far as I'm concerned. The Grumpy Curmudgeon Joe Pollock Network Services The Evergreen State College -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tonkin, Derek K. Sent: Friday, January 27, 2012 12:27 PM To: SECURITY@LISTSERV.EDUCAUSE.EDU Subject: Re: [SECURITY] Free Download of Matt Ivester's Book Available Now (until Jan. 30)! I apologize for the tone, I shouldn't have been so direct. I suppose where I'm confused is that I view Data Privacy Day as a time to educate users on where it is appropriate for them to divulge information and what information it is reasonable for companies, organizations, etc. to be asking for. I had not thought of it as teaching users to never disclose information. I'm curious what the stance is of others on the list. As someone who participated in the Educause working group for DPD I'd like to be sure that my approach more or less aligns with the rest of the Educause Security community so that we are headed in the right direction for next year. We have a DPD post-mortem meeting coming up and I'd like to have some information as to where you all stand on what the purpose of DPD is. If you'd like to reply directly I'll summarize and report back to the list with the results. Thanks, -------------Baylor University------------- Derek Tonkin Information Security Analyst Information Technology Services - Security derek_tonkin@baylor.edu        254-710-7061 ---------------Sic 'em Bears--------------- -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY@LISTSERV.EDUCAUSE.EDU] On Behalf Of Don M. Blumenthal Sent: Friday, January 27, 2012 2:10 PM To: SECURITY@LISTSERV.EDUCAUSE.EDU Subject: Re: [SECURITY] Free Download of Matt Ivester's Book Available Now (until Jan. 30)! I have an Amazon account from which I download Kindle books regularly for a Kindle, iPad, and Android phone, and have no reason to question Amazon's security or privacy practices. I'm also part of the "security community" but I intend what' s to follow merely as an observation, not a criticism. I intend to download the book but, despite the fact that I can understand why free distribution is being done this way, I still find it ironic that I must disclose information in order to get something that's being made available at no charge in honor of DPD. Don
It's not free at all. If it were free then you would be permitted to download it without needing to sign up or have an account. (or have cookies enabled ...) Many companies continue to train people to give away their information as if it is meaningless. If you choose to download this book then there is a price. As with all purchases the PRICE has a different VALUE to each person. $1,000 means more to some and less to others. Just like money, purchasing habits & contact information mean more to some and less to others. Calling it free is simple misleading. The price is information about the purchaser. For a book honoring Data Privacy, that sounds ironic to me. -Vik Vik Solem, CISSP, Sr. Applications Risk Consultant Tufts University, Information Security, vik.solem@tufts.edu / 617-627-4326 InfoSec Team: information_security@tufts.edu / 617-627-6070 On Jan 27, 2012, at 14:21 , John Ladwig wrote: > And, you can't download the free book without logging in to Amazon. And, near as I can tell, it's Kindle- or Kindle-apps-only. > > In honor of Data Privacy Day. > > The irony, it drips. > > -jml > >
Message from mclaugkl@ucmail.uc.edu

Unless they already have that information on file...... then it sounds, feels and looks free to me. - Kevin Kevin L. McLaughlin,  CISM, CISSP, GIAC-GSLC, CRISC, PMP, ITIL Master Certified Chief Information Security Officer (CISO) & Assistant Vice President TEWG-Region 6 TLO University of Cincinnati 513-556-9177   The University of Cincinnati is one of America's top public research institutions and one of the region's largest employers, with a student population of more than 42,700.
That's because you love your Kindle. ;-) thx steve
I apologize in advance for continuing this thread but I feel there is a meaningful discussion to be had here. First a few points of clarification: - the book is normally $9.99 for the Kindle version (the paperback is $12.78 at Amazon and Barnes & Noble, it is not available for Nook or in any other ePub format) - the book is being offered for free by a partnership between Intel and the Stanford Student Association For those of you objecting to/upset by this, is it because: - you do not think author's writing books on the topic of protecting privacy should sell them through Amazon or anyone else who collects user data during the purchase process - you do not like the use of the word free and would have had no objection had the wording been different (if so how) - something else completely Thank you for any feedback you send, Derek
I object to the use of the word "free" when it is used incorrectly. The download is not free. The book may not be obtained without giving information. Were the book free then I could download it anonymously and read it. This is not the case. As Information Security professionals I urge that we keep a high standard regarding the use of information. Information has value. The license agreement for downloading the material requires information about the person doing so. If it were a simply link to content then I could download it for free. (e.g. Use Tor and private browsing to pull it onto my local machine and read it there.) In a group of people who don't understand Information Security the issue would be meaningless. In a forum of people who understand Information Security, the notion that Information has no value is simply not true, and should be challenged. I believe I've done so, and I have not explained why I did so. I'm not telling anyone not to download the book. If there were a version I could read for zero dollars then I'd have downloaded it already. (I don't have a Kindle.) I'd still call to light the fact that it's not free. For me, the price of giving Amazon information about my interests in that item would be worth the value of getting the item. -Vik Vik Solem, CISSP, Sr. Applications Risk Consultant Tufts University, Information Security, vik.solem@tufts.edu / 617-627-4326 InfoSec Team: information_security@tufts.edu / 617-627-6070 On 2012-01-30 10:37 , "Tonkin, Derek K." wrote: >I apologize in advance for continuing this thread but I feel there is a >meaningful discussion to be had here. > >First a few points of clarification: >- the book is normally $9.99 for the Kindle version (the paperback is >$12.78 at Amazon and Barnes & Noble, it is not available for Nook or in >any other ePub format) >- the book is being offered for free by a partnership between Intel and >the Stanford Student Association > >For those of you objecting to/upset by this, is it because: >- you do not think author's writing books on the topic of protecting >privacy should sell them through Amazon or anyone else who collects user >data during the purchase process >- you do not like the use of the word free and would have had no >objection had the wording been different (if so how) >- something else completely > >Thank you for any feedback you send, >Derek > >
Message from mclaugkl@ucmail.uc.edu

But now among my peers I have to take this into a different arena and into an area that is a pet peeve of mine. I won't say what my belief on what I am saying is just yet but here's the question: As Information Security professionals we classify data - from our professional viewpoint is data that is classified as public really worth anything? Would we encourage the expenditure of funds to protect it? - Kevin Kevin L. McLaughlin,  CISM, CISSP, GIAC-GSLC, CRISC, PMP, ITIL Master Certified Chief Information Security Officer (CISO) & Assistant Vice President Administration & Finance TEWG-Region 6 TLO University of Cincinnati 513-556-9177   The University of Cincinnati is one of America's top public research institutions and one of the region's largest employers, with a student population of more than 42,700.
Message from r-safian@northwestern.edu

Why are we even having this discussion? Unless some of us are living in a cave, it's likely that most of us have already dealt with Amazon. If you want to be a super privacy nut, or wordsmith, knock yourself out, but, please do it on a list that isn't focused on security. Man, somebody does something nice and they get crap for it. That's wrong. Sorry, but, this ticks me off.
While I don't have a Kindle I do have the App on my iPad. I just got the book. thx steve
Hear, hear. What Roger said.

Ironically, the book (which is pretty good, in my opinion) cautions repeatedly that things you do on the Internet may be interpreted in ways you didn't intend...

--Dave

--

DAVID A. CURRY, CISSP • DIRECTOR OF INFORMATION SECURITY

THE NEW SCHOOL • 55 W. 13TH STREET • NEW YORK, NY 10011

+1 212 229-5300 x4728 • david.curry@newschool.edu




On Mon, Jan 30, 2012 at 12:33, Roger A Safian <r-safian@northwestern.edu> wrote:
Why are we even having this discussion?  Unless some of us are living in a cave, it's likely that most of us have already dealt with Amazon.  If you want to be a super privacy nut, or wordsmith, knock yourself out, but, please do it on a list that isn't focused on security.

Man, somebody does something nice and they get crap for it.  That's wrong.  Sorry, but, this ticks me off.

> If there were a version I could read for zero dollars then I'd have downloaded it already. I was able to access the book by logging in with a username of "cypherpunks@toad.com" and password "cypherpunks". For the non-cognoscenti -- many websites requiring registration of have been visited by the followers of Guido Fawkes, John Johnson, et. al and registered with username and password "cypherpunks" or "cypherpunks@toad.com" where an email address was required. I was able to use Amazon's Cloud Reader to read the book. However, of course the book was still not "free" (according to the Richard Stallman and Free Software Foundation definition). - Morrow