Bill Pringle - Bill@BillPringle

|  Home  |  News  |  Downloads  |  LDS  |  Talks  |  Famly History  |  Facebook  |  Games  |  Mobile  |  About Me  |

Facebook security issues

Bare Minimum:

Introduction

Facebook is a very popular social networking site, but there are a number of security issues with the site that can put you at serious risk if you aren't careful. The number of facebook account hackings seem to be on the increase (at least I've been getting more bogus messages recently), and this page is in response to a friend who asked what to do after her account got hacked.

While any online account is in danger of being hacked, Facebook has unique features that make this danger even more likely. For one thing, it is very common to post personal information which can be used to steal your identity. But the significant danger is because it is so easy to run malicious programs that can hack your account. In particular, be very careful using any application that asks to access your profile.

Keep in mind that if your account is compromised, not only is your personal information exposed, but the personal information of all your friends as well. So, even if you don't have anything sensitive in your profile information, your friends might. Every time you take one of those quizzes on facebook, you are risking your information and that of your friends.

Prevention Techniques

It is much easier to prevent having your account hacked than to recover from a hacked account. Here are some good security practices that you should keep in mind not only for Facebook, but for any other web site account you might have.

Don't use Internet Explorer
There are a lot of security problems with IE. I recommend that you use Firefox or Chrome instead. Other possible browsers are Safari and Opera.
One of the nice things about Firefox and Chrome is all of the add-ons you can get. Some of the add-ons that I consider essential are:
  • Adblock Plus — you don't see any ads
  • NoScript — won't allow a web site to run Javascript unless you give it permission
Since ads are suppressed, you are less likely to see dangerous links. By blocking Javascript on all but the web sites you trust, you are less likely to see dangerous links. Firefox will prevent cross-site linking, which is a practice that hackers use to insert dangerous code within regular looking links.
Never click on a link
Never click on a link contained in any e-mail message or IM. Also, never type a URL directly into the address bar of your browser.
When you get an e-mail with a link, don't click on it. Hover your mouse over the link and right-click the mouse, and select "Copy Link Location" in Firefox. Next, paste the link into Google and click on search. You should see at the very top of the search results the page you expected. If, however, you see comments about phishing, malware, etc. then you know not to go there.
If somebody tells you a URL to type into your browser, ignore them. Instead, type the URL into the Google search bar and hit ENTER. As above, you should see the page you were expecting. If not, then either you made a typo, the person giving the URL was wrong, or the site is dangerous.
The more a message encourages you to click on a link, the more you should not click on it. If you see something like "OMG!!! YOU MUST SEE THIS" that is a pretty good sign that the link is bogus. The same goes to "Girl killed herself after her father posted this on facebook" or any similar message. And, of course, "Who is viewing your profile, click here to see" is a great link to avoid.
It is a common practice by malware writers to purchase domain names similar to valid sites, especially commonly mispelled names. They then set up a web site that looks the same as the real site. When you click on any link on the bogus site, you run the risk of downloading malware. These sites will also try to get the user to enter passwords or personal information.
Use a strong password
Find a balance between a password that is easy for you to remember and one that is hard to guess. It should have at least 6-8 characters, and should include letters and digits or possibly symbols. You should never use any word that would appear in a dictionary, the names of your pets, spouse, kids, friends, etc. There are several techniques you can use to do this:
One trick is to make up a saying or phrase and then use the first letter of each word, or possibly a symbol to represent the word. For example, let's use the phrase "This is my secret password for facebook." We could make that "t=msp4fb". We could emphasize certain words to make the password even stronger: "THIS is my SECRET password for FACEbook" can become "T=mSp4Fb"
You can make up your own symbols for words, such as "=" for is or equals, "<" for less than, before, left, etc. and ">" for greater than, after, right, etc. There is a special language call leet that might give you some more ideas for symbols. If you use leet, you might want to type short words in leet rather than just the first letter. Be careful using uncommon symbols, some systems might have problems with strange characters in the password field.
Don't use the same (or similar) password for more than one site. At a minimum, make sure your Facebook password is completely different than your password for any other site.
There are times when using the same password isn't so bad. There are lots of web sites where you don't store personal information, credit cards, etc. Basically, you don't care if somebody hacks into those kinds of web accounts. If you have a lot of these kinds of web sites, then you might be able to get away by using the same password for all those kinds of web sites. Remember, however, if somebody hacks one of those sites, they can get into any of the others.
Don't Give Out Your Password
Of course, having a strong password doesn't help if you give your password to others. Although you hopefully would not give your password to a stranger, there are many ways in which malicious users can trick you into revealing your password. A common way is to create web sites that look like legitemate web sites, and when the victim attempts to login, their user name and password are saved and used later to hack into their account.
Facebook offers a very sneaky way of getting you to enter your user name and password: by offering to help you find your friends on facebook. Facebook asks you for your email address and password, and then uses this information to access your address book / list of contacts. They then search facebook for any matches. The problem, of course, is that your email address and password are now stored inside a facebook database. And, since facebook doesn't have a history of keeping your private information very private, you should be very concerned about that. If you want to find friends on facebook, search for them using their email address.
If you have already given out your email address and password, change your password immediately. If, in the future, you need to enter that information, I would recommend that you login to your email account, change the password to something simple (like "secret") and then submit that password. Once you have done what you needed to do, go back into your email account and change your password to something strong.
Always logout when you are done
I recall using a public terminal, and going to LinkedIn, and was surprised to find myself logged in as someone else. If you don't logout when you are done, you risk having somebody else do things with your account or download key loggers, malware, etc.
Some web sites use cookies to remember who you are so that you don't have to sign in each time. While this might be convenient when using your desktop at home, it can be disasterous on your laptop, cell phone, or PDA. When you logout, that usually destroys the cookies so that you will have to login the next time.
Change your password fairly often
If you change your password too often, it makes it hard to remember, and you might start writing it down, which would be very dangerous. The idea is to change your password often enough so that by the time somebody figures out your password, you have changed it.
Make sure you don't have a pattern between different passwords. If your password is secret1, then secret2 isn't a good password. (Of course, secret1 is a lousy password to begin with.)
Don't let others use your computer, phone, PDA, etc.
I realize that some of your friends might think you are strange if you don't let them use your computer to check their e-mail, but remember that they might accidentally download some malicious program, or actually post or send something under your name. How many times have you seen a friend status message something like: "I am a douche bag", followed by an explanation that the message was from somebody else. Usually these messages are funny or embarassing, but you haven't any control.
Of course, if you have logged out from all of your applications, your friend won't be able to access your accounts, but they can still download malware to your computer, and possibly change your default settings to something strange.
Run Anti-virus and anti-spyware software
Not only should you run anti-virus software, but make sure you get updates on a regular basis. I usually run an update every morning, followed by a scan of my computer. Most computers come with anti-virus, but if you need a free program, try AVG Free.
Most people know about anti-virus, but not as many are aware of anti-spyware software. This works similar to anti-virus, but it is looking for programs that do things like track your web browsing. Here are some free anti-spyware software that I have used:

Facebook Dangers

Personal Information

Facebook has some additional features that make it easier to expose your information. For one thing, you are more likely to include personal information on the web site. Be very careful because this can be used for identify theft. You can also help burglars know when you are going to be away from home for long periods of time ("I'm leaving tomorrow to XXXX for a whole three weeks!"). I have heard (but not confirmed) that someone had their place broken into after they mentioned going away for a long weekend on facebook.

Depending on how much information you put into your profiles, you might be at risk for identity theft. All that is needed to identify a person is their birthday, their sex, and their zip code. If you have your birthday, address, and phone number, you are making it easy for somebody to steal your identity. With that information, people can search various on-line databases to uniquely identify a person. Since most people on facebook use their actual names, that makes identity theft even easier. Don't display your birth year. Just put the city name instead of your actual address; if you live near a large city, then enter that name instead of your actual town. And be careful what you post on your wall. I've seen people put their actual address, their cell phone number, when they were going to be away, etc. on their wall, which is very dangerous.

One thing that many people don't know is that some digital cameras encode information about the picture within the image. By posting a picture you took with your fancy new digital camera, you might be exposing much more information than you think. Of course, having a picture of you standing in front of your large flat screen gives burglars an incentive to see when you are going to be out of town.

Friends List

Some people accept any friend request they get, whether they know the person or not. This is a serious problem, since whoever you accept will be able to see all your personal information. They can also see personal information about your friends. So, even if you only accept friends from people you know, if you have a friend that accepts anybody's request, your personal information might be exposed. Make sure your personal settings are restricted to "friends only", not "friends of friends."

I had a friend that got a friend request from somebody she was already friends with. She asked about it, and the person said they couldn't remember their password so had to set up a new account. As time went on, she realized that this wasn't her friend. It was somebody impersonating her friend. He basically store her friend's identity.

Debt collectors have been known to find people who are behind in their debts, send them a friend request, and then start to bother them. If they can't connect to the person of interest, they try to friend their friends. In one case, they friended the person's mother and told them that failure to pay might end up in jail time. A few clever collectors have their profile picture set to a cute young woman in order to get men to accept their requests. (read more details)

Most employers will search facebook, myspace, etc. to find out more about people applying for a job. So having those embarassing pictures open to the public might prevent you from landing your next job. Do you want your future employer reading your smart aleck comments on your wall?

You can create several different friends lists, and then assign different permissions to each list. This will allow you to accept a friend request and still restrict what they can see. With this arrangement, your close friends can see everything you have on Facebook, but your business or casual friends will only see some basic information. You can read more about managing friends lists.

Applications

Another serious danger on facebook are all of the applications. Any application that asks to access your profile information puts your information at risk. What's worse, if any of your friends use those applications, they also put your information at risk, even if you never run an application. Supposedly, these applications only use this feature to put the results and some cute picture on your home page, or help you remember events, birthdays, etc. However, facebook doesn't bother to check any of these applications. There is no rating system, so that you have no idea if the application is safe or malicious.

The ACLU has highlighted these dangers recently by creating their own quiz, which displays all the information that is available to the quiz. It is important to realize that quizzes aren't created by facebook, but by facebook users - any facebook user can create a quiz. Why would you trust an anonymous programmer that you know nothing about with not only your own personal information, but information about all your friends? When you run a quiz, you give the application permission to access anything in your profile, including your friends' profiles. A quiz can do anything you can do on facebook; actually, even more. And no virus or malware scan will even see any of this, let alone prevent it.

It is important to realize that applications aren't affected by what browser you run or what anti-virus or anti-malware software you run. The damage isn't done on your machine, it is done on the facebook servers. As soon as you run an application, you have given it permission to do anything it wants to any and all of your information, and any information you can see about your friends. And remember, the people who write applications aren't hired by facebook, they are anyone who wants to write an application.

What kind of problems can applications raise?

Photo of the Day
There was one application called Photo of the Day that actually sent your personal information to the author. This was built as part of a research project, and became quite popular, without people knowing that their information was being compromised.
The Danger of Facebook Quizzes
Many people seem to enjoy taking lots of quizzes on facebook. There are several problems with quizzes:
  • Accuracy - does anyone actually believe those quizzes?
  • Exposure - the authors have access to all your answers and your personal information
  • Control - you are giving the application permission to do things in your name
For example, the article The Danger of Facebook Quizzes gives examples of how quizzes have been used to sell personal information to drug and marketing companies, based on your answers. So if you mention you have trouble sleeping, you might start getting e-mail, junk mail, or even phone calls trying to sell you sleep products.
One quiz asked the names of your pets, kids, spouse, etc. These are what many people use for their passwords. Even if you don't use them for passwords, the information you provide might be used by a malicious person to construct a message using social engineering that looks genuine, but isn't. For example, someone could send something to your friend and mention your brother John, or your dog fluffy, which can cause your friend to think they are talking to one of your friends.
Facebook Fan Check (or Stalker Check)
There are rumors going around that the Fan Check (which used to be known as stalkercheck) is a virus.
I would like to remind people that any application that asks permission to access your profile puts your facebook account at risk (and the facebook accounts of all your friends as well.)
However, what is going on might be something different. It might be a fake virus alert to trick you into infecting your computer.
Here is how these kinds of things work:
  • Somebody starts a rumor that something is actually a virus.
  • They include a link to some site that supposedly "fixes" the virus.
  • The link actually contains malware that will infect your computer.
At this point, there is no proof that Fan Check / stalker check is a virus. I know of two friends who have used it, and neither have reported any problem. Of course, that might just mean that somebody hasn't set up a bogus web site yet.
Remember, be *very careful* before installing anything on your computer. This shows how people can be tricked into downloading something to "fix" a problem they think they have, when they are actually infecting their computer with malware.

Any time something asks permission to access your profile, I recommend you say "no". Granted, you won't be able to take the lame quizzes, or stick silly pictures on your page, but at the same time, you are less likely to have your identity stolen or your account hacked. The choice is yours.

Recovering After Being Hacked

Most people know they should close the barn door after the horse got out, but what should you do if your account has been hacked? For starters, you should change your password. That may or may not prevent future problems, but it can't hurt. If you used the same password (or a similar password) for any other accounts, make sure you change those as well.

The next thing you want to do it try to figure out how your account got hacked. If you have run a new application, maybe you want to block it. Of course, clever authors of malicious software won't do anything at first, and wait a while before doing anything bad. That makes it more difficult to identify the source of the problem. If you don't really need some application, get rid of it. Better safe than sorry.

Notify your friends. If your account has been hacked, your friends are in danger of being hacked as well. If you know the cause, warn them not to click on the application, message, etc.

Check your account settings, especially all of your security settings. Malicious software often tries to spread as much as possible. By letting all people view your information, it will increase the chances that somebody else might get infected with whatever trashed your account.

Facebook News and Articles

This section is a subset of my News Page that contain articles about Facebook.

Article Description/Comments
Facebook's Graph Search: Kiss Your Privacy Goodbye
(Click for story)
Software developer Jeff Cogswell is back with an extensive under-the-hood breakdown of Facebook's Graph Search, trying to see if peoples' privacy concerns about the social network's search engine are entirely justified. His conclusion? 'Some of the news articles I've read talk about how Graph Search will start small and slowly grow as it accumulates more information. This is wrong—Graph Search has been accumulating information since the day Facebook opened and the first connections were made in the internal graph structure,' he writes. 'People were nervous about Google storing their history, but it pales in comparison to the information Facebook already has on you, me, and roughly a billion other people.' There's much more at the link, including a handy breakdown of graph theory.
Senators Ask Feds To Probe Facebook Log-in Requests
(Click for story)
Cnet's Michelle Meyers reports that democratic senators Richard Blumenthal and Charles Schumer have asked the Justice Department to investigate what they call a 'new disturbing trend' of prospective employers demanding job applicants to turn over user names and passwords for their social networks. 'Employers have no right to ask job applicants for their house keys or to read their diaries — why should they be able to ask them for their Facebook passwords and gain unwarranted access to a trove of private information about what we like, what messages we send to people, or who we are friends with?' asked Schumer. Last Friday, in response to complaints from employees, Facebook published a post expressing its opposition to the practice, which it said undermines both the security and the privacy of the user and the user's friends. Erin Egan, the company's chief privacy officer for policy, offered that employers who demand password information for prospective employees might just end up getting sued.
Facebook Admits Hiring PR Firm To Smear Google
(Click for story)
The clash of the Internet Giants reached new heights after a spokesman for Facebook confirmed to Daily Beast that Facebook paid a high level Public Relation firm to publish and spread stories against Google throughout the media to study various methods to examine the allegations that Google has been violating user privacy.
Facebook Caught Exposing Millions of Credentials
(Click for story)
Facebook has leaked photographs, profiles and other personal information for millions of its users because of a years-old bug that overrides individual privacy settings, researchers from Symantec said. The flaw, which the researchers estimate has affected hundreds of thousands of applications, exposed user access tokens to advertisers and others. The tokens serve as a spare set of keys that Facebook apps use to perform certain actions on behalf of the user, such as posting messages to a Facebook wall or sending RSVP replies to invitations. For years, many apps that rely on an older form of user authentication turned over these keys to third parties, giving them the ability to access information users specifically designated as off limits.
How People Broadcast Their Locations Without Meaning To
(Click for story)
Smartphones include geotagging features that many people aren't aware of, MIT's Technology Review reports. And it's not just in the obvious places: 'For example, by looking at the location metadata stored with pictures posted through one man's anonymous Twitter account, the researchers were able to pinpoint his likely home address. From there, by cross-referencing this location with city records, they found his name. Using that information, the researchers went on to find his place of work, his wife's name, and information about his children.'
41% of Facebook Users Willing To Divulge Personal Info
(Click for story)
In an experiment, 41% of Facebook users were willing to divulge highly personal information to a complete stranger. This according to IT security firm Sophos, which invited 200 randomly selected Facebookers to befriend a bogus Facebook user named 'Freddi Staur' (an anagram of 'ID Fraudster'). Of those queried, 87 responded to the invitation, among them 82 people whose profiles included personal information such as their email address, date of birth, address or phone number.
Facebook Opens Up Home Addresses and Phone Numbers
(Click for story)
(and suspends feature)
Hopefully, nobody puts their actual address and phone number in Facebook, but for those who do:
It took only 3 days to suspend this "feature"
Do you really want third-party app developers on Facebook to be able to access your mobile phone number and home address? Facebook has announced that developers of Facebook apps can now gather the personal contact information from their users. Security firm Sophos describes it as 'a move that could herald a new level of danger for Facebook users' and advises users to remove their home address and phone numbers from the network immediately.
Is Mark Zuckerberg the Next Steve Case?
(Click for story)
With all signs for Facebook pointing up, author Douglas Rushkoff goes contra, arguing that Facebook hype will fade. 'Appearances can be deceiving,' says Rushkoff. 'In fact, as I read the situation, we are witnessing the beginning of the end of Facebook. These aren't the symptoms of a company that is winning, but one that is cashing out.' Rushkoff, who made a similar argument about AOL eleven years ago in a quashed NY Times op-ed, reminds us that AOL was also once considered ubiquitous and invincible, and former AOL CEO Steve Case was deemed no less a genius than Mark Zuckerberg. 'So it's not that MySpace lost and Facebook won,' concludes Rushkoff. 'It's that MySpace won first, and Facebook won next. They'll go down in the same order.
Old Facebook Apps Still Plunder Your Privacy
(Click for story)
If you added the YouTube Facebook app prior to 2009, you've given YouTube free access to nearly all the data in your profile (as well as many of your friends). But if you install the same app today, it gets very limited access. Older versions of Facebook apps, it turns out,still have 'grandfathered' access to data that the social networking service has restricted for new apps. If you're protective of your privacy, it might be a good idea to delete and reinstall any older apps in your profile.
Facebook's 'Like This' Button Is Tracking You
(Click for story)
A researcher from a Dutch university is warning that Facebook's 'Like This' button is watching your every move. Arnold Roosendaal, who is a doctoral candidate at the Tilburg University for Law, Technology and Society, warns that Facebook is tracking and tracing everyone, whether they use the social networking site or not. Roosendaal says that Facebook's tentacles reach way beyond the confines of its own web sites and subscriber base because more and more third party sites are using the 'Like This' button and Facebook Connect.
Open-source social network Diaspora goes live
(Click for story)
Diaspora, a widely anticipated social network site built on open-source code, has cracked open its doors for business, at least for ahandful of invited participants. 'Every week, we'll invite more people,' stated the developers behind the project, in a blog item posted Tuesday announcing the alpha release of the service. 'By taking these baby steps, we'll be able to quickly identify performance problems and iterate on features as quickly as possible.' Such a cautious rollout may be necessary, given how fresh the code is. In September, when the first version of the working code behind the service was posted, it was promptly criticized for being riddled with security errors. While Facebook creator Mark Zuckerberg may not be worried about Diaspora quite yet, the service is one of a growing number of efforts to build out open-source-based social-networking software and services.
Online Behavior Could Influence Insurance Rates
(Click for story)
Don't worry, they won't use it for anything bad, I'm sure ...
There seems to be no end to the ways your personal data and online behavior can be used against you. According to the Wall Street Journal, insurance companies are considering using online behavioral and social networking data to try to weed out insurance risks. What you read, what you buy, how much TV you watch, your credit, your fan pages... it could all be used to predict your longevity and insurance risk. The practice, which appears to be in the early stages, could raise concerns with the FTC and insurance regulators, but insurance and data mining companies say they just plan to use it to speed up the applications of people who appear to be good risks; others would have to go through more rigorous traditional screening.
New Facebook Messaging System Announced
(Click for story)
Mark Zuckerberg held a presentation tounveil Facebook's "next generation messaging" system. He repeatedly drove home the idea that "this is not email," nor is it "an email killer." Their plan is to tie together multiple forms of communication — email, texts, social updates, etc. — and blend them into conversations. As users go about their days, interacting with a variety of devices, the communication method automatically updates to whatever is appropriate at the time. If a user receives an email while he's at a desktop, browsing Facebook, it will bring up the message in a Facebook chat window. If the user is browsing on a smartphone, it will bring up the message there, instead. If it's a dumbphone, then a text message can be sent. Another central feature is the idea that conversation histories from multiple sources and different forms of communication can be integrated through Facebook, so that you no longer have to separately root through IM logs, SMS logs, old emails, etc., to see old correspondence. (Users will have the ability to delete these, should they desire.) The last major feature they mentioned is what they call the "social" inbox, which is based on whitelisting. Users will be able to set up primary inboxes which only display communications they definitely want to see, while leaving low-priority messages, spam, and all the other noise typical to email in an inbox they check less frequently. The new system will be rolled out slowly over the next few months.
Facebook Adds Friend Stalker Tool
(Click for story)
Facebook has added a new tool that brings together conversations and photos between friends onto a single page, but Ń as usual Ń has crossed the creepy line. Not only does clicking the See Friendship tool let users view photos, comments and events shared between themselves and their friend, it also offers a search tool to do the same between any two mutual friends, making it easy to see everything any two people have ever said to each other on Facebook. As usual, the site should have tested the function out on their users first, with one saying: 'I've always wanted this! And yes, I'm a creepy stalker.' Also, as usual for Facebook, all users are automatically opted in, and there's currently no obvious way to turn it off.
Why Facebook Won't Stop Invading Your Privacy
(Click for story)
From the "duh" department ...
Every few weeks, it seems, Facebook is caught again violating users' privacy. A code error there, rogue business partners there. The truth, as InfoWorld's Bill Snyder explains, is that Facebook will keep on violating your privacy, no matter what its policies say, what promises it makes, or how shocked it claims to be at the latest incident. The reason is simple: Selling personal information on its users is how it makes money, and Facebook is above all a business.
The Facebook news feed: How it works, the 10 biggest secrets
(Click for story)
How does the social media giant decide who and what to put in your feed? Tom Weber conducts a one-month experiment to break the algorithm, discovering 10 of Facebook’s biggest secrets.
Top Facebook Apps Violate Privacy Terms
(Click for story)
No stranger to privacy concerns, Facebook is once again in in the privacy spotlight following a Wall Street Journal report that some popular Facebook applications leak personal information to advertisers. 'Many of the popular applications, or 'apps,' on the social-networking site Facebook Inc. have been transmitting identifying information — in effect, providing access to people's names and, in some cases, their friends' names — to dozens of advertising and Internet tracking companies,' according to The Wall Street Journal, which wrote about Facebook Sunday in the latest installment of its recent 'What They Know' series about advertising and the Internet.
Government Admits Spying Via Facebook
(Click for story)
Facebook founder Mark Zuckerberg famously said that the age of privacy is over. And the government wants to ensure that, it seems. The Electronic Frontier Foundation's FOIA request has revealed government memos encouraging agents to befriend people on a variety of social networks, to take advantage of their readiness to share — and to spy on them. Thanks to this request, the government released a handful of documents, including a May 2008 memo detailing how social-networking sites are exploited by the Office of Fraud Detection and National Security (FDNS), and one revealing how the DHS monitored social media during the Obama inauguration.
Facebook Introduces One-time Passwords
(Click for story)
Worried about logging into Facebook from a strange computer? There's now a way to get into the popular social network without entering your regular Facebook password. It's called a temporary password. To use it, users must list their mobile phone numbers with their Facebook accounts. They can then text a number from their phones and Facebook sends back a temporary password that is good for 20 minutes. The service will be available worldwide in the next few weeks.
Of 1.2 Billion Twitter Posts, 71% Are Ignored
(Click for story)
1.2 billion Twitter 'tweets' were analyzed over two months by analytics company Sysomos, who concluded that a whopping 71% of them got no reaction whatsoever — no online responses, and no Twitter 'retweets.' 'Only a small number of users actually have the ability to engage on Twitter in a significant way,' the researchers conclude, noting that just 6% of Twitter's status updates ever get retweeted (while 23% get a reply). And among those status updates, 85% have exactly one response, while only 1.53% of Twitter conversations are more than three levels deep — where a reply receives a response which then generates a second reply."
I am astounded by the claim that nearly three out of ten tweets actually do get any response.
Download Your Facebook Photos, Posts, and More
(Click for story)
Notice you can download everything you ever added, including things you have removed. Maybe people will start to realize that once you send something, it exists forever.
Facebook is rolling out some new changes (including groups) that are supposed to liberate user control. But something that might interest Slashdot readers even more is that they now allow you to download all your information from Facebook. That's everything — all your posts, pictures, videos, friend lists, etc. A video from David of the Open Source team at Facebook explains how it will work, although I don't see that option on my profile yet (they are slowly rolling it out). There's not a lot of details yet, but they at least require you to click a link from an e-mail and reenter your password to get this (to avoid spambots harvesting everyone's data and careless use of public computers resulting in data leaks). Perhaps competitors like Diaspora would be interested in using this base information to germinate user seeds?
Facebook, Skype Getting Really Friendly
(Click for story)
Facebook and Skype are reportedly in talks over a deal that would integrate Skype calling capabilities into Facebook user accounts. Such an agreement would give both Skype and Facebook not only a leg up on rival VoIP and social networking services from the likes of Google, but also the combined force of two Internet-based services beloved by consumers. The talks, which were reported by All Things Digital Wednesday, stems from Facebook's goal of merging IP communications and social networking communities more closely together. Facebook in recent weeks had also been rumored to be developing a mobile device of its own.
Inside Facebook's Infrastructure
(Click for story)
Facebook served up 690 billion page views to its 540 million users in August, according to data from Google's DoubleClick. How does it manage that massive amount of traffic? Data Center Knowledge has put together a guide to the infrastructure powering Facebook, with details on the size and location of its data centers, its use of open source software, and its dispute with Greenpeace over energy sourcing for its newest server farm. There are also links to technical presentations by Facebook staff, including a 2009 technical presentation on memcached by CEO Mark Zuckerberg.
Facebook Competitor Diaspora Revealed
(Click for story)
A post has just gone up on Diaspora's blog revealing what the project actually looks like for the first time. While it's not yet ready to be released to the public, the open-source social networking project is giving the world a glimpse of what it looks like today and also releasing the project code, as promised. At first glance, this preview version of Diaspora looks sparse, but clean. Oddly enough, with its big pictures and stream, it doesn't look unlike Apple's new Ping music social network mixed with yes, Facebook.
Social Media Can Help You Fake Your Own Death
(Click for story)
We are inundated with warnings that social media is systematically stripping away our privacy. But Frank Ahearn, the so-called 'Dear Abby' of disappearing, is attempting to show folks how to use those same technologies to regain your privacy, even helping you go as far as faking your own death. Ahearn is a professional skip-tracer who has hunted down people like Monica Lewinsky. In an interview with Ahearn on Network World, he says 'One can legally disappear through the use of corporations and offshore corporations. The idea is to embrace technology and to become a virtual entity.' My favorite tip is that New Zealand is the place to land once you leap off the grid. Not only is it far from most of the rest of the English speaking world, he says, but it also has great beaches.
Burglary Ring Used Facebook Places To Find Targets
(Click for story)
A burglary ring was caught in Nashua, NH due to the vigilance of an off-duty police officer. The group is credited with 50 acts of burglaries, the targets chosen because they posted their absence from home on the Internet. '"Be careful of what you post on these social networking sites," said Capt. Ron Dickerson. "We know for a fact that some of these players, some of these criminals, were looking on these sites and identifying their targets through these social networking sites."' Well, I guess the prophecies came true.
Target To Sell Facebook "Credits" As Gift Cards
(Click for story)
As you might know, MoveOn.org has organized a boycott of Target: http://pol.moveon.org/state/target/
Target will begin selling Facebook's virtual currency as gift cards on September 5, becoming the first brick-and-mortar retailer to do so. Facebook Credit gift cards will be available in $15, $25 and $50 denominations at the retailer's 1,750 stores. That's right, you can now spend real dollars to get fake ones so you can buy imaginary items for games like FarmVille, Bejeweled and 150 other FB games or apps. If that interests you, please contact me. I have some swamp land in Florida I'd like to show you.
Germany To Grant Privacy At the Workplace
(Click for story)
The German government is proposing a bill deciding employees have an expectation of privacy at the workplace (translated article). Among other provisions, the bill would ban employers from surveilling their employees by cameras or logging and reading their emails. Also, potential employers would not be allowed to view an applicant's profile at Facebook or any other social network that hasn't actually been made for this purpose.
Facebook Launches Location Based Product
(Click for story)
Facebook officially launched its 'Places' location-based product, backed by seeming rivals Foursquare and Gowalla. Facebook had been expected to announce a location service, ever since it announced the press conference earlier this week. The Places service officially goes live Aug 19, although an iPhone app will go live on the Aug 18. According to Facebook chief executive Mark Zuckerberg, Facebook Places has been in development for several months. It had three goals, he said: helping share where you are in a nice and social way, to see who's around you, and just discover new and cool places to visit in the future.
How to Disable Facebook Places
(Click for story)
Facebook rolled out a new feature called Places that lets you and your friends check in to locations, Foursquare-style. If you'd prefer to keep your location private, or at least stop your friends from posting it, here's how. If you're not convinced that posting your location can be a bad thing, check out PleaseRobMe for some evidence.
"Dislike" Button Scam Hits Facebook Users
(Click for story)
A message saying 'I just got the Dislike button, so now I can dislike all of your dumb posts lol!!' is spreading rapidly on Facebook, tempting unsuspecting users into believing that they will be able to "dislike" posts as well as "like" them. However, security researchers say that it is just the latest 'survey scam', tricking Facebook users into into giving a rogue Facebook application permission to access their profile, and posting spam messages from their account. The rogue application requires victims to complete an online survey (which makes money for the scammers) before ultimately redirecting to a Firefox browser add-on for a Facebook dislike button developed by FaceMod. "As far as we can tell, FaceMod aren't connected with the scam — their browser add-on is simply being used as bait," says Sophos security blogger Graham Cluley.
Drunk Driver Mugshots Featured On Facebook
(Click for story)
Get yourself a DUI and your mugshot may get some exposure on Facebook. That is, if you get caught in New Jersey by Evesham Township's police, which have begun posting mugshots of arrested people, convicted or not, on its Facebook page. Now, we know that if you get arrested, your privacy is pretty much limited to the brand of your underpants, but the local police department has started a controversy and may find itself in hot water. How much value does a public mugshot on Facebook have to the public? What privacy rights do you have if you get arrested?
Facebook Bug Could Give Spammers Names, Photos
(Click for story)
Facebook is scrambling to fix a bug in its website that could be misused by spammers to harvest user names and photographs. It turns out that if someone enters the e-mail address of a Facebook user along with the wrong password, Facebook returns a special 'Please re-enter your password' page, which includes the Facebook photo and full name of the person associated with the address. A spammer with an e-mail list could write a script that enters the e-mail addresses into Facebook and then logs the real names. This could help make a phishing attack more realistic.
100 Million Facebook Pages Leaked On Torrent Site
(Click for story)
A directory containing personal details about more than 100 million Facebook users has surfaced on an Internet file-sharing site. The 2.8GB torrent was compiled by hacker Ron Bowes of Skull Security, who created a web crawler program that harvested data on users contained in Facebook's open access directory, which lists all users who haven't bothered to change their privacy settings to make their pages unavailable to search engines.
Facebook Adds Delete Account Option
(Click for story)
Facebook have quietly added the ability to delete you account. 'Deactivate Account', under Account Setting, has become 'Deactivate or Delete Account', and when checked it purports to permanently delete your account and all information you have shared. Facebook is actually willing to erase your data permanently? They must be counting on very few people doing so.
Facebook User Satisfaction Is 'Abysmal'
(Click for story)
American Customer Satisfaction Index recently conducted a survey in which they found that even though Facebook is gaining popularity, they are doing a miserable job of keeping their users satisfied. According to the survey Facebook scored 64 out of 100 for customer satisfaction, which puts the website in line with the satisfaction rates for airlines and cable companies. The survey also includes other websites like YouTube and Wikipedia (which scored considerably higher) and MySpace, which came in slightly lower. (The survey did not include Twitter since many of its members access the site through third-party sites rather than Twitter.com.) The ACSI was founded at the University of Michigan's Ross School of Business, and is based on annual interviews with about 70,000 customers. The group has measured portals and search engines in the past, as well as news and information websites, but this is the first year the ACSI included social networking sites."
UM professor Claes Fornell blogged: "Controversies over privacy issues, frequent changes to user interfaces, and increasing commercialization have positioned the big social networking sites at satisfaction levels well below other Web sites..."
New Google Research On Social Networks
(Click for story)
Paul Adams, a senior user experience researcher at Google, has posted a slideshow from a recent presentation that shows insightful research into how people use social networking technologies. The presentation describes several shortcomings of existing technology, and it highlights specific modalities that current technology (ahem, Facebook) gets wrong. Adams concludes that social networking applications are a 'crude approximation' of real-life social networks. 'People don't have one group of friends,' Adams research in several different countries shows that in reality, most people have between four to six groups of friends. He argues that social networking applications need to be built with that reality in mind.
Facebook, Friend of Divorce Lawyers
(Click for story)
A lot of Facebook users going through divorces have learned a very costly lesson about their privacy settings. In fact, for many of them their Facebook pages helped lead to the divorce in the first place. More than 80% of the members of the American Academy of Matrimonial Lawyers say they've used or run into evidence gathered from Facebook and other social networking sites over the last five years — and some of them have some very entertaining stories to tell. 'Facebook is the unrivaled leader for turning virtual reality into real-life divorce drama,' said AAML's president.
Facebook Usage Hits 16 Billion Minutes a Day
(Click for story)
Facebook's 400 million users spend more than 16 billion minutes on the site every day, and view 1 million photos every second. That's prompted massive growth in the social network's infrastructure, which now encompasses more than 60,000 servers. Facebook's Tom Cook discussed how the company's operations team manages that growth in a presentation last week at the O"Reilly Velocity conference (video). The next day at Structure 2010, Facebook VP of operations Jonathan Heiliger said server and chip makers have 'come a long way' in supporting cloud platforms since he bashed them last year.
Clickjacking Worm Exploits Facebook "Like" Feature
(Click for story)
For the last 24 hours, a series of attacks have exploited Facebook's 'Like' feature through a clickjacking vulnerability. Using subjects such as 'This Girl Has An Interesting Way Of Eating A Banana, Check It Out!' hackers have spread an attack that links to web pages that use invisible iFrames to trick users into saying they like the content. Users are presented with a innocent-seeming web page that says 'Click here to continue,' but clicking at any point on the page publishes the same message to their own Facebook page. Security blogger Graham Cluley says that hundreds of thousands of Facebook users have been hit, and offers advice on how to clean up affected Facebook profiles.
Facebook Bug Lets Hackers Delete Friends
(Click for story)
There's lot of talk about Facebook and privacy at the moment, but a bug in Facebook's website lets hackers delete Facebook friends without permission. Steven Abbagnaro, a student from Marist College in Poughkeepsie, New York reported the flaw, writing proof-of-concept code that scrapes publicly available data from users' Facebook pages and deletes all of their friends, one by one. The victim first has to click on a malicious link while logged into Facebook. Abbagnaro's code exploits the same underlying flaw that was first reported by Alert Logic security analyst, M.J. Keith, who discovered a cross-site request forgery bug, where the website doesn't properly check code sent by users' browsers to ensure that they were authorized to make changes on the site.
Facebook, Others Giving User Private Data To Advertisers
(Click for story)
Facebook, MySpace and several other social-networking sites have been sending data to advertising companies that could be used to find consumers' names and other personal details, despite promises they don't share such information without consent. The practice, which most of the companies defended, sends user names or ID numbers tied to personal profiles being viewed when users click on ads. After questions were raised by The Wall Street Journal, Facebook and MySpace moved to make changes. By Thursday morning Facebook had rewritten some of the offending computer code. ... Several large advertising companies... including Google Inc.'s DoubleClick and Yahoo Inc.'s Right Media, said they were unaware of the data being sent to them from the social-networking sites, and said they haven't made use of it. ... The sites may have been breaching their own privacy policies as well as industry standards... Those policies have been put forward by advertising and Internet companies in arguments against the need for government regulation.
Open Source Utilities For Facebook Privacy
(Click for story)
Two online projects will scan and edit Facebook privacy settings for maximum protection: ReclaimPrivacy (reclaimprivacy.org) and SaveFace (untangle.com). The article says: 'Several new applications have launched this week that are designed to easily reset a Facebook member's privacy settings, following new changes from the company that make a sizable chunk of profile content public by default when it was once kept under lock and key.'
Facebook privacy chart
(Click for story)
An excellent chart to show you what facebook is now making public, even if you told them not to. Go into your privacy settings and set everything to either "Me only" or "Friends". Remember that if one of your friends uses an app, that app has access to everything you permit to friends and can do whatever it wants with that information.

Also remember that every time you click on "Like", you are exposing yourself to search engines, regardless of your privacy settings.

I suggest you check every so often. I've seen them reset my privacy settings from what I wanted to what they wanted.
Facebook Throws Privacy Advocates a Bone
(Click for story)
In response to a week-long assault by privacy advocates, and following a well publicized all-hands meeting, Facebook has introduced two new security features in response to privacy concerns. One feature allows users to whitelist devices associated with a Facebook account, and the other allows users who verify their identity to view previous logins. While both are useful features, they do nothing to address the recent privacy complaints.
Creating a Better Facebook
(Click for story)
Fed up with Facebook's insatiable need to continue to expose your personal information to ever widening circles, four NYU students have decided to build an open source, distributed competitor to the social networking behemoth called Diaspora. They've raised a few grand, but I imagine it will be harder to convince your mom to log in.
Using Twitter Data To Approximate a Telephone Survey
(Click for story)
A team led by a computer scientist at Carnegie Mellon University has used text-analysis software to detect tweets pertaining to various issues — such as whether President Barack Obama is doing a good job — and measure the frequency of positive or negative words ranging from 'awesome' to 'sucks.' The results were surprisingly similar to traditional surveys. For example, the ratio of Twitter posts expressing either positive or negative sentiments about President Obama produced a 'job approval rating' that closely tracked the big Gallup daily poll across 2009. The analysis also produced classic economic indicators like consumer confidence."
By averaging several days' worth of tweets on presidential job approval, the researchers got results that correlated 79% with daily Gallup polling. Lead researcher Noah Smith said, "The results are noisy, as are the results of polls. Opinion pollsters have learned to compensate for these distortions, while we're still trying to identify and understand the noise in our data. Given that, I'm excited that we get any signal at all from social media that correlates with the polls."
A Call For an Open, Distributed Alternative To Facebook
(Click for story)
Ryan Singel, writing for Wired, claims that Facebook has gone rogue: 'Facebook used to be a place to share photos and thoughts with friends and family and maybe play a few stupid games that let you pretend you were a mafia don or a homesteader. It became a very useful way to connect with your friends, long-lost friends and family members. ... And Facebook realized it owned the network. Then Facebook decided to turn "your" profile page into your identity online — figuring, rightly, that there’s money and power in being the place where people define themselves. But to do that, the folks at Facebook had to make sure that the information you give it was public.' Singel goes on to call for an open, distributed alternative. 'Facebook’s basic functions can be turned into protocols, and a whole set of interoperating software and services can flourish. Think of being able to buy your own domain name and use simple software such as Posterous to build a profile page in the style of your liking.' Can Slashdotters predict where social networking is going? And how?
Facebook Photo Tagging Coming to a Website Near You
(Click for story)
Face.com — makers of facial detection and recognition products for Facebook photos — aims to extend photo tagging across the web. The service has released its API, which developers can now use to build photo-tagging capabilities on their own websites.
Church Turns To Facebook To Find Priests
(Click for story)

There is a big difference between attracting fans and motivating them to do something. The Catholic church of France isn't looking for friends on Facebook... it's looking for priests. The church has turned to Facebook as part of a campaign to attract young people to the priesthood, in an effort to combat its drastically dwindling number of priests. It may be working. The Facebook page attracted more than 1,200 fans in one week.
Facebook's "Evil Interfaces"
(Click for story)
Tim Jones over at the EFF's Deep Links Blog just posted an interesting article on the widespread use of deceptive interface techniques on the Web. He began by polling his Twitter and Facebook audience for an appropriate term for this condition and received responses like 'Bait-and-Click' and 'Zuckerpunched.' Ultimately, he chose 'Evil Interfaces' from Greg Conti's HOPE talk on malicious interface design and follow-up interview with media-savvy puppet Weena. Tim then goes on to dissect Facebook (with pictures). So, what evil interfaces have you encountered on (or off) the Web?
Senators Tell Facebook To Quit Sharing Users' Info
(Click for story)
Hugh Pickens notes a USA Today story reporting that two US senators have joined Sen. Chuck Schumer (D-NY) in telling Facebook to quit sharing more of its users' data than they signed up for. Politico.com ups USA Today's ante, saying that it was three more senators, not two more, who joined Schumer's call: Michael Bennet (D-CO), Mark Begich (D-AK), and Al Franken (D-MN). The senators are asking the FTC to look at Facebook's controversial new information-sharing policies, arguing that the massively popular social network overstepped its bounds when it began sharing user data with other websites. Sen. Schumer said he learned about the new rules from his daughter, who is in law school, but added that he's noticed no difference on his own Facebook page, which, he assured reporters, "is very boring." "I can attest to that," deadpanned Franken, who made his living as a comedian before entering the Senate, and whose Facebook followers outnumber Schumer's by ten to one.
Russian Hacker Selling 1.5M Facebook Accounts
(Click for story)
A hacker who calls himself Kirllos has obtained and is now offering to sell 1.5 million Facebook IDs at astonishingly low prices — $25 per 1,000 IDs for users with fewer than 10 friends and $45 per 1,000 IDs for users with more than 10 friends. Looking at the numbers, Kirllos has stolen the IDs of one out of every 300 Facebook users. Quoting: 'VeriSign director of cyber intelligence Rick Howard told the New York Times that it appeared close to 700,000 had already been sold. Kirllos would have earned at least $25,000 from the scam. Howard told the newspaper that it was not apparent whether the accounts and passwords were legitimate, however a Russian underground hacking magazine reported it had tested some of Kirllos' previous samples and managed to get into people's accounts.'
Facebook Retroactively Makes More User Data Public
(Click for story)
In yet another backtrack from their privacy policy, Facebook has decided to retroactively move more information into the public, indexable part of profiles. The new profile parts made public are: a list of things users have become 'fans' of (now renamed to 'likes'), their education and work histories, and what they list under 'interests.' Apparently there is neither any opt-out nor even notice to users, despite the fact that some of this information was entered by users at a time when Facebook's privacy policy explicitly promised that it wouldn't be part of the public profile
New Software For Employers To Monitor Facebook
(Click for story)
The NY Times reports that a new service called Social Sentry has been released to monitor employees' Facebook and Twitter accounts for $2 to $8 per employee. The service also plans to support MySpace, YouTube and LinkedIn by this summer. 'Lewis Maltby, president of the National Workrights Institute, a research and advocacy group, called the automatic monitoring of social networking a "disaster," and predicted that it would lead to people being fired for online griping, the airing of political views and other innocuous conversation. There is a tendency to react to an off-color joke or complaint that appears online more harshly than to the same comment made in a cafeteria or company picnic.'
Facebook's Plan To Automatically Share Your Data
(Click for story)
In anticipation of a slew of new features that will be launching at f8, today Facebook announced that it was once again making changes to its privacy policy. One of the biggest changes that Facebook is making involves applications and third-party websites. We've been hearing whispers from multiple sources about these changes, and the announcement all but confirms what Facebook is planning to do. In short, it sounds like Facebook is going to be automatically opting users into a reduced form of Facebook Connect on certain third party sites — a bold change that may well unnerve users, at least at first.
Facebook Goes After Greasemonkey Script Developer
(Click for story)
The popular Facebook Purity greasemonkey script (now renamed Fluff Buster Purity) has been used by thousands to rid their Facebook feeds from the likes of Mafia Wars, Farmville, and other annoying things. Now, Facebook is threatening the developer of this script. Does Facebook have the right to govern their website's design and functionality once it's in the browser?
Facebook Attracting More Visitors Than Google.com
(Click for story)
Internet research firm Hitwise just broke the news: last week, Facebook attracted 7.07 percent of the internet traffic in the USA, compared to 7.03 percent for Google. This is the first time google.com has been out of the top spot since it surpassed MySpace in 2007, and reflects a change in the way people use internet. They tend to privilege social interaction sites above 'passive' search engines."
Facebook still has a ways to go if you include Google's non-search properties, which bring the total up to 11.03% of traffic.
William Shatner Takes On Social Networking
(Click for story)
Everybody's favourite actor, author and starship captain is bringing some new ideas to the world of social networking. Myouterspace.com is, in the Captain's own words, '...a Sci Fi Social Network for those with a passion for the arts.' Facebook and Myspace should be worried. Sign up now. Go on, you know you want to.
I Use Twitter, Please Rob Me
(Click for story)
Developers looking to prove a point about the information people are sharing on social networking sites have unveiled a new tool called Please Rob Me. It hunts out tweets from people who are also using location-based services telling the world that they're out of town, and then directs the world to go rob their house. The creators of the site said: 'Don't get us wrong, we love the whole location-aware thing. The information is very interesting and can be used to create some pretty awesome applications. However, the way in which people are stimulated to participate in sharing this information is less awesome.' How long until the first actual robbery takes place?
How an Android Phone and Facebook Helped Route Haiti Rescuers
(Click for story)
One intrepid Android fan is extolling the virtues of the open smartphone platform that helped him to route SOS messages in the recent Haiti disaster.
"Well, when you are in such a situation, you don't really think about going to Facebook, but it happens that I have a Facebook widget on my Android home screen that regularly displays status updates from my friends. All of a sudden, an SOS message appeared on my home screen as a status update of a friend on my network. Not all smartphones allow you to customize your home screen, let alone letting you put widgets on it. So, I texted Steven about it. As Steven had already been working with the US State Department on Internet development activities in Haiti, he quickly called a senior staff member at the State Department and asked how to get help to the people requesting it from Haiti. State Department personnel requested a short description and a physical street address or GPS coordinates. Via email and text messaging, I was able to relay this information from Port-au-Prince to Steven in Oregon, who relayed it to the State Department in Washington DC, and it was quickly forwarded to the US military at the Port-au-Prince airport and dispatched to the search-and-rescue (SAR) teams being assembled. So the data went from my Android phone to Oregon to Washington DC and then back to the US military command center at the Port-au-Prince airport. I was at first a little skeptical about their reaction: there was so much destruction; they probably already had their hands full. Unexpectedly, they replied back saying: 'We found them, and they are alive! Keep it coming.'"
News Experiment To Rely Only On Facebook, Twitter
(Click for story)
With a setup ripped right out of a reality show - or, perhaps more fittingly, 'The Shining' - a French-language public broadcasters association will put five journalists in a French farmhouse for five days, giving them no access to newspapers, television, radio, or the Internet, save Facebook and Twitter, to see how much world news they can report. The reporters will report this news on a communal blog. 'Our aim is to show that there are different sources of information and to look at the legitimacy of each of these sources,' said France Inter editor Helene Jouan. 'This experiment will enable us to take a hard look at all the myths that exist about Facebook and Twitter.'
Facebook's Zuckerberg Says Forget Privacy
(Click for story)
Privacy is no longer a social norm, according to the founder of Facebook, Mark Zuckerberg. Speaking at the Crunchie awards in San Francisco, the entrepreneur said that expectations had changed, and people now default to sharing online, not privacy. It's all right for him, but does he mean it's ok for bodies like the UK government to monitor all citizens' Internet use?
Facebook App s Password Data Breach Turns into Lawsuit
(Click for story)
Facebook and MySpace app maker and advertising network RockYou isn't having a great December. Earlier this month, 32 million passwords were compromised by a hacker going by the alias of "igigi." That's more than half of RockYou's monthly active users.
Facebook Campaign Decides UK Christmas Music Charts
(Click for story)
A grassroots Facebook campaign has pushed the 1990s Rage Against the Machine song 'Killing in the Name Of' to the top of the British music charts for Christmas. The campaign was planned to prevent the X-Factor winner from charting Christmas number one, as has been the case for the past four years. It was supposedly a kick against the commercialism of Christmas and commercial dominance in the music scene, although Rage and the X-Factor winner Joe McElderry were actually signed to the same label. Despite this minor detail, it's interesting to note that this is the first song to reach the number one spot through downloads alone in the UK, and is a testament to the organizational power of social networking sites like Facebook. The Facebook group also asked for donations to charity, and has raised Ł70,000 for the homeless charity Shelter.
Facebook Founder's Pictures Go Public
(Click for story)
In a not-uncommon development for the social-networking leader, Facebook's recently released privacy controls are leaving the company a bit red-faced. As a result of a new policy that by default makes users' profiles, photos, and friends lists available on the Web, almost 300 personal photos of founder Mark Zuckerberg became publicly available, a development that had gossip sites like Gawker yukking it up.
Virtual Money For Real Lobbying
(Click for story)
Another illustration of why you should not accept friend requests by anyone other than who you actually know
Silicon Alley Insider is reporting that health-insurance industry group 'Get Health Reform Right' paid Facebook users with virtual currency to be used in Facebook games in exchange for lobbying their Congressional Rep. 'Instead of asking the gamers to try a product the way Netflix would, "Get Health Reform Right" requires gamers to take a survey, which, upon completion, automatically sends the following email to their Congressional Rep: "I am concerned a new government plan could cause me to lose the employer coverage I have today. More government bureaucracy will only create more problems, not solve the ones we have."'"
Relatedly, growing concern over realistic spammer profiles in social networking sites and their potential to wreak havoc, especially if these two methods were combined.
"Many spammers now have large staffs of people working on nothing but building out completely fake personas for non-existent users on social networking sites and blog networks. The spammers use these personas to create accounts on Twitter, Facebook, Blogspot and other sites that have high levels of user interaction."
Facebook Axes "Beacon," Donates $9.5M To Settle Suit
(Click for story)
Facebook has agreed to shut down a program that sparked a lawsuit alleging privacy violations, and set up a $9.5M fund for a nonprofit foundation that will support online privacy, safety, and security. The lawsuit centers around Facebook's Beacon program, which let third-party Web sites distribute 'stories' about users to Facebook. Beacon was launched in November 2007 and less than a year later plaintiffs filed a class action lawsuit 'alleging that Facebook and its affiliates did not give users adequate notice and choice about Beacon and the collection and use of users' personal information.' ... Facebook never admitted wrongdoing but as part of a proposed settlement the company began sending notices to Facebook users this week. The settlement provides no compensation directly to users who receive the notice. Facebook users can opt out of the settlement, and should do so if they wish to pursue further legal action against Facebook related to the Beacon program. 'If you choose to do nothing and remain in the settlement class, you will be legally bound by the settlement,' a FAQ on the settlement Web site says. "By doing nothing, you will be giving up the right to sue Facebook and the other Defendants over claims related to or arising out of the Beacon program.
Facebook ID Probe Shows Things Getting Worse
(Click for story)
According to Sophos, Facebook users are getting sloppier with their personal info, not better. Revisiting a 2007 survey in which a plastic frog got 87 hits out of 200 friend requests, this time a rubber duck and a cat got 87 out of 200 friend requests, plus a bonus 8 friends who decided to trust them anyway. The research also suggests that older Facebook users are sloppier than the young, being keener to build their list of friends. (The older users had more than 4x the friends each, on average, than the young.)
Facebook Photos Lead To Cancellation of Quebec Woman's Insurance
(Click for story)
A Quebec woman on long-term sick leave, due to a diagnosis of depression, lost her health benefits after her insurance provider found photos of her on Facebook smiling and looking cheerful at parties and out on the beach. Besides all the obvious questions, how did the insurance company access her locked Facebook profile?
Games: Mafia Wars CEO Brags About Scamming Users
(Click for story)
"Mark Pincus, CEO of the company that brought us Mafia Wars, says: 'I did every horrible thing in the book just to get revenues right away. I mean, we gave our users poker chips if they downloaded this Zwinky toolbar, which was like, I don't know... I downloaded it once and couldn't get rid of it.'"
TechCrunch also ran a interesting tell-all from the CEO of a company specializing in Facebook advertisements, who provided some details on similarly shady operations at the popular social networking site.
Scams and Social Gaming
(Click for story)
TechCrunch is running a story about the prevalence of scams and shady monetization techniques in popular social games on Facebook and MySpace. As an alternative to buying in-game currency with real money, many games make use of lead-generation offers - letting players sign up for a trial service or take a survey in exchange for the currency. The system is rife with scams, and many game developers turn a blind-eye to them, much to the detriment of the players and the legitimate advertisers - not to mention the games that rightly disallow these offers and fall behind in profits. The article asserts that Facebook and MySpace themselves are complicit in this, failing to crack down on the abuses they see because they make so much money from advertising for the most popular games.
Don't Let Social Media Malware Slow You Down
(Click for story)
Unfortunately, social networking has become the latest haven for evildoers of the software kind. Modern malware (malicious software), such as the March 2009 Koobface attempt, often succeed in infecting unsuspecting hosts and then going out and gathering sensitive information (such as credit card numbers) from its victims.

According to a June 2007 survey conducted by the technology research firm Computer Economics Inc., smaller organizations experience an average of five malware events per year and worldwide, malware damage cost businesses $13.3 billion.
Texas Teen Arrested Under New Online Harassment Law
(Click for story)
Why you should only post nice things on facebook. ;^)

Police have arrested a 16-year-old girl on charges of harassment under a new Texas law that took effect September 1, 2009. H.B. 2003 says a person commits a third degree felony if the person posts one or more messages on a social networking site with the intent to harm, defraud, intimidate or threaten another person. Police say the harassment went on for a few months and involved a dispute over a boy. ... Some people expect legal challenges to the constitutionality of the new Internet law.'

The law is evidently a response to the Lori Drew case.
How Safe are Facebook Applications?
(Click for story)
Recently, Roger Thompson, chief research officer at security firm AVG, discovered over half a dozen Facebook applications that had been compromised by malicious hackers. Although the apps' reach was small with relatively few users being affected, Thompson was concerned because it was the first time he had seen apps themselves hacked as opposed to something like Facebook profile pages, a common target for the still-spreading Koobface worm.

With hacked apps, security vulnerabilities, lack of privacy policies, and apps that can read your private profile information, one has to wonder if using any Facebook application is appropriate and safe these days.
Facebook User Arrested For a Poke
(Click for story)
A woman in Tennessee has been arrested for poking someone over Facebook. Sharon Jackson had been banned by courts from 'telephoning, contacting or otherwise communicating' with the apparent poke recipient, but just couldn't hold back from click the 'poke' button. She now faces a sentence of up to a year in prison.
Facebook Worm Spreading via News Feed
(Click for story)
Malware and spam are finding new ways to spread across social media. A few days ago, a nasty Twitter Worm spread through DMs. Today, we have received multiple reports that a new worm is spreading via Facebook wall posts and status updates. The worm makes a post on walls and updates.
MIT Project "Gaydar" Shakes Privacy Assumptions
(Click for story)
At MIT, an experiment that identifies which students are gay is raising new questions about online privacy. Using data from Facebook, two students in an MIT class on ethics and law on the electronic frontier made a striking discovery: just by looking at a person's online friends, they could predict whether the person was gay. The project, given the name 'Gaydar' by the students, is part of the fast-moving field of social network analysis, which examines what the connections between people can tell us, from predicting who might be a terrorist to the likelihood a person is happy, fat, liberal, or conservative.
MIT professor Hal Abelson, who co-taught the course, is quoted: "That pulls the rug out from a whole policy and technology perspective that the point is to give you control over your information - because you don't have control over your information."
Facebook Will Shut Down Beacon To Settle Lawsuit
(Click for story)
Facebook has agreed to shut down its much-maligned Beacon advertising system in order to settle a class-action lawsuit. The lawsuit, filed in August of last year, alleged that Facebook and its Beacon affiliates like Blockbuster and Overstock.com violated a series of laws, including the Electronic Communications Privacy Act, the Video Privacy Protection Act, the California Consumer Legal Remedies Act and the California Computer Crime Law. The proposed settlement, announced late on Friday, calls not only for Facebook to discontinue Beacon, but also back the creation of an independent foundation devoted to promoting online privacy, safety and security. The money for the foundation will come from a US$9.5 million settlement fund.
Burglar Logs Into Facebook On Victim's Computer
(Click for story)
Facebook addiction has finally caused real world consequences, at least for one would-be burglar. It seems that 19-year-old Jonathan Parker couldn't stay away from the popular social networking site, even long enough to rob a house. Parker not only stopped mid-robbery to check his Facebook status on the victim's computer, but left it logged in to his account when he left.
5 Easy Steps to Stay Safe (and Private!) on Facebook
(Click for story)
I got this link from Charlie Hamilton, who hosts my web sites. Actually, I think your private postings will eventually be ignored because so many people will have embarassing information. If you try to use one of my posts against me, I can use one of your posts against you.
When the President of the United States warns schoolchildren to watch what they say and do on Facebook, you know that we've got a problem...and it's not one limited to the U.S.'s borders, either. People everywhere are mindlessly over-sharing on the world's largest social network, without a second thought as to who's reading their posts or what effect it could have on them further down the road. For example, did you know that 30% of today's employers are using Facebook to vet potential employees prior to hiring? In today's tough economy, the question of whether to post those embarrassing party pics could now cost you a paycheck in addition to a reputation. (Keep that in mind when tagging your friends' photos, too, won't you?)
Trapped girls call for help on Facebook
(Click for story)
I think the official comments are interesting. Young people are more likely to ask their peers rather than adults when they need help, so their actions seem natural to me. Also, I don't know what it is like in Australia, but there are lots of cases in the U.S. where people have problems getting to 911. With one text message, they potentially sent many people to work getting them help. It is a shame the story doesn't mention how many rescue calls 000 got.
The Metropolitan Fire Service (MFS) in Adelaide says it is worrying that two girls lost in a stormwater drain raised the alert on a social networking site rather than ringing triple-0. [Australia's 911]
The 10- and 12-year-old girls updated a Facebook status to say they were lost in a drain on Honeypot Road at Hackham in Adelaide's southern suburbs on Sunday night.
After Canadian Prodding, Facebook To Change Privacy Policy
(Click for story)
Facebook has agreed to make changes to protect users' personal information on the social networking site, including the way data is accessed by third-party developers, Canada's privacy commissioner said Thursday. Canadian officials have been negotiating with Facebook since the Office of the Privacy Commissioner released a report a month ago that argued the social network breaches Canadian privacy law. Facebook agreed to make changes dealing with third-party applications like quizzes and games, deactivation of accounts, the personal identification of non-users and accounts of users who die.
Facebook App Exposes Abject Insecurity
(Click for story)
Back in June, the American Civil Liberties Union published an article describing Facebook's complete lack of meaningful security on your and your friends' information. The article went virtually unnoticed. Now, a developer has written a Facebook 'Quiz' based on the original article that graphically illustrates all the information a Facebook app can get its grubby little hands on by recursively sweeping through your friends list, pulling all their info and posts, and showing it to you. What's more, apps can get at your information even if you never run the app yourself. Facebook apps run with the access privileges of the user running it, so anything your friend can see, the app they're running can see, too. It is unclear whether the developer of the Facebook app did so 'officially' for the ACLU.
How American Homeless Stay Wired
(Click for story)
San Franciscan Charles Pitts has accounts on Facebook, MySpace and Twitter. He runs a Yahoo forum, reads news online and keeps in touch with friends via email. Nothing unusual, right? Except Pitts has been homeless for two years and manages this digital lifestyle from his residence under a highway bridge. Thanks to cheap computers, free Internet access and sheer determination, the WSJ reports that being homeless isn't stopping some from staying wired. 'You don't need a TV. You don't need a radio. You don't even need a newspaper,' says Pitts. 'But you need the Internet.''
The Hidden Secrets of Online Quizzes
(Click for story)
Ultimately, deciding whether you should take an online quiz comes down to a question of trust: Are you comfortable putting your information - personal or financial - into the owner's hands? Remember, even if you don't directly input data, it can be passed along. Such is the case with Facebook, where just opening an application automatically grants its developer access to your entire profile. And don't assume that the developer isn't going to use the information within. [...] The ads can follow you long after you click away, too. Just look at RealAge, a detailed quiz that assigns you a "biological age" based on your family history and health habits. The site, a recent investigation revealed, takes your most sensitive answers - those about sexual difficulties, say, or signs of depression - and sells them to drug companies looking to market medications.
UK Gov't May Track All Facebook Traffic
(Click for story)
The UK government, which is becoming increasingly Orwellian, has said that it is considering snooping on all social networking traffic including Facebook, MySpace, and bebo. This supposedly anti-terrorist measure may be proposed as part of the Intercept Modernisation Programme according to minister Vernon Coaker, and is exactly the sort of deep packet inspection web inventor Sir Tim Berners-Lee warned about last week. The measure would get around the inconvenience for the government of not being able to snoop on all UK web traffic.
Facebook's New Terms of Service
(Click for story)
Facebook's new terms of service. 'Facebook's terms of service (TOS) used to say that when you closed an account on their network, any rights they claimed to the original content you uploaded would expire. Not anymore. Now, anything you upload to Facebook can be used by Facebook in any way they deem fit, forever, no matter what you do later. Want to close your account? Good for you, but Facebook still has the right to do whatever it wants with your old content. They can even sublicense it if they want.'

Update: The reaction was so strong that Facebook reverted back to their previous TOS.
A Quantitative Study of How Memes Spread
(Click for story)
A survey of about 3,000 people who were tagged in a '25 Random Things About Me' note on Facebook found that memes spread through social networks in a remarkably similar way as diseases do. A biologist who looked at the data says that '"25 Things" authors can be seen as "contagious" under what's known as a "susceptible-infected-recovered" model for the spread of disease,' with a propagation factor of 0.27 in this case. But like an infection, the whole thing died out as quickly as it exploded once the number of 'victims' - people who were willing to write 25 things about themselves - was depleted.
Researchers Build Malicious Facebook App
(Click for story)
In January 2008, a team of researchers uploaded a malicious program to Facebook to demonstrate the possible dangers of social networking applications. Called 'Photo of the Day,' the app serves up a new National Geographic photo daily, but every time it's clicked it sends a 600 K-byte HTTP request for images to a victim's Web site. Photo of the Day is still listed on Facebook, with its authorship attributed to Andreas Makridakis, one of the researchers. The application has 514 active users now, with several comments praising it. The study was published by the Foundation for Research and Technology in Heraklion, Greece, and the Institute for Infocomm Research in Singapore.
Podcast on the Effects of Having Friends
(Click for story)
This was an interesting segment on NPR's Science Friday that talked about how happiness spreads from friend to friend. It also mentioned Facebook, and I think shows why many people really like the social networking web sites.
Study Recommends Online Gaming, Social Networking For Kids
(Click for story)
a report about a study sponsored by the MacArthur Foundation which found that online gaming and social networking are beneficial to children, teaching them basic technical skills and how to communicate in the Information Age. The study was conducted over a period of three years, with researchers interviewing hundreds of children and monitoring thousands of hours of online time. The full white paper (PDF) is also available.
"For a minority of children, the casual use of social media served as a springboard to them gaining technological expertise - labeled in the study as 'geeking out,' the researchers said. By asking friends or getting help from people met through online groups, some children learned to adjust the software code underpinning some of the video games they played, edit videos and fix computer hardware. Given that the use of social media serves as inspiration to learning, schools should abandon their hostility and support children when they want to learn some skills more sophisticated than simply designing their Facebook page, the study said."
Password Resets Worse Than Reusing Old password
(Click for story)
We all know well the perils of password reuse. But what about the information used to reset passwords? Many sites use a standard set of questions - your mother's maiden name, the name of your best friend, what city you grew up in, or what brand your first car was. And you probably have a standard set of responses, making them easy to remember but not very secure. 'The city you grew up in and your mother's maiden name can be derived from public records. Facebook might unwittingly tell the name of your best friend. And, until quite recently, Ford with its 25% market share had a pretty good chance of being the brand of your first car,' says security researcher Markus Jakobsson. But 'password reset does not have to be a weak link,' says Jakobsson. 'Psychologists know that people's preferences are stable - often more so than long term memory. And very few preferences are recorded in public databases.'

Protecting of Your Privacy

Valid XHTML 1.0 Transitional Valid CSS!

© 1999-2014 Bill Pringle.      Hosting courtesy of CHCS Consulting.      This site best viewed with FireFox. Get Firefox!