Spoofing inside a walled garden

  • Article

Microsoft chairman Bill Gates has described Facebook as a walled garden, that is to say, inside is very nice but only certain people can get in.  Facebook is based on trust, only friends can view your profile and not just any old person can talk to you.  They first have to acquire your trust.  This is actually a lot like challenge/response email filtering (which many in the antispam community have great disdain for... you guys know who you are).  This contrasts from MySpace where anyone can add you to their friends list.  This is similar to email with no spam filtering.

This Facebook security model works only so far as users implement it.  By that, I mean that so long as you are screening the people who try to add you as friends, you should be immune from people sending you random messages or cluttering up your inbox since only people you trust are allowed to talk to you.  However, if you start adding people who you don't know to your friends list, you risk opening up your walled garden to people you wouldn't normally communicate with.

And this brings me to my recent Facebook experience.  I have had one person get in contact with me who knows me through this blog and when they requested to add me, they said that they know me from the blog.  I granted this request.  However, in the past few weeks, I have had two people (girls in their twenties, from the looks of their profiles) request to add me as friends even though I don't know who they are.

So I'm in a bit of a dilemma.  Now, I know I'm pretty awesome and everyone wants to be my friend, but do I open up the risk of allowing these people into my walled garden?  Perhaps they know me from my blog... but perhaps (probably) it is a mistake of mistaken identity.  What do I do?  I could add the person to my profile and check out theirs to see if I know them, and if not, remove them.  The weakness of this is that I'm kind of lazy and might just forget about actually taking the time to do this.  On the other hand, I could simply refuse the request.  Maybe I've been in security for too long but I'm kind of paranoid about these kinds of things (particularly since I know people who will troll my Friends list in order to pull pranks on me... I banned those people from my profile).

So really, my point is this: if you're going to add someone to your Facebook Friends list, if you're not sure your potential friend knows who you are, at least send them a message explaining who you are to jog their memory.