Personal details of 100m Facebook users have been collected and published on the net by a security consultant … Ron Bowes used a piece of code to scan Facebook profiles, collecting data not hidden by the user’s privacy settings … the list, which has been shared as a downloadable file, contains the URL of every searchable Facebook user’s profile, their name and unique ID … Mr Bowes said he published the data to highlight privacy issues, but Facebook said it was already public information … the file has spread rapidly across the net.
Discontent about Facebook continues, and the social network’s privacy issues have been in the news a lot lately.
It’s become the issue that won’t go away, although I’ll wager those who are complaining the loudest about Facebook are still using it. How hypocritical is that?
I’ve had my say about Facebook, including why I shut down my account. Right now, my social media is more a this-and-that system, with Twitter and a few writer’s forums. So far, I haven’t found an all-in-one social media site that has all the goodies but none of the crap that I’ve come to know at Facebook.
Here’s an article from ComputerWorld that I’m reading. It’s interesting:
Is there a replacement for Facebook?: “There has been a great deal of discontent among Facebook users, and many are looking for an alternative. Are any sites ready to step in ? We look at the contenders.”
Writer Steven J. Vaughan-Nichols explored a few here: Appleseed (still in beta), Diaspora (which still exists only on paper), Elgg, Lorea, OneSocialWeb, Pligg, and Pip.io.
Here’s the spoiler:
Which one of these contenders will topple Facebook from its somewhat shaky social networking throne? At this point, I’d have to say “None of them.” Pip.io is the closest, but it’s just not ready yet … like it or lump it, if you can stomach the privacy issues, Facebook is still your best social network option for keeping up with friends and family. If Facebook makes good on its promises to do better with privacy concerns, it will remain the top social network. If it doesn’t — well, someone will invent a better social network, but it’s not here yet.
Then there’s a lot to be said about the decentralized this-and-that social networking system.
I got this from ReadWriteWeb, and am running it in its entirety. It’s interesting, even though the writers were too kind to Facebook. This, by the way, was a sponsored post–meaning it’s pretty suspect. My comments are interjected below.
Does Facebook need to run its own anti-virus and anti-malware security system? That’s a question that may need to be addressed in the near future as the now almost 500 million users on the social networking service are facing regular attacks from rogue applications, phishing attempts and other sorts of hacks, not to mention the onslaught of viral, but often completely inaccurate reposted status messages that spread around the network like modern-day chain letters. These messages warn users about some supposed threat occurring on site, but are often either misguided or out-and-out lies.
Out and out lies, my butt. I spent about an hour chasing down something that a) sent random weird messages to my Facebook friends and b) was identified as malware by several excellent sources. This missive smacks of spin control to me.
Is it time for Facebook to step in and do more to protect its network and its users from threats like these?
Rogue Facebook Apps Top Rogue Anti-Spyware During Busy Weekend
The latest threat to make the rounds on Facebook is a rogue application dubbed ‘Distracting Beach Babes.’ The app compromised the security of thousands of users’ accounts by way of status messages that appear to be from friends. But when the users click through on the tantalizing link, they’re asked to give an application permission to run. The app then tells users they must update their ‘FLV player’ before they can see the video. Those that attempt to do so are sent off-site to another page where malware is installed on their computer.
This is hardly the first rogue application to take advantage of Facebook’s automated app approval systems. In fact, only days ago, a similar attack was underway. This one was a link to what was purportedly the ‘sexiest video ever!’ (Those hackers sure know how to entice, don’t they?)
Shoot, this wasn’t even the first attack involving the FLV player. If y’all haven’t read the sordid tale yet, do so.
This particular application led to a very busy weekend for anti-virus firms, indicating a major push by rogue Facebook apps, says AVG’s chief research officer, Roger Thompson. Via the AVG website, Thompson reported that from midnight to 9 a.m. on May 15, its anti-malware software blocked more than 30,000 rogue Facebook applications, more than three times the rate of rogue anti-spyware.
In other words, the new anti-malware wave won’t be coming from email, IM or other random websites users are tricked into visiting. It will come from your Facebook friends… or so it will seem.
Thompson acknowledged that Facebook’s security team was ‘very responsive’ in identifying and removing these sorts of rogue applications, but Facebook’s by-default viral nature allowed them to spread rapidly and affect large numbers of users before the apps could be removed. ‘This attack was actually stunning in terms of scale,’ he said.
“Very responsive?” I’ll bite. This issue came to my attention May 2. If they were “very responsive,” this would be a dead issue and no more needs to be said or written.
Oh. I forgot. It was a different video this time. That’ll throw ’em every time. Silly me.
Rogue Apps, Phishing, Scams and More
Other recent Facebook-related malware attacks have included fake Facebook password reset emails, the seemingly never-ending spread of the Koobface worm, the ‘stalk my profile’ scam (a rogue app with 25 variations, claiming it could tell you who visited your profile), the rogue ‘like’ app (which borrows the infamous like icon), and many others. Other unpatched attack vectors pop up everyday, like this security hole which researcher Joey Tyson (a.k.a theharmonyguy) describes as a ‘dream situation for phishing.’ This vulnerability is especially troubling as it enables a hacker to present a convincing Facebook login page that actually contains the term ‘facebook.com’ within its URL. (See it action here. Can you tell that’s not the real Facebook.com?)
The situation has gotten so bad that users, in an attempt to be helpful, end up spreading around messages about various threats. Unfortunately, the threats they report are often false or are simply harmless bugs that Facebook is fixing, adding to the confusion. Case in point is the warning that anyone who received ‘tons of friend suggestions’ was infected with a virus. The reality, ironically, involved a widespread misunderstanding of the actual Facebook friend suggestion feature. The situation is so out of control that people are now spreading jokes poking fun at the trend itself.
See my above comment. If this was a bug Facebook was fixing, this would not be an issue. Next question …?
Facebook’s Security Efforts to Date
For what it’s worth, earlier this year, Facebook implemented virus-scanning for the PCs of compromised users after they had fallen victim to an attack. The company also runs its own Security Page, which serves as a warning system of sorts. The page now has over 1.8 million fans (or in the new lingo, ‘people who like this’). But on a network of nearly 500 million, this is the equivalent of a drop in the bucket. And it may not be enough to combat this ever-growing threat.
Ohh, yeah. Online virus scanning of the end user’s computer. There are a few services that offer this; you will see their ads popping up every once in a while. Unfortunately, these are the kind of “services” that ad a whole different breed of malware to your computer. I’ll pass on that.
And Facebook implementing this virus scanning? The way they totally don’t give a rip about user security, I’d pass on that too. And if you have half a brain, you’ll likewise pass.
Sophos security researcher Graham Cluley recently pondered this same question, asking, ‘Isn’t it time that Facebook set up an early warning system on their network, through which they can alert their… users about breaking threats as they happen?’ The impact of such a feature could be dramatic, he explains. ‘Imagine just how many people could have been protected if a simple message had appeared on all users’ screens warning them of the outbreak.’
Whether an early warning system is actually needed is debatable. Another option would be for Facebook to more closely monitor the applications submitted to its platform. As the New York Times recently reported, ‘Facebook’s automated system for application developers leaves a door open to the creation and distribution of abusive applications,’ even if the apps’ ability to spread is short-lived.
But apps that only live for a few hours can still have thousands of victims. Maybe it’s time for Facebook to make sure they never get to live at all?
Image credits in original article: Facebook; Sophos
Bottom line: Facebook has not earned my trust. There’s no way on this earth I’d trust them to do anything with my computer. I won’t even let them wipe the dust off my screen. And now this?
Might this be another reason to ditch Facebook?
Facebook Handing Advertisers Names, Hometowns: “Despite promises to the contrary, Facebook and MySpace are supplying information to advertisers that can be used to find an individual’s name, age, hometown and occupation, reports the Wall Street Journal . Typically on the Web, advertisers receive nothing more than an unintelligible string of letters and numbers ‘identifying’ an Internet…
The full article can be read in the Wall Street Journal:
Facebook, MySpace and several other social-networking sites have been sending data to advertising companies that could be used to find consumers’ names and other personal details, despite promises they don’t share such information without consent … the practice, which most of the companies defended, sends user names or ID numbers tied to personal profiles being viewed when users click on ads. After questions were raised by The Wall Street Journal, Facebook and MySpace moved to make changes. By Thursday morning Facebook had rewritten some of the offending computer code … advertising companies are receiving information that could be used to look up individual profiles, which, depending on the site and the information a user has made public, include such things as a person’s real name, age, hometown and occupation … several large advertising companies identified by the Journal as receiving the data, including Google Inc.’s DoubleClick and Yahoo Inc.’s Right Media …
OK. Have you dumped your Facebook account yet? While I do miss the networking with friends, I’m surviving pretty well without it. I sure don’t miss the malware. Or the privacy settings that require a degree in nuclear physics to figure out. Or the random people I really don’t want to hear from. Or all this Farmville and FishyWorld or whatever-it-is crap that’s cluttering up my computer.
Facebook’s been in a lot of hot water lately, what with the much-discussed privacy issues facing the social media giant.
I’d had my moment in writing about the issue, as I went so far as to shut down my Facebook account after a bout with spyware from the site and this increasingly snaky feeling that Facebook doesn’t really give a rip about user privacy.
Anyway, Facebook folks had a major meeting this afternoon to discuss these issues. Whether this meeting involved mass executions, I have no idea. Yet.
It seems Facebook is bringing stonewalling to an art form.
This account is from ReadWriteWeb, a source I trust on tech matters:
As we reported yesterday, Facebook’s high and mighty summoned unto them their employees, to talk about the savage beating they’ve been taking in the media, on blogs and among users, big and basic. The meeting, held at 4:00 pm PST has produced no audible results … when we asked a Facebook spokesman about the meeting we got the same boilerplate as every other organization:
“We have an open culture and it should come as no surprise that we’re providing a forum for employees to ask questions on a topic that has received a lot of outside interest.”
But wait, there’s more:
In an e-mailed statement to Computerworld, Facebook spokesman Andrew Noyes said, ‘We had a productive discussion where comments were made and questions were asked and answered” … Noyes declined, however, to say if the social networking giant made any decisions about changing its contentious privacy policies or if the meeting was simply to allow employees to ask questions about the brouhaha that has arisen over them.
Looks like Facebook is trying its level best to screw things up here. See, they were on top for some time. Reduced Friendster into a trivia question, and stripped MySpace of all relevance.
Facebook became the only game in town.
When you’re the only game in town, you get caught up in Hubris real easily. And as the ancient Greeks so tiresomely remind us, that’s when Nemesis hands you your bee-hind.
Oh, yeah. I have not restarted with Facebook. Nor do I plan to. I’m sure my old Facebook friends would understand, and it’s not like social media is the only way we keep in contact.
I never could get into the online games and other trappings, but Facebook was still one of my guilty online pleasures. Well, not exactly guilty; many of my friends are on it and that’s how we correspond.
Put all that in the past tense. By the end of this week, I will shut my Facebook account down. It’s not so much that it’s a waste of time — though in many respects it is — but the Facebook interface has gone from bad to worse.
Like it or not, Facebook is a big phenomenon in the online world. It started some years ago as an interactive message board, and from there it grew legs. By itself it made that other groundbreaking social media site, MySpace, into an irrelevancy. OK, MySpace helped Facebook along by being the overloaded piece of junk that it is. For a long time, Facebook’s big appeal in the social media world was that it wasn’t MySpace.
I’d written extensively about Facebook’s problems, mostly in the privacy realm. But many of these privacy issues in the past could be chased down to that great void that sits between chair and keyboard. If the computer operator is brain dead, then all sorts of weird things will happen with the computer.
I’ve noticed recently, though, that Facebook is playing it fast and loose with user privacy. Several new settings were implemented over the past few months, and all of these — though billed as something that would enrich your Facebook experience — tend to “share” your personal settings with everybody.
As I write this, I have a modest 104 friends on Facebook. Unlike many social media users, these are people I actually know. I’ve met nearly all of them, and the few I haven’t met I’ve corresponded with enough to call them friends.
A Facebook employee, in an off-the-record chat with New York Times reporter Nick Bilton said that Facebook CEO Mark Zuckerberg really doesn’t give a rip about your privacy:
@nickbilton: Off record chat w/ Facebook employee. Me: How does Zuck feel about privacy? Response: [laughter] He doesn’t believe in it.
Bilton’s original tweet, and it sure triggered a firestorm online. OK, you can debate this point here from a journalistic standpoint and from a factual one, but this statement certainly lines up with many of the changes I’ve seen on Facebook.
The final straw came Saturday night, when I got a video from a friend of mine. The still-shot preview showed a nearly-naked young woman, viewed from the hip. Now, I’m scratching my head. This friend of mine is a family man, one of the most honorable people I know, a good Southern Baptist, and just what is this all about? What didn’t help is that the caption called this an “optical illusion.”
OK. I’ll bite.
While I bit, I was told my video viewer was out of date. I was asked if I wanted to download a new viewer. Now, I’m thinking. I use Opera 10.50, which for Linux is still in alpha. I mean, my software is bleeding-edge stuff; why should my viewer be out of date? Like an idiot I clicked on it.
A couple of things then happened:
1) The video was automatically sent to many people on my friends’ list.
2) The .exe file to the viewer sat in my /home/download file. I noted the name and ran a Google search. The program in question, flvdirect.exe, is billed as something that would help download torrents but is actually spyware. It’ll do all sorts of nefarious things on your hard drive and it monitors your surfing habits.
For the next hour or so, I heated up my high-speed Internet line. Running Google searches on the offending software. Firing instant messages back and forth with a Facebook (actually a real) friend who also got the video — from me. Posting my findings on Facebook. I finally got to bed at 2 a.m., exhausted. Spreading malware sure is hard work.
The flvdirect.exe file did not affect my computer. I use a Linux system, which is immune to junk like that. The friend I exchanged messages with runs a Mac, which like Linux is also built off the lock-tight UNIX operating system. If I was using a Windows box it might be a different story.
All this episode did was spread on my Facebook account, and perhaps made my friends wonder if I’d flipped out. It robbed me of some valued sleep, and when you look like me you need all the beauty sleep you can get.
And it ticked me off. Completely. Enough to convince me to shut down Facebook.
OK, folks. Here’s how this works. I still have two active email addresses; you can catch me at either one. I have two phone numbers; if you have one of those numbers you can give me a holler if you need to (those who don’t have the number, well, there’s a reason for that). I have my blog; those who read my posts on Facebook can read the exact same stuff there or even grab the RSS feed for your news raleader. For social media I have Twitter and LinkedIn, and if you’re at least 50 years old you can catch my old folks’ social media page at Eons. So it’s not like I’m disappearing off the face of the earth, or even off the Web. Shoot, I make my living on the Internet; I’m not about to shut that down.
But Facebook? That’s a whole ‘nother matter.
If you use Facebook and have a Windows system, keep your virus checker and spyware screening system up to date. Seriously. AVG makes an excellent virus checker, it’s free, and I understand it does check for spyware.
Don’t click on weird-looking stuff, EVEN IF A FRIEND SENDS IT.
Got all that? Good.
In the next few days I’ll be checking on other social-media options, and reporting on them. All of these, by the way, will feed directly into my Facebook page so they can be read there. If you access my material from there, you’d better read it fast before I shut the whole thing down.
Here’s the upshot: If you’re comfortable with the direction Facebook is going, by all means use it and enjoy it. But since I’m not comfortable with any of that, you can deal me out.