names contain identifying information. Examples:
1. First Name: Makes it easier for strangers to appear to know the student
personally.
2. Last Name: Makes their family more easily identifiable, and therefore easier
to track a home address, phone, etc.
3. Graduation Year: Tells people how old they are.
4. User selected non-name (e.g puppylover) provides insight into their
interests.
5. The domain name of the email (if that is required as part of the sign up)
says which school you go to.
So given that, which has the lowest over-all risk? It is probably first name
since that is most like information that will be shared anyway as part of the
on-line exchanges so you have minimal indirect exposure. But first names are
common so you will need to throw in some random numbers to keep them unique (3
digits should do). From a security perspective, user selected non-name would be
next best, but is a management nightmare. I used to let the kids name their own
laptops and that was a struggle (name contention, inappropriate language, etc.).
The second problem is that the same user name is used across multiple services.
This allows for building a content profile based on the username, which when
aggregated, often allows for an individual to be identified and sometimes more
easily that with a direct first/last name combination, especially for common
names. To prevent that, you need to assure the content is not publicly
accessible, so a profile cannot be built, or use different user names so they
can't be aggregated. Since security typically gets balanced against convenience
over the long run, it is likely that password protecting what you can, but not
use multiple user names, would be sufficient.
In the end though all of these steps are a negative deliverable, as most
security is. It is hard to prove that any of them resulted in greater security
or prevented harm and as more data becomes available it appears that, while
these kinds of security measures make us feel good about being proactive they
are not the source of harm to children:
http://www.apa.org/news/press/releases/2008/02/sex-offender.aspx . As long as
you have a consistent policy that is not a barrier to use you should be fine, as
should your children.
_J
____________________________
Jason at jasonpj@yahoo.com
________________________________
From: Greg Stevens <gstevens@micds.org>
To: ISED-L@LISTSERV.SYR.EDU
Sent: Tue, October 19, 2010 9:38:19 PM
Subject: Question about system-wide usernames
In our K-12 school we use first initial and last name for user accounts.
As more online services become integrated with our network, it seems our
lower school students are leaving a trail of "private" information behind
them in wikis, blogs, and VoiceThread. We follow general guidelines to
avoid revealing combinations of identifiers (no first name with a picture,
not naming people or our school in videos, adopting aliases, etc.).
However, our student usernames automatically compromise attempts at
privacy by revealing last names. Do other schools have a successful
strategy for creating system-wide usernames and passwords that are mindful
of young students' privacy (and need to keep things simple)? Thanks.
Greg Stevens
Lower School Coordinator of Instructional Technology
MICDS
St. Louis, MO
[ For info on ISED-L see https://www.gds.org/podium/default.aspx?t=128874 ]
Submissions to ISED-L are released under a creative commons, attribution,
non-commercial, share-alike license.
RSS Feed, http://listserv.syr.edu/scripts/wa.exe?RSS&L=ISED-L
[ For info on ISED-L see https://www.gds.org/podium/default.aspx?t=128874 ]
Submissions to ISED-L are released under a creative commons, attribution, non-commercial, share-alike license.
RSS Feed, http://listserv.syr.edu/scripts/wa.exe?RSS&L=ISED-L