Figure 1 – The Johari Window devised by Joseph Luft and Harry Ingham

The Johari Window is a model for describing personal awareness types and human interaction.

Quadrant A: encapsulates personal awareness and a wish to share information with others, for the purposes of simplicity assume this means publicly.

Quadrant B: encapsulates personal awareness of a different type. The motivations for concealment are plentiful (bad habits, competitive advantage, Machiavellianism, protection of personal interests etc.). The size of this box tends to diminish as trust relationships expand, however I contend: a) there are many types and levels of concealment implied here and b) many different levels of trust in different social circles.

Quadrant C: encapsulates weak personal awareness and misinterpretation (we assume others see us as we see ourselves, but this is not the case). This quadrant (in the context of Social Networking) provides an interesting opportunity for introspection and awareness development from social feedback, Social Network Analysis and sentiment analysis. This is a box full of brambles!

Quadrant D: Donald Rumsfeld’s infamous Known Knowns speech of 2002 sums up this quadrant.

A Prophetic View

Just under two years ago I wrote a somewhat prophetic article concerning Privacy and Social Networks in which I argued for the need for additional privacy controls and multiple walled gardens within social networks. Facebook lists were a crude approximation, but Goolge+ Circles now excel at delivering the concept. A sister post in February 2010 discussed Social Search and the Integrity of the Social Graph, concluding that Google was heading (with purpose) into the Social Networking space.

What I said back in January 2010:

Visualisation of Social Network privacy controls is poor. The granularity of access controls is too coarse. My solution would be creation of (either my privacy “Onion model”) or perhaps more simply a ‘radar’ or quadrant model on which connections could be placed within ‘trust zones’ (by dragging and dropping them onto the appropriate region). Configuration is half the battle, and visualisation of the resultant privacy controls effect is essential. This is where current controls are weakest. I also want multiple walled gardens to play with (where I could segregate user groups) and ensure no (uncontrolled) information leakage between…

A trust and privacy ‘radar’ would be equally interesting, with those closest to the centre having the greater trust relationship and access to more personal data.

The Johari Window and Google+ Circles

Figure 2 – The Google+ Circle Model

I have a number of Circles within Google+: Friends, Family, Acquaintances, Scientific Community, Social Media, Politics, Techies etc. There is also a ‘Public category’ which maps neatly onto Quadrant A of the Johari Window.

Quadrant B maps neatly to the different circles (Friends, Family etc.). This creates controlled separation, where I can isolate various topic discussions. This helps prevent Family members from being bored by discussions about Social Network Analysis or Social Psychology! Equally it saves Scientific Community colleagues reading my latest views on the European Union. There is a great deal more depth to this than simple ‘separation of interests.’ Despite what we may think, as multi-dimensional beings, we do not necessarily want everyone in cyberspace or our social sphere having a complete 360 degree view of our personality, interests or social connections.

Quadrant C could make for a ‘fun’ social network game – tell me something about myself that I don’t know, but you do know. Play at your own risk!

Quadrant D is ripe for Reality Mining as long as there is a digital footprint.

The Johari Window provides an interesting thinking framework on which to base an approach to online privacy protection and information sharing across social groups.

Extending the Johari Window for Privacy and Reputation Protection

I propose an extension to the Johari Window (as depicted in Figure 3). As information flows into a Circle we lose control of it. We must assume that we have chosen Circle members well and that each member will understand (and abide) by our privacy wishes in respect of that information. The obvious drawback however is that there is no adequate meta-data associated with the shared information to indicate to Circle members what is ‘allowable’. Perhaps Google will introduce ‘Circle Contracts’ to stipulate between parties what is acceptable!

Adding an A+ box (Figure 3) recognises that there will be information which I am happy to be disclosed by people acting as relays between Circles with no restrictions.

Box B+ recognises information disclosed to certain Circles must stay within that Circle or may be selectively disclosed to other Circles (not under my ownership) which meet certain membership/privacy criteria. There is currently however no way to express this (or manage disclosure across ‘logically chained Walled Gardens’).

Box C+ recognises that there is information about myself of which I am unaware, and would be happy about being disclosed. If it is information which may be publicly disclosed, it fits within box A. If it requires restriction per ‘Walled Garden’ or Circle, it fits within box B.

Box C++ recognises that there is information about myself of which am I unaware, and would be unhappy about being disclosed. This box is ripe for Reputation Protection.

Boxes C+ and C++ are interesting as I would be theoretically unaware of my privacy requirements until the information is disclosed (of course heuristics could be employed).

Boxes B, B+, C, C+ and C++ all have potential for information leakage. As Circles and Networks are highly interconnected, chances are the information could reach parties which you would rather not see it.

Extending the Johari Window and applying this thinking technique to online privacy within Social Networks is useful in terms of surfacing complexity and also challenging personal views of requirements for information management.

Figure 3 – Extending the Johari Window

[source: Steve Nimmons]

“Privacy is an onion” (patent pending maxim); it is situational, temporal and multi-dimensional. Perhaps said axiom should be recast as a ‘genetically modified onion’.

Perusing articles on Facebook privacy control changes from a well-known security company, there is the revelation that “no private information should be on the Internet”. A wise statement for an information security purist, but what constitutes ‘private information’, to what degree is it fluid and are the controls within Social Networks sufficient to allow us to restrict access in the ways we demand / require? What are the ’sociological norms’, and what of ’super-social’ libertines (such as I) that have exceeded Dunbar’s Number by a magnitude of 700%?

How does information aggregation affect risk and perception of privacy control – are we at risk through inference channels in the Social Network? How do we perceive and manage trust? With rigour, paranoia, neutrality; is it earned, easily lost. How do we convey this and ensure our privacy is being managed accordingly? This brief set of questions hints at the complexity: cultural and emotional; qualitative; psychological; behavioural that guides our experiences online. Are Social Networks really equipped to meet sophisticated information management demands from a savvy user-base? How will they augment existing controls to facilitate virtual world technologies and context aware devices that would provide further “locational” (excuse the Social Computing neologism) and situational information?

Today’s Social Network (I take Facebook as a pervasive example) is a walled-garden (in general terms). Most users create a ‘private’ profile and control access by granting or denying friend requests, which can then (by and large) see profile information, pictures, status updates and other friend connections (there are nuances, but for brevity I generalise). My ‘bug bear’ with this model is a) poor visualisation of what effect the setting of privacy attributes has b) it’s not more walls we need, it’s more gardens! I shall elaborate on my latter ethereal viewpoint. Going back to trust, you may trust someone implicitly in the office, but don’t want to entrust them with private information in a personal Social Network. Trust and privacy are also really inter-woven concepts. There are also gradations of trust. For example I might trust someone based on their profession (doctor, airline pilot), but there is a limitation in the trust.

I might trust someone with another career background differently, or the trust may be quite neutral. We need more trust and privacy zones (which need to be explicitly defined and explicitly visible) to place individual connections inside a more sophisticated information handling model within the Social Network. In a rudimentary sense this exists with “Friend’s Lists”. These can be created in Facebook and ‘friends’ added to multiple lists which can then be used to permit or deny access to information at a group level. I term this ‘rudimentary’ as the configuration is somewhat arcane, and the visualisation of the result is best described as disappointing, a point to which I shall return.

Aggregation of information and how this affects risk exposure and privacy concerns are also interesting. Simplistically it might be argued “have a sparse profile with little personal information and this is a non-issue”. Whilst logical from a simplistic perspective, consider the aggregation of information from interaction, commentary, and chat services (etc.) and over time information aggregation becomes an increasing concern. I have also (of late) been thinking about the risk of “Inference Channels” in Social Networks. Database and data mining “theorists” will be familiar with this concept. Without diving into a treatise on Claude E Shannon and Entropy Theory, suffice to say this is concerned with deducible links through network connections and whether knowing about a set of relationships (perhaps even individual pieces of personal information) could lead to the discovery of inferred or elicited relationships or information. This may of course be entirely benign, but the Inference Channel has an implied risk that ‘unknown information’ will be discovered through analysis of multiple relationships (as I mention a known concern in highly secure database systems). A subject on which I have written (at some length) is also the opportunity for Social Engineering and leveraging elicited information for nefarious purposes. I am satisfied that the corporate world is generally cognizant of such risk, but wonder if more could be done in terms of “general public education.”

Risks have a tendency to multiply rather than divide, and the unrelenting pace of Social Network development leads me to concerns over a number of “emerging technologies”. Those that read my recent predictions on Social Network developments will have noted my belief that virtual world technologies will augment the rather unsophisticated and stifled ‘networking’ model that we have today. Context Aware devices will provide further enrichment, but both enrich not only networking experience but also the quality of personal information (now situational) that might ‘leak’. The Social Network’s model for configuring privacy controls, defining trust relationships and visualising the result is not equipped for this (I think it barely struggles with today’s limited demands).

Control, visualisation, predictability have been central themes of my ‘critique’ of existing offerings. I therefore close by suggesting a few improvements and opportunities for development and research in this area:

1. Visualisation of Social Network privacy controls is poor. The granularity of access controls is too coarse. My solution would be creation of (either my GM Onion model) or perhaps more simply a ‘radar’ or quadrant model on which connections could be placed within ‘trust zones’ (by dragging and dropping them onto the appropriate region). Configuration is half the battle, and visualisation of the resultant privacy controls effect is essential. This is where current controls are weakest. I also want multiple walled gardens to play with (where I could segregate user groups) and ensure no (uncontrolled) information leakage between. So my ‘quadrant model’ needs to work in three dimensions!
2. A trust and privacy ‘radar’ would be equally interesting, with those closest to the centre having the greater trust relationship and access to more personal data.
3. Inference Channels are ‘tricky’ due to the myriad of links, attributes and permutations affecting such. I continue to read widely on the subject and would welcome comments on how this might be best addressed. One area that would be interesting to research further would be ‘real-time risk advisors’ (as an example) on chat services seeking to warn users when the aggregation of personal information across “conversations” reaches a certain threshold. This would have numerous applications.

Finally, I hope my musings have not dissuaded anyone from participating in ’speculative networking’. We don’t agonise over privacy concerns before exchanging business cards, so with a degree of care and attention pro-active and speculative Social Networking can be beneficial. But remember, I am a self-confessed libertine!

This article first appeared on the Atos Origin CIO / CTO Blog in January 2010.

Article first appeared in the July 2008 issue of ITNOW.

From interruption to interaction, online advertising has progressed quickly in the last few years, says Steve Nimmons.

Online advertising has been with us since the earliest days of the internet and where eyeballs meet content, advertisers will be close by. The first web portals were (almost uniformly and tastelessly) bedecked with every imaginable flashing widget that might attract a valuable click-through. I will spare the early designers’ blushes but some sites would today come with health warnings for photosensitive epilepsy. Quality had to, and did, improve.

As the popularity of home computing exploded throughout the 1990s we experienced year-on-year exponential growth in the online community. Statistics for 2007 indicate that some 32.5 million people in the UK are now online, spending 16 hours per week on the internet.

Online advertising in the UK in 2007 hit £2.8bn and is currently running at nine times the level of growth of the entire sector. There has been a £2bn leap since 2003, a trend that can be linked to the strong uptake of broadband technologies (now with 90 per cent of the market penetration) and the richer experience offered by web 2.0.

Spending on internet advertising in the UK now exceeds that of press classifieds and regional newspapers. Video sharing services have also played a large part in this success, as advertisers have been able to use richer media and viral marketing. Search currently accounts for 57.1 per cent of all online advertising, display 21.5 per cent and classifieds 20.8 per cent.

Google’s headline advertising revenues have even surpassed ITV1′s, a landmark in the competition between traditional commercial advertising and internet media. UK ecommerce revenue predictions (Forrester UK ecommerce Forecast 2006-2011) foresee a rise from £30.2bn to £52bn by 2011. It is clear therefore that this is a burgeoning market and year-on-year spending growth exceeds 38 per cent (in the UK alone).

Web 2.0 has further ‘tipped the scales’. I describe web 2.0 as having rebalanced the content producer to consumer ratio, enabling a very simple entry point to web participation and content creation and distribution. In real terms this has led to massive growth and fragmentation of the delivery network.

This is characterised by the appearance of tens of millions of blogs, disparate, niche content and entrepreneurs vying for a slice of the monetised blogosphere. Improvements in mobile technologies have created new opportunities to reach audiences.

Social networks, blogs, wikis, video and picture sharing, chat services, forums and many others are competing for attention that used to be the preserve of radio and television entertainment and print media. Social networks are serving up captive audiences in huge volumes, which is quintessential catnip to advertisers.

But there is a problem. Advertising quality issues, abuse, the ‘malware of adware’, volume overload, relevance and level of interruption have been areas of traditional frustration and contention. The web is packed with affiliate programmes and advertising networks.

Google (for one) has been trying to provide better quality click through on sponsored links and suffered market turbulence in March when their ‘quality not quantity’ strategy resulted in a significant downturn in click-through growth. Advertising solutions are admittedly sophisticated but are they really delivering utility to consumers and sellers in line with our changing needs and expectations? What are the emerging challenges and opportunities we will face going forward?

There have been some reasonable attempts at contextual advertising and this is being extended with interesting work in behavioural targeting. I worked in data mining research back in 1993 and remember having many discussions about the way in which the web would emerge as the greatest profiling and personalisation experiment of all time.

I foresee increased velocity in the development of behavioural targeting, but this necessitates behavioural profiling and hence collection, storage and processing of personal data. Social networks and advertisers are keen to leverage this, but have had a great deal of difficulty in selling the concept to users. My view is that, while users would be perfectly receptive to the results, they are not at all comfortable with the means.

Considering that online privacy, phishing, identity theft, data protection and data security are high on everyone’s agenda, and with low levels of trust and high profile data security failures (from social networks to government departments) a great deal of work is needed to quell fears. It really does boil down to trust and ISPs, social networks, traditional sites and advertisers must provide adequate security, transparent policies, opt-outs (many would prefer opt-ins), anonymity, data protection and data destruction.

I would also advocate increased regulation of what information can be collected and sold (although we should not forget parallels with loyalty schemes in the offline world). There have been many examples of negative press in the past number of months concerning Facebook/Beacon, Phorm, deep packet inspection, user privacy, social networking security, preservation of anonymity and many others.

Although largely interruptive in nature, advertising sponsored software as a service solutions (SaaS) are interesting. Offerings such as Microsoft AdCentre equip SaaS suppliers to design and operate targeted ad funded services. Advertising fulfils a role therefore in innovations that provide utility to the consumer by reducing (or removing) total cost of ownership. Of course this has been a characteristic of advertising in the online domain for many years.

The semantic web will add another dimension as it begins to free us from the limitations of traditional key word searches. The semantic web will also be a less contentious mechanism for serving (improved) contextual advertising. There are currently some really interesting innovations in corporate marketing (products, services, and jobs), B2B / B2C and others in virtual environments such as Second Life.

A number of large IT companies (Microsoft and IBM in particular) are leading the way with interactive demos, virtual meetings and presentations, virtual sales representatives and self-service ‘kiosks’ linked to assets on corporate websites. As we edge towards web 3.0 a lot of harmonisation and platform aggregation lies ahead with web 2.0 and new search technologies folding in on virtual worlds.

The virtual shopping malls created in Second Life provide a view of future online retailing and the opportunity for advertising and cross-selling as part of a pure play uninterrupted and interactive customer experience. Semantic search and personalisation through profiling will strengthen this.

Advertising is fundamentally content and must follow the rules. This means relevant, attractive, interactive (at least non-invasive), regulated, ethical and innovative. Competition is fierce and advertising volume can be overwhelming.

Attention is getting harder to grab but desire to drive increasing growth in a booming multi-billion pound industry is unabated. Conversion rates and cost effectiveness are key drivers and advertisers need to match their pace of change with consumer confidence in relation to new methods and technologies.

The backlash against Beacon and public meetings over Phorm indicate that the consumer must not be rushed. The internet has an almost unique position in modern culture, for many a last bastion of escapism. We are profiled regularly in real world retailing, resistance to which has largely faded, but internet anonymity will not be easily surrendered.

Trust, data security and privacy must be addressed with users and not in spite of them. The key sell is advertising as content inline with user experience. Enriching and non-interruptive models coupled with semantic web and web 3.0 herald an exciting future for the industry and internet community.

Article originally published by Evaluation Centre / Conspectus, Summer 2008

Steve Nimmons warns of the hidden threat to corporate privacy and reputation lurking within Web 2.0.

The Historical Problem

I recall (approximately eight years ago) reading an interesting poster on social engineering at a well-known electronics company in California. This wall-chart communicated sensible advice for dealing with unsolicited phone calls, ‘chance’ conversations and the importance of discretion when discussing corporate matters on planes, trains and automobiles.
Topics such as tail gating, the ‘risk of gallantry’, the social and psychological tricks used by experienced practitioners to project ‘belonging’, the need for discretion and vigilance in public spaces and of course ‘clear desk policies’ were explained in concise, relevant and accessible language.

In this way, workforces across this and other enterprises were equipped to deal with the primary aspects of corporate social manipulation. Using in-house and industry standards, they shared the wisdom of primary threats, expected behaviours and above all encouraged staff training and awareness.

I visited many technology start-ups during this time. Their social engineering concerns centred mainly on leakage of financial data and intellectual property. With looming IPOs (initial public offerings) these companies had a lot to lose; the wrong information entering the market at the wrong time could potentially damage earnings.

Intellectual property was naturally their core competitive differentiator and was suitably protected, including legally through patents and non-disclosure agreements. It was clear what they feared, why they feared it and that they were being proactive in terms of minimising their overall exposure to risk. Their perimeter defences, with clear corporate boundaries and technological barriers, tamed Web 1.0.

The Problem Develops

Fast-forward eight years to the introduction and exponential uptake of Web 2.0 and it is fascinating (indeed crucial) to explore the need for similar protection and advice today. The Web 2.0 revolution essentially involves the removal of technological barriers to content publication. Blogs, wikis, forums, social bookmarking and social networks are just some of the means by which individuals can share and debate views (single click, no safety catch).

As we have discovered (or perhaps suffered) in the past few years, the web provides ideal conditions for libel, defamation (perhaps creating internal conflict or damaging partner relationships), careless divulgence of information and the association of the individual and corporations with unflattering and potentially damaging material.

These are arguably Web 2.0 ’s most concerning corporate side-effects. Worryingly, the individual is the power-broker of Web 2.0 and with microblogging (particularly Twitter) tipped for meteoric success, we will see even less control exercised over what are essentially globally distributed sound-bytes.

Pseudonyms provide anonymity, personally or corporately identifiable profiles ‘should’ engender a greater spirit of caution and present an opportunity for positive self and corporate marketing (for example, through blogging and thought leadership initiatives). But what needs to be understood clearly is that the search engines with their omnipresence discover our sins. In print media, yesterday’s news wrapped today’s fish and chips. But in the electronic age, opinion has an almost immortal quality. Search engines have a unique ability to discover and neatly present information that we may prefer remained hidden. Meanwhile, the Web and blogosphere contain a cacophony of voices inside which they are the eavesdroppers and intelligence agents.

There is an adage that Web 2.0 profiles are like tattoos – something you do when you are young and live to regret. But with appropriate controls, education and consideration, companies can seek to accentuate the positives and in sophisticated cases utilise them in personal branding and corporate marketing strategies.

Where once scraper and ‘shill’ sites were padded with ‘pointless’ copies of the Open Directory Project (an old trick to create thousands of pages to bloat a website that was then packed with affiliate programs and click-through advertising), they are now extracting content from RSS feeds, quite a number scraping via Technorati tags that simply mirror their underlying site’s (content) taxonomy. I use Technorati tags to categorise content for improved searching and user experience. I am often amused to see how my articles are ‘aggregated’ onto these sites totally against copyright and any sense of appropriate ownership and control. In some cases the use of such content may be beneficial (eg, offsite advertising), but consider the potential for widespread distribution of commentary.

Keep in mind the traditional political and broadcasting advice to ‘treat every microphone as if it were live’. Something said is difficult to retract in Web 2.0 ’s publishing model. This could affect your personal reputation, privacy, cause corporate embarrassment or perhaps worse. Social engineers are astute, so be careful of being drawn into electronic conversations that should be avoided. Solutions to some of these issues are emerging – including online reputation protection services such as Reputation Defender, ClaimID and Naymz – suggesting both the commercial and personal need to clean up ‘digital litter’.

Digital litter is all those nuggets of information personally linked to you – and be under no illusion that this body of
information is being pored over by fraudsters and marketing companies, and in the corporate realm by researchers and
competitors. Information, of course, is not as volatile as might be imagined. Simply deleting it from the original source is no guarantee of its destruction, with scraper sites, search indexes and historical web caches adding to the complexity. Reputation protection may only dilute some of the problems rather than completely remove them.
We must of course accept freedom of speech and the right of fair criticism. In the Web 2.0 domain, our ‘complaints’ may well be beyond any reasonable bounds of control.

Corporate reputation is also tightly coupled with customer satisfaction, shareholder value, innovation and similar attributes. A key addition to the advice from 2000 is therefore to minimise personal and corporate risk from a system of worldwide electronic publishing where everyone can act as content producers.

Corporate boundaries

As well as shifting the content producer-to-consumer ratio, Web 2.0 has removed some traditional corporate boundaries. In Unified Communications we talk about edgeless enterprises. Web 2.0 warrants a special mention as it has ‘eroded the edge’ through its technological simplicity, whilst also prompting a radical reappraisal of the psychology of home and work.LinkedIn, Facebook, Plaxo, MySpace and associated groups today provide a rich hunting ground for the social engineer. Companies can be significantly profiled. Their names, departments, reporting structures, nature of business, personal links and networks can be mined and prioritised for further attack.

It is relatively easy to comb sites for information to use in ‘impersonation attacks’, extracting additional detail through email, telephony and other channels. With no identity management (ie, no established trust) it is simple to create fake pages, groups and details and use these to link the unwitting.

I am opposed to companies blanket banning access to social networks. Bans of this nature have one glaring weakness – they end when employees go ‘off the clock’. They also restrict the business benefit that could be derived from appropriate use. It’s vital to understand your risk exposure and develop appropriate security policies, best practices and employee education.

Parental education is a recurring theme in the recent Byron Review (established in 2007 to study the online safety of children) and I draw parallels with employee and employer education. Threats are ‘evolutionary’ and social engineering is enjoying an upsurge in the volume and quality of unsolicited, freely and legally attainable information. Reputation protection faces new challenges due to the speed of content production and distribution, a mechanism of such
simplicity and attractiveness that bewildering numbers have embraced it across previously untouched demographics.
There is a strong case for placing the onus on site providers to better protect privacy, but personal accountability must be advocated above all.

Key Points

So the key points that go on my updated wall-chart for 2008 are:

• Explain risk exposure in terms of information leakage, and libellous, defamatory or brand-damaging activities through the employee base. Public comments from identified staff are potentially detrimental to business reputation and relationships.
• Understand and (in many cases) limit the volume of available corporate data on personnel, roles, responsibilities and professional activities – the social engineering goldmine.
• Marketing and IT security play an expanding role in meeting new threats and opportunities.
• Introduce Web 2.0 savvy security policies and training plans. It is no understatement that the proliferation of Web 2.0 opens a sizeable number of holes in the sieve of corporate intelligence (take the recent Facebook security leaks and social worms like Secret Crush as examples). Educated staff can make informed decisions and can better manage their own digital footprint as well as that of their employer. It vital is therefore for modern security training to cover the fundamental dangers of Web 2.0.
• Companies should understand the mechanics of auditing, measuring and defending their online reputation. Web intelligence solutions are particularly useful but the ability to manage remedial action is still fairly undeveloped.
• With appropriate selection, guidance, motivation and controls, there is an opportunity to use the publishing power of Web 2.0 for extremely positive personal and corporate gain.

It is important not to be overtaken or overrun by technological advances. I recently advised a company following its discovery of some unofficial social networking groups (bedecked with company name and logo). These groups were innovative and well intentioned (if naïvely established) and such discoveries indicated corporate IT were losing touch with talented, motivated and active networkers.

Simple editorial control and content audits were set up. It is however important to reflect on the potential for damage as well as the potential for gain if the same enthusiasm were harnessed through focused and ‘moderated’ corporate initiatives.

Summary

Information leakage has reached the point where in April 2008 the Israeli Defence Force (IDF) was compelled to issue a
statement warning that “Facebook was a threat to national security”. At the heart of this was the ‘free and easy’ manner in which members of the IDF were posting personal information, identifying themselves as members of the security services, pictured at sensitive installations and discussing sensitive subjects.

In other words, the problems we face are so potentially damaging that they are now ‘on the radar’ of government security services. Online advertising models deserve an article in their own right, but I would briefly mention privacy concerns over Phorm and the highly publicised ‘Beacon disaster’ championed by an ‘unwisely zealous’ Facebook. These add an additional twist to the complex world of Web 2.0 security.

The best way to respond to these threats is to shape, cultivate, educate and empower your employees. Develop an
understanding of your risk exposure and Web 2.0 ’s threats. The blinkers of a ‘9 to 5’ blackout may be unworthy – but be warned, you lose control of your employees, your personal or corporate reputation in Web 2.0 at your peril.