dozens of accounts and profiles belonging to Russian database provider SocialDataHub
SocialDataHub provides analytical services to the Russian government. Facebook said SocialDataHub were “scraping” peoples information. Who knows how much information, how they used it, or who they sold it too. Facebook don’t. It looks live another 50-million accounts at least. [Check here if your account was compromised.]
The October 8th, Facebook announced their “Portal”, basically a tablet and web cam that allows you to make video calls to other Portal-users, and follows you around the room. Facebook of course says Privacy is
‘Very, Very, Very Important’
But let’s be honest, are you really willing to stay on facebook? Who in their right mind would allow facebook to live video them and not screw up the privacy, and even if they don’t, they’ll be analysing the Sh*t out of everything in every frame to identify things to sell to advertisers about you.
Can facebook do this securely and respecting your privacy? You bet your life not.
#DELETEFACEBOOK Start doing it now. #DELETFACEBOOK, and the women you will wow. (With apologies to Cole Porter).
It turns out Google knew about the vulnerability back in March 2018, but decided not to disclose it as, as far they know, it hadn’t been exploited. If your data was upto date and complete, there was enough there to perform a rudimentary phishing attack.
In my case, my phone number, location and a number of other items were out of date, so I didn’t wait to find out what Google were going to do, I just went ahead and deleted my Google+ account. Google has also announced they will kill Google+ although it’s not clear completely what will be removed.
In the post Google+ world, it’s been clear for a while that Google is moving much of the community and information sourcing features into Google Maps.
Here is a link if you want to go ahead and delete your Google+ profile instead of waiting for Google to clean up the mess.
This is a good explanation of why it is way past time to stop using your Facebook ID to login to other sites. Personally while I still occasionally wish I could login to facebook to check on relatives, otherwise I don’t miss it at all.
No matter what facebook do, there will continue to be security and privacy breaches like this. Facebook wanted to become “the web” and along with that aspiration, they also became a focal point for all the hackers, scammers, and those wishing to game the system.
The questions that Zuckerberg never answered, including this:
How will you be remembered: As one the three big internet giants along with Steve Jobs and Bill Gates who have enriched our world, or as the genius who created a digital monster that is destroying our democracy and society?
Facebook is confronting EU users a new “terms of service” dialogue that denies access until a user opt-ins to tracking for ad targeting, and various other data processing purposes… pic.twitter.com/MiYpfjZLLo
As Facebook scramble to try to head off prohibitive legislation in the UK, Europe and the USA, it’s trying to reinvent it’s history and mission. I’m no Facebook historian, developer, professional watcher but it’s worth remembering some of it’s actual history, bugs, screw-ups and the often terrible defaults it implemented with new features.
I’d long imagined that Mark Zuckerberg was the embodiment of Zeke Hawkins character in the 1993 movie, Sliver. One of the things Hawkins said in the movies about his surveillance was the Google-esq:
We’ll do only good things.
All of the recent disclosures about access to Facebook data isn’t about hacking or other malicious activity, it is about poor design decisions; defaults in privacy that were good for Facebook but not for the user; and ultimately necessary for Facebook’s’ business model. They were not, as Facebook and Zuckerberg oft refer to them as data breaches.
As the voiceover says at the end of the Sliver trailer:
The view from the outside is nothing…. compared to the view…. inside.
My history with Facebook goes back to when it was “thefacebook”. I’d been a regular speaker and panelist at the Silicon Valley World Internet Center between 1998 and 2003 when I gave my last session on Open Source. The center was housed at Stanford University. Over my time there, I made contacts with many professional and personal contacts.
I started using livejournal as an emerging platform for “blogging” and tracking news for my then key triathlon interests in January 2004. That April, through one of the contacts I’d made at the World Internet Center, I was offered a userid to take a look at “thefacebook”. I didn’t spend much time on it, it was fascile, juvenille and voyeristic. I wasn’t surprised to hear that in 2003, the Harvard University administration had charged Zuckerberg with breach of security, violating copyrights, and violating individual privacy.
That set the path that Facebook has followed since then, their design decisions, their defaults, everything has been aimed at making your information publicly available, searchable and collectable. As I texted a few days ago, none of this need happened if Facebook actually cared about privacy. Each and every time they implemented a new feature, they did so by setting the user privacy to the least private allowed.
Great work, completely agree except the last paragraph opt-out. Want the feature? You need to opt-in. This is Facebook problem. Everytime they [Facebook] change something, they take the best default for them not the user, not privacy.
While Facebook claimed they were not selling data, which was probably legally true, but they were always selling access to the data. If privacy was really central to Facebooks management of data, then they would have made the defaults very different than they did.
All those infuriating apps and quizzes that your “friends” were playing Farmville, Candy Crush, etc. let alone the apps that wanted to know actual personal information, like where you’d travelled to etc. For a while in 2007 there was even a class at Stanford known as the “Facebook class” where students, many of whom went on to make hundreds of thousands of US Dollars, were instructed on how to make Facebook apps.
Lover of the Day was installed nearly a million times. If every user that installed it had at least one hundred “friends” on Facebook, that meant through a single app, four hundred million facebook users data could have been exposed and scraped. Even if “Lover of the Day” hadn’t overtly exploited this, it was totally naive rather than malicious.
By the end of 2010, there were hundreds of website scams that were, as far as I can see, just there to harvest your data, and that of your friends. There were numerous websites set up to track these, of which Facecrooks, was and still is one of the best.
When I got my Facebook data, before #DELETEFACEBOOK, I spent an hour searching through the data and my timeline to find interesting posts, pleas that I’d made to my friends about the lax controls, bad defaults and bad app choices they were making.In 2010 alone, I posted the following on my wall.
January 10th: “Well get used to it, the Facebook founder says your privacy is a relic of the past, everything should be public!”
March 2010: “So, not paying attention to the FB Privacy issue? Well last night the dumb ass’s made a change which made everyone’s email address public for about 30-mins even if you said not to or your settings… “
May 2010: “So yesterday Facebook blew their privacy yet again revealing private friend to friend conversations, allowing one friend to see outstanding friend requests of other friends…”
By 2011, music streaming startup, Spotify, was known to be aggressively using and promoting their business through facebook by exploiting the weak/lax Facebook privacy. If anything, the US Government Federal Trade Commision hearings lead to facebook changes that were in marketing speak “more transparent” but reality, more opaque. They made it easier to stop sharing, but harder to know what was being shared.
In 2015, the scraping of user data was still rampant, I found a number of examples of warnings, mostly in so called “Big company” giveaways.
March 2015: Friends don’t invite friends invite to the SW Airlines ticket give away. It’s scam, they are harvesting Facebook id’s, friends lists and email addresses and who knows what else!
It was followed by a long bullet list of ways you could tell if the giveaway was a scam. My post ended in
If don’t doesn’t have at least two of those it’s a scam… It’s not harmless, it’s like showing up at an orgy and not using a condom.
When Zuckerberg and Facebook try to rewrite history claiming these were a breach of trust, or they didn’t sell data, or they acted as soon as they were notified, I don’t know what the hell they are talking about. They knew, they just didn’t care until the politicians got hurt, and now the optics look really bad.
Much has been written about the facebook data, Cambridge Analytica sh*t show. I was among those years ago who were warning friends not to play games that require users to permit the game access to their friends Facebook profile.
However, even I couldn’t have foreseen how the data would be used. Stunning. I have my Facebook archive from yesterday, and will be going over it in the next few days. I’ll finally #deletefacebook – deleting permanently my Facebook ID later today. In another week or so, I’ll create a new ID, strictly limited to family as friends.
The worst, in privacy terms, aspect of the Facebook data privacy failure, is the accusation that Facebook was collect phone data from android phone for years. Of course, everyone accepted the facebook app permission to access the phone, but again I suspect few thought that the Facebook would track and keep data on all calls made, even those that got a busy signal, or no answer.
I went hunting for a list of all the data Facebook collected, and found this. It appears to only be available to logged in Facebook users. I thought it worth copying over here. It’s a huge list.
What info is available?
What is it?
Where can I find it?
Information you added to the About section of your Timeline like relationships, work, education, where you live and more. It includes any updates or changes you made in the past and what is currently in the About section of your Timeline.
Account Status History
The dates when your account was reactivated, deactivated, disabled or deleted.
All stored active sessions, including date, time, device, IP address, machine cookie and browser information.
Dates, times and titles of ads clicked (limited retention period).
Your current address or any past addresses you had on your account.
A list of topics that you may be targeted against based on your stated likes, interests and other data you put in your Timeline.
Any alternate names you have on your account (ex: a maiden name or a nickname).
All of the apps you have added.
How your birthday appears on your Timeline.
A history of the conversations you’ve had on Facebook Chat (a complete history is available directly from your messages inbox).
The places you’ve checked into.
The people who have liked your Page or Place, RSVPed to your event, installed your app or checked in to your advertised place within 24 hours of viewing or clicking on an ad or Sponsored Story.
If you make purchases on Facebook (ex: in apps) and have given Facebook your credit card number.
IP address, date and time associated with logins to your Facebook account.
IP address, date and time associated with logouts from your Facebook account.
Messages you’ve sent and received on Facebook. Note, if you’ve deleted a message it won’t be included in your download as it has been deleted from your account.
The name on your Facebook account.
Any changes you’ve made to the original name you used when you signed up for Facebook.
Networks (affiliations with schools or workplaces) that you belong to on Facebook.
Any notes you’ve written and published to your account.
A list of all your notification preferences and whether you have email and text enabled or disabled for each.
Pages You Admin
A list of pages you admin.
Pending Friend Requests
Pending sent and received friend requests.
Mobile phone numbers you’ve added to your account, including verified mobile numbers you’ve added for security purposes.
Photos you’ve uploaded to your account.
Any metadata that is transmitted with your uploaded photos.
Badges you’ve added to your account.
A list of who’s poked you and who you’ve poked. Poke content from our mobile poke app is not included because it’s only available for a brief period of time. After the recipient has viewed the content it’s permanently deleted from our systems.
Any information you added to Political Views in the About section of Timeline.
Posts by You
Anything you posted to your own Timeline, like photos, videos and status updates.
Posts by Others
Anything posted to your Timeline by someone else, like wall posts or links shared on your Timeline by friends.
Posts to Others
Anything you posted to someone else’s Timeline, like photos, videos and status updates.
Of course as a US Citizen, Zuckerberg can’t be compelled to attend. There can be so many serious consequences to not attending that Rubert Murdoch and other News International Executives attended when they were called.
I teetered on the brink of deleting my facebook account last year. I removed the main app from my phone and a Windows tablet, and have never installed messenger. When it came down to it I balked at the final step. I did ulike pretty much all businesses and pages, as well as unfriended anyone not a real contact/friend etc.
The utility of facebook is still too great to remove myself completely. Although frankly I’ve had better results contacting businesses through Twitter and getting things done. Given it’s reach, facebook still remains useful. Delete the apps Facebook, Facebook Messenger, Instagram and Whatsapp.
If you want to delete your facebook account, it’s still relatively simple and you have 14-days to recover it, if you decide it was a mistake. Use this URL.
The Guardian published this over the weekend. It’s a long and important read that contains all the context and background detail into how Facebook was used to target people with advertising and social profiling of potentailly millions of people to bias or persuade them to take a particular perspective.
Much of this data came through those terrible apps which ask you to confirm access to your facebook profile, and your friends profile. Even though you may have never used one of these apps, if your friends did, they likely gave away your data.
The New York Times is today reporting that Facebooks Chief Information Security officer is leaving the company. So this is obviously a big deal. Alex himself denies that, although with the share price drop already seen today, who knows the truth, the data misappropriation is still a big deal.