Cheerleading coach extorts Facebook credentials, spreads private info

Ars Technica reports on a case very similar to the recent flap over the city of Bozeman, Montana, requiring social network login information to apply for employment (a policy since rescinded). This case involves a high school cheerleader in Mississippi which was pressured into giving her Facebook login credentials to her cheerleading coach. The teacher found a heated discussion of some of the cheerleading squad’s internal politics not intended for the coach’s–or school administrators’–prying eyes, and resulted in the student being sanctioned.

From the article:

The Student Press Law Center has more detailed account (via TechDirt) of the events, in which it reports that several other students asked for their logins simply deleted their accounts using their cell phones, preventing this sort of intrusion; the schools apparently have a filter that blocks access to its Web interface from school computers. It also suggests that the initial search of the Facebook accounts was done with the intent of finding pictures of the students smoking or drinking.

Of course, the best move for the students would have been to simply state that Facebook’s Statement of Rights and Responsibilities prohibits the sharing of one’s password or other authentication info:

\6. You will not share your password, let anyone else access your account, or do anything else that might jeopardize the security of your account.

Please, remember this, and pass it along to friends or family members, especially younger ones who are still in high school or middle school and thus most vulnerable to having their credentials extorted.

Even if the search was simply for pictures of students being naughty, the coach or administrators could have done this using their own personal account and limited sanctions to those pictures accessible to the public. As it stands, the school administration has a nasty lawsuit on its hands, and an ex-cheerleader hopefully has a huge and well-deserved payday in exchange for unjust humiliation and disciplinary action.

Palm’s leaking mobile phone miscue

Matt Hartley writing for Lockergnome reports on a disturbing privacy problem with the Palm Pre, citing a BBC story. The detail of data being sent back to Palm is rather alarming, including user location, application usage patterns, and a list of applications installed on the phone.

Palm’s PR department, of course, responds with more spin than a Steve Mizerak masse shot. Quoting the BBC article:

Palm issued a statement about Mr Hess’ discovery and said it “offers users ways to turn data collecting services on and off”.

It added: “Our privacy policy is like many policies in the industry and includes very detailed language about potential scenarios in which we might use a customer’s information, all toward a goal of offering a great user experience.”

“We appreciate the trust that users give us with their information, and have no intention to violate that trust,” said Palm.

Excuse me Palm, but I really think you just did exactly that. I would be willing to bet it has been intentionally made difficult to turn off the “data collecting services” you refer to.

It’s inexcusable to leak that kind of detailed data and bury it under some kind of legalese “privacy policy.” How about being honest about this and telling the user, in plain English, you’re going to do this the first time the phone is turned on?

And we wonder why Palm nearly went bankrupt. Wonder no more. At least now we know this time they’re going to sink for a good reason.