PDA

View Full Version : Another major Facebook breach


Ned
10-17-2010, 08:02 PM
According to a News Flash in the Wall Street Journal,

Many of the most popular applications, or "apps," on the social-networking site Facebook Inc. have been transmitting identifying information—in effect, providing access to people's names and, in some cases, their friends' names—to dozens of advertising and Internet tracking companies, a Wall Street Journal investigation has found.

The issue affects tens of millions of Facebook app users, including people who set their profiles to be completely private. The practice breaks Facebook's rules, and renews questions about its ability to keep identifiable information about its users' activities secure.

The problem has ties to the growing field of companies that build detailed databases on people in order to track them online—a practice the Journal has been examining in its What They Know series. It's unclear how long the breach was in place. On Sunday, a Facebook spokesman said it is taking steps to "dramatically limit" the exposure of users' personal information...

If you're a Facebook user, I continue to recommend that the only way to protect your private information, information you rather not have in the public domain, is to not enter such information on Facebook, or anywhere else on the Internet.

Relying on Facebook and other sites' protections and privacy settings is sure to eventually backfire, as sooner of later there is "always" a security breach. It is a myth that what you enter on these sites can actually be kept confidential.

Rather, you need to rely on your commonsense as to what you should or shouldn't put into the public domain, as sooner or later everything you put on the Internet will make it to the public domain.

deangreenhoe
10-17-2010, 09:33 PM
Or you could just become a Facebook dropout, like me. I ditched that venue almost a year ago after only a few months of being a user. Most of their aps hit me as way too invasive (not to mention somewhat sophomoric) even though I'm not really well versed in that sort of thing.

And yet, somehow I still exist on the planet without it. :rolleyes:

tdew
10-17-2010, 10:06 PM
I use it to keep in touch and to keep up with what everyone is doing, but do not play any games or use any of the applications.

I am trying to get friends and family to realize that a message on facebook isn't the same as an email message, after trying to find something that had been said to me.

TPARick
10-18-2010, 07:47 AM
Why we are on the facebook subject. I have a page that I use to contact old school and neighborhood friends. I was just reading my page and on there I see a post from someone who is a friend of a friend. This girl's post; can't wait, sailing on a cruise over christmas dec 24 to jan 02. So guess what I google her name,yep you guessed it,her address right diown to the house number is right there for all to see.

This is the 2nd time I have seen a post like this with a vacation notice for all to see. Neither time have I known the people, they are friends of friends.

I wonder how many friends have seen the invite to a vacant vacation house? :eek:

bodega
10-18-2010, 11:00 AM
Why we are on the facebook subject. I have a page that I use to contact old school and neighborhood friends. I was just reading my page and on there I see a post from someone who is a friend of a friend. This girl's post; can't wait, sailing on a cruise over christmas dec 24 to jan 02. So guess what I google her name,yep you guessed it,her address right diown to the house number is right there for all to see.

This is the 2nd time I have seen a post like this with a vacation notice for all to see. Neither time have I known the people, they are friends of friends.

I wonder how many friends have seen the invite to a vacant vacation house? :eek:
I see this all the time on Facebook and it doesn't seem to matter the age of the poster. Dumb!

I also don't get the posting of childrens pictures. While you think only your friends can see them, others can, too. You normally protect your children from strangers but I guess not on Facebook. Dumb!

So far, I find Twitter useless to read and Facebook is just a diary with constant advertising.

jfrenaye
10-18-2010, 11:28 AM
All of those privacy issues (not the app breach) can be addresed with the filters which are indeed convoluted and complex.

But if one takes the time to set them up properly and one wanted to post every insignificant thing about their lives and only have it seen by family--that is entirely possible.

For Apps, I don;t trust most of them. On occasion I will allow one to be installed but then I usually go and deactivate it after I got waht I wanted.

Most people don;t take the time to learn--that is the issue. And as to posting a vacation--again, if you are allowing strangers on your wall--that is dumb. If your settings are correct, you shoudl be fine!

Annette
10-18-2010, 01:10 PM
Actually it's exceedingly easy to get look at photos that people have posted even if their profiles are private and you're not on their list, if you have an accomplice. Or looking at it another way, it's easy for someone on your list to share your photos even if you think they can't.

All that has to be done is to right click on a photo, select "view image", and the image is brought up from the location that facebook stores it which apparently is not protected at all. Copy the link for that and voila, anyone in the world can view the photo.

For instance my privacy settings are set so that only people on my friend list can view my photos. But I posted one yesterday of a pumpkin I carved for Thanksgiving. If you're not on my friend list, you'll still be able to view it by clicking on this link:

http://sphotos.ak.fbcdn.net/hphotos-ak-ash2/hs395.ash2/67374_1581693456799_1069569260_1644965_791330_n.jp g

So if you post that embarassing picture from the office party thinking that no one else can see it, be aware that there are ways.

Ned
10-18-2010, 02:15 PM
Annette's exactly right John. In addition, I've found two things are true about Facebook which I continue to use.

First, the Facebook privacy settings are, as you said, convoluted and complex. I was doing a workshop about Internet marketing with educators. Everyone in the group had at least a Bachelors' and Masters' degree, and about half had a PhD. Within a half hour of talking about Facebook (one of the topics they chose for me to discuss with them) it was clear they didn't understand the complexities of Facebook's privacy structure. If it takes such highly educated people that much trouble, what about everyone else?

Second, Facebook is one of the easiest structures to hack in my opinion. If someone really wants to get the private information, I have little doubt they will succeed.

I am very careful to not put on Facebook, information I don't wish to share with the world. If it's not there, it can't be leaked.

jfrenaye
10-18-2010, 02:35 PM
Well it is as easy to hack for the same reason as IE has viruses and not Safari--there are far more people using the platform.

Annette you are correct, but when I said that to keep your stuff entirely private you can do that, I was somewhat assuming (and stated) that you limited your friends to true friends and family, and had the settings set properly. Barring that there is an "accomplice" (and if there is perhaps a more rigorous selection process of friends and family might be warranted), it would be fairly secure except for the stray person that happens to guess the convoluted URL. And even if the accomplice did get it they could not tag it without your knowledge.

Ned, the Bachelors, Masters and PhDs will get someone a degree. The fact that they have those designations is irrelevant in this conversation--there are many people with an 8th grade diploma that can likely run circles around that group. Plus you also need to consider that (and this is an assumption on my part) the group is likely older and perhaps less savvy in terms of Web 2.0.

Annette
10-18-2010, 03:08 PM
I'm just saying, especially for the younger crowd, things aren't as secure as they think. For the university/bar type crowd especially tempers can flare easily and friendships are broken as fast as they're formed, and someone thinking oh well my photos are safe because no one not on my friend list can see them might have a big surprise coming to them.

Ned
10-18-2010, 03:08 PM
John, last week I had to clean malware from a couple of MacBooks. The biggest reason Macs don't have problems, while PC's do, is statistics. You get more bang for your malware/virus buck if you attack Windows. For the first time MACs finally broke the 10% barrier of quarterly sales. If MACs get much more popular, they will have the same problems of viruses PCs have.

Those Bachelors, Masters, and PhDs are the people teaching the kids in school. Come-on John, even I had a hard time figuring out the details of Facebook's privacy control scheme. Not only is it complicated, there is no reason it should be. Any "real" systems engineers worth their weight in sand could make these controls straightforward.

Well it is as easy to hack for the same reason as IE has viruses and not Safari--there are far more people using the platform.

Annette you are correct, but when I said that to keep your stuff entirely private you can do that, I was somewhat assuming (and stated) that you limited your friends to true friends and family, and had the settings set properly. Barring that there is an "accomplice" (and if there is perhaps a more rigorous selection process of friends and family might be warranted), it would be fairly secure except for the stray person that happens to guess the convoluted URL. And even if the accomplice did get it they could not tag it without your knowledge.

Ned, the Bachelors, Masters and PhDs will get someone a degree. The fact that they have those designations is irrelevant in this conversation--there are many people with an 8th grade diploma that can likely run circles around that group. Plus you also need to consider that (and this is an assumption on my part) the group is likely older and perhaps less savvy in terms of Web 2.0.

jfrenaye
10-18-2010, 03:40 PM
That was my point Ned. Windows PCs are attacked because they have the volume! It is worth an attacker's time and effort for the return on the PC. No so much on a MAC. Same with Facebook--if you are hacking half a billion is a lot more attractive than the local Ning network for your block.

Hey, I don't deny that the security settings are complex. THey are, but as you know if you take the time to learn them (and I find step by step is usually a good way) they are a lot more encompassing if you want them to be.

As for people teaching kids--there are plenty of profs/teachers that have no business teaching today's kids in elementary, secondary, or post secondary education. Tenure is a powerful thing.

tdew
10-18-2010, 07:32 PM
I was somewhat assuming (and stated) that you limited your friends to true friends and family, and had the settings set properly.

John, I think that is the key! Know who you are becoming "friends" with - and keep your settings limited to those people that you know well.
I have no problem telling people I know casually that I reserve my friend list for only very close friends.

I also don't have a problem saying that I'm going somewhere, because most times there are still a bunch of people at home.

jfrenaye
10-19-2010, 08:21 AM
I have set up three levels of privacy. For people I know, have met, and am truly friends with -- they have full access to the profile. Acquaintenances (maybe know them online, ran into them once or twice, no real friendly connection) are somewhat restricted. Once removed people (maybe have seen their stuff online, friend of a friend, maybe a business connection, etc) they are very restricted. ANd the request from someone wiht no recognition or connection--I ignore.

bodega
10-19-2010, 10:51 AM
I have set up three levels of privacy. For people I know, have met, and am truly friends with -- they have full access to the profile. Acquaintenances (maybe know them online, ran into them once or twice, no real friendly connection) are somewhat restricted. Once removed people (maybe have seen their stuff online, friend of a friend, maybe a business connection, etc) they are very restricted. ANd the request from someone wiht no recognition or connection--I ignore.
Regardless of the privacy you have set up, you don't know who is seeing your infomation. Your 'friend' might let others in using their password. It happens and once in, you can access some things posters don't realize are accessible. I personally have found this out when my DIL let me go in to contact someone I found had a facebook page and wanted to reach.

tdew
10-19-2010, 12:15 PM
Regardless of the privacy you have set up, you don't know who is seeing your infomation. Your 'friend' might let others in using their password. It happens and once in, you can access some things posters don't realize are accessible. I personally have found this out when my DIL let me go in to contact someone I found had a facebook page and wanted to reach.

Agreed, but then I really don't have any secret things that I post anyway, so if someone's friend gets to my stuff by accident, they aren't going to stay long.
There's nothing exciting there... I'm not worried.

bodega
10-19-2010, 12:34 PM
Agreed, but then I really don't have any secret things that I post anyway, so if someone's friend gets to my stuff by accident, they aren't going to stay long.
There's nothing exciting there... I'm not worried.
It is the younger crowd that seems to post just about anything and everything. They hide nothing from their friends. Amazing!

Gesualdo
10-20-2010, 03:00 PM
I discovered that even when you don't allow friends of friends to view any part of your page, they can still access photos, even post comments, if they are tagged in a photo by one of your friends. Not only can they see the photo in which they are tagged, they can see every photo in that album.

Likewise, if you are looking at photos of a friend (photos in which the friend is tagged), you can look at every photo in the same album, even if you aren't on the friend list of the album owner and the owner has privacy set to only allow friends to see the photos. Moreover, I can't remember for sure, but you may be able to see every photo on their page, regardless of album or privacy settings.

In other words, I wasn't too happy to discover all this. So no embarrassing photos on my page.

AaronK
10-20-2010, 03:44 PM
That's why my settings are configured to not allow tags to be viewable.

However, I also go in and remove any tag when someone tags me. I just need to get to it fast enough.

jfrenaye
10-20-2010, 04:14 PM
Ges--not sure of that. I have a friend that was tagged in an album and unless I am friends of the album owner, I can only see that one picture. And that is all based on how the tagee and tagger have their permissions set with the tagger having precedence

Gesualdo
11-15-2010, 05:48 PM
All I know is that I had some photos in an album that only a small group of my friends could see. One of those friends tagged a photo for someone else who was on their friends list, but not on mine. Later, the person who was tagged posted a (funny) comment about the photo. To this day, he is still not on my own friends list (although not because I don't trust him).

To test the issue, I went to a photo where I was tagged by a friend on someone else's page - who is not on my friends list. I clicked on the photo and was taken to that person's photo album, where I could see every photo in that album just by clicking the photo itself to go to the next one in the album. When I ran a search on that person to see the general page, the only thing available to me was a very minimalist "Info" page. I could not get to their photos from there. I don't know about Facebook's privacy settings, other than the warnings I've seen and heeded. This is just my personal experience. And I sent a message to FB about it, but I know how they listen.

tdew
11-15-2010, 06:02 PM
I want to try this out! It seems to me that you can only tag someone who is already on your friend list. Otherwise, you can put a label, but it doesn't link to anything. I just tried to tag a picture of someone who is not on my list.
The message said:
Enter susan's email address. We'll send a link to this photo and add them to your friends list.

jfrenaye
11-15-2010, 06:09 PM
Yes you can label (Creepy guy with red eyes looking like the devil) and that is all it does.

Ges, are you sure you could see the entire album? I have been able to see images of my friends who are tagged in other's albums ( who are not my friend) but I am limited to the one picture. I need to go look and see if there are different photo provacy settings.

Gesualdo
11-15-2010, 06:10 PM
You can only tag (with a linked tag) someone from your own friends list. But if your friends can tag photos on your page, they can tag with anyone from their own friends list. That's what happened in my case.

TPARick
11-15-2010, 07:04 PM
Yes you can see all the pics in that upload. I had someone tag a friend who just attended a 40th grade school reunion,I know two people in the group but was able to view the other pics and the lady who uploaded the pics is not my friend.

Gesualdo
11-15-2010, 07:13 PM
I haven't been stopped short in anyone's photos yet. I don't always check to see what their outer settings are, though.