Think of the children

Last week, the Times ran an article about a new website promising to be “Facebook for Kids”: School Together Now. According to the article, an ordinary mother of 3 got the idea for the site to allow parents to be more involved with their kids, and to give children aged 7-12 the benefits of social networking (Facebook, for example, limits membership to those older than 13). School Together Now is set to officially launch on the first of the year, but is already open for public registration and has been written up several times by the press.

We’ll leave the question of whether young children need a social network for sociologists and psychologists; there are difficult enough questions on how to design security for this vulnerable age group. Jonathan Anderson and I reviewed School Together Now and were disturbed with its lack of answers. The first thing we noticed was that logging in without entering any username or password provided full access via the account of the user “Amber Munt” (this works from the log-in box displayed after clicking “Children->Register/Login”). The next thing we noticed was the site’s About Us page, which states the goal of allowing advertisers to “Get themselves in front of their favourite customers (i.e. parents with deep pockets!)” Further investigation revealed a pattern of poor security choices driven by the desire for rapid commercialisation, which is inexcusable for a site specifically marketed at young children.

Linking online users to real-world people is a difficult problem, but it is particularly important in a social network for children. School Together Now, however, makes no attempt to ensure that users are who they claim to be. Creating an account requires just an email address and a name. Neither of these values is checked, so a user could be anybody: a child, an adult, a child predator, a web spider, or a spambot (we have already observed a profile consisting solely of information about an online Viagra distributor). Furthermore, no attempt is made to verify a user’s age. While this is difficult for a website to do reliably, it is good practice to at least require users to declare their age. Lying about one’s age provides evidence of malevolence which can be used during prosecution, and is a crime by itself in some countries. Currently, one can create an account giving unlimited access to the site without providing any false information or even agreeing to terms of service! The site similarly makes no effort to verify claimed affiliation with a school or a parent account. We were able to link our test account to any primary school we wished. Facebook, by comparison, requires a valid email address in a school’s domain to join academic sub-networks. Child accounts can also accept a parent link request with a single click. This is asking for trouble, as children might feel obliged to accept a request from generic names like “Mom” or “Dad”.

School Together Now’s information sharing model is also fundamentally broken. The default settings share all entered information, which could include email addresses and phone numbers, with all users on the site–who could be anybody. Although the website classifies users into groups like children and parents (and also “advertisers”), there are no restrictions on communication between them. Furthermore, all users can post information to forums, which are viewable to the global internet–even search engine caches! Information posted by users may be reviewed by moderators and deleted, but we were able to locate clearly sensitive information such as age, personal habits, school membership,and location, which had been left in forums for weeks. There is also a “private messaging” function which allows users to communicate directly with each other outside of the moderation system.

With these design choices, School Together Now has chosen to ignore industry best practices and official recommendations of the European Network & Information Security Agency (ENISA) and the Home Office. Registration at sites like Facebook and MySpace requires at least a valid email address, verified by a registration message (a valid school email to join a specific school network), and agreement to terms of use which includes a declaration of age. More restrictive sites, such as the travel site Couchsurfing, require physical verification of an address using the post. Online social environments aimed specifically at kids typically provide even more security. Disney’s Toontown Online game, for example, only allows free-form chat except between friends who have been verified out-of-band. This is appropriate for a children’s site, where the goal is to communicate with existing friends, not finding new ones. Finally, it is necessary to provide a clear mechanism to report abusive behaviour on each page of a site aimed at children. The current website implements two (incompatible) means of private messaging, but no clear system for reporting abuse! School Together Now has and has further ignored several ENISA recommendations such as having privacy settings default to the highest level.

As a result, information shared with School Together Now is as visible as that on a public internet forum. From a security perspective, though, School Together Now is far worse because it claims to provide a “safe and secure environment for children” (conceivably a violation of truth in advertisement guidelines). The perceived security encourages disclosure of private information by children, the site then functions as a convenient aggregation point for predators to trawl.

Why would a website, ostensibly started by a concerned mother, launch with such lax security? Why would the site have fewer safety measures than Facebook, which specifically excludes children for security reasons? Numerous coding flaws in the site indicate both rushed engineering and a preoccupation with advertising revenue: “Advertisers” are a user class, links to “Classified Ads” and “Job Postings” are prominently displayed throughout the site, and even children are encouraged to “Become an Affiliate” and “Start Earning Today!”

There are interesting questions about the nature of children’s internet experience in the future. Currently, popular children’s sites such as Toontown Online, Club Penguin, and Webkinz are primarily intended for playing games and have only very weak social networking features. If there is real demand for social networking for children, it’s not being met by the major players like Facebook and MySpace, although both are fighting aggressively to grow their user base. Major sites may be scared away from registering children for fear of bad publicity or legal liability-leaving the door open for smaller companies like School Together Now to target this demographic despite completely inadequate security. Fools rush in where angels fear to tread.

7 thoughts on “Think of the children

  1. IANAL but I thought the age limit of 13 was because of US law making it awkward to keep data on under-13s. (“Because of federal law, we cannot collect any personal information from a child under the age of thirteen without the consent of that child’s parent.” — http://web.usabaseball.com/about/privacy_policy.jsp)

    I wonder how this in the OFT news affects the advertising potential of the site.
    (Quoting from http://www.fool.co.uk/news/your-money/2008/11/28/another-21-trader-scams-banned.aspx )
    Adverts mustn’t include anything to encourage children to buy advertised products or persuade their parents to buy the products for them. For example, a firm cannot advertise a comic book for children and state: ‘Read about the adventures of Fluffy the Bunny in this new comic book each week – ask you mum to buy it from your local newsagents’.

    ” Lying about one’s age provides evidence of malevolence which can be used during prosecution, and is a crime by itself in some countries.” – there is the recent terms-of-service as crime aspect to a US harrassmment case leading t suicide, but that may be an unusual application because of the circumstances. Otherwise on many occasions it’s advisable and harmless to conceal your true dob to defend against “identity theft”.

    Privacy concerns prevent me from saying who was passing through King’s Cross station last night.

  2. Quite right you are to mention the USA’s Child’s Online Protection Act (COPPA) as a primary disincentive for the major social networking services to serve the under-13 demographic, the decision against Sony this week is making that look like a wise decision. Thanks for the links as well.

    Learned from the comments over on the Register article covering this blog post that there’s at least one other startup competing with School Together Now, creatively named: http://facebookforkids.com/. They were a bit worried that bad publicity for School Together Now with “Facebook for kids” in the title would hurt their brand name, although frankly I can’t see their brand name not causing a few other problems.

    This appears to confirm my suspicion that multiple websites will try to cater to this demographic. The point isn’t to beat up one or another, but to figure out how to really build a secure children’s site, if that’s even possible. It’s received almost zero research from the computer security community thus far, and we’re seeing the results.

  3. Interesting stuff, well done guys.

    I think the long and short of this is that the site went live before it should have done. Another 6 months of hard work and they could probably have ironed out the glaring faults and maybe made the business model a little less in your face too. Ok it would still have had problems, but not opened itself up for a damning critique.

    Clearly this site currently falls a long way short of all the standards you have pointed to, but I’d venture that a lot of the security measures in online sites for children are about ass-covering these days. Not that ass-covering isn’t necessary : it’s become part of life. I just find it difficult to take these kinds of risks seriously when I compare them to crossing the road (kids), and driving a car (adults). And in this environment of risk aversion, it seems there is a no-win situation for people providing facilities for kids:

    1. childcare is so fraught with risk these days it has to be left to the professionals
    2. professionals only do stuff to make money

    Therefore any amateur site is going to be woefully insecure or poorly managed and resourced. And any professionally run site is going to have an insidious thread of commercialism running through it that is ultimately just using the kids as tools to make money out of someone. SchoolTogetherNow isn’t polarised at one end or the other of this amateur-commercial continuum, but to my mind, wherever you are on the scale, you are going to get accused of failing to “think of the children”.

    Mike

  4. @Mike. You say “professionals only do stuff to make money”.

    I think the real issue is that childcare professionals (a) walk a tight-rope of legislation and do not want to get involved in anything that might risk their reputation in public and (b) are aware how difficult it is for a Website to legally make money off kids.

    So any professional or knowledgeable amateur who is invited to get involved in a start-up Website for children will run a mile, leaving it to be run by clueless amateurs, however idealistic they may be, and however worthwhile the project.

  5. The problem is that “concerned mothers” do not have much idea of website/information secuirty. This reminds me of the dot com boom, where folk with the barmiest of ideas could get together with venture capitalists, thern bail out when the site was floated on the stockmarket. These people had no or little idea of business, resulting in the bubble bursting.

    Sites like Facebook and Myspace (particularly Facebook) could be accessed using mum’s or dad’s email address, though this presumes children are more technically savvy than their parents (which is often the case).

    Children should be supervised when they are online.

  6. She raced down them, not slowing when she reached ways that were unfamiliar to her. Hed tried to get his men to turn back, then, when they wouldnt, to fight. A number of prices? His fingers dug into the sand when Arkir pushed off him to find another opponent. Frustration and anger buzzed, blurring her vision. Her heart rate followed suit. She and Radin dined with Hyle and Gala in their rooms. Her fingers slid in, unhindered. She could still turn away and leave. I realize just saying it isnt enough, but I have to start somewhere. Would be nice if she mentioned the word love. At the end of her rope, Eyrhaen rushed for the door. She groaned, twisting the wrists in Tykirs grasp, rotating the hips pinned under Lanthans weight. What they had this moment was less, but also so much more. It sparked the flame, and she dropped to scream into the mattress. She gasped, stiffening when Brevin lost patience and thrust hard from underneath. Radin turned his head to look toward her, smiling. But I knew theyd eventually leave me. She was so close She would have had to come to terms with the fact.

Leave a Reply to Joseph Bonneau Cancel reply

Your email address will not be published. Required fields are marked *