Data on millions of Facebook users available online

Talk about hanging your business out on the street:

BBC News – Details of 100m Facebook users collected and published

Here’s an excerpt from the BBC story:

Personal details of 100m Facebook users have been collected and published on the net by a security consultant … Ron Bowes used a piece of code to scan Facebook profiles, collecting data not hidden by the user’s privacy settings … the list, which has been shared as a downloadable file, contains the URL of every searchable Facebook user’s profile, their name and unique ID … Mr Bowes said he published the data to highlight privacy issues, but Facebook said it was already public information … the file has spread rapidly across the net.

Seems you can go to one of those fire sharing sites (like Pirate Bay), grab the file, and see a whole bunch of people you know on it. Maybe including yourself.
Facebook says your info will not be shared if you “hide” it in the privacy settings. However, one criticism of FB (legion, for there are many) is that those privacy setting are not the default ones and it takes an advanced degree in engineering to figure out those settings.
And, in truth, so many Facebook users are not the most computer-savvy or security-conscious people in the world. In fact, Facebook is designed so the person can use it once he masters the art of finding the computer power switch.
Or something.
Once you get the idea of running a computer and going on line, the Internet can make a lot of jobs easier. And if you’re a Big Brother government type, a stalker, or some other kind of creepazoid, Facebook may have made your job/hobby even easier.
###

Is there a replacement for Facebook?

Discontent about Facebook continues, and the social network’s privacy issues have been in the news a lot lately.

It’s become the issue that won’t go away, although I’ll wager those who are complaining the loudest about Facebook are still using it. How hypocritical is that?

I’ve had my say about Facebook, including why I shut down my account. Right now, my social media is more a this-and-that system, with Twitter and a few writer’s forums. So far, I haven’t found an all-in-one social media site that has all the goodies but none of the crap that I’ve come to know at Facebook.

Here’s an article from ComputerWorld that I’m reading. It’s interesting:

Is there a replacement for Facebook?: “There has been a great deal of discontent among Facebook users, and many are looking for an alternative. Are any sites ready to step in ? We look at the contenders.”

Writer Steven J. Vaughan-Nichols explored a few here: Appleseed (still in beta), Diaspora (which still exists only on paper), Elgg, Lorea, OneSocialWeb, Pligg, and Pip.io.

Here’s the spoiler:

Which one of these contenders will topple Facebook from its somewhat shaky social networking throne? At this point, I’d have to say “None of them.” Pip.io is the closest, but it’s just not ready yet … like it or lump it, if you can stomach the privacy issues, Facebook is still your best social network option for keeping up with friends and family. If Facebook makes good on its promises to do better with privacy concerns, it will remain the top social network. If it doesn’t — well, someone will invent a better social network, but it’s not here yet.

Then there’s a lot to be said about the decentralized this-and-that social networking system.

###

Does Facebook need its own anti-malware service?

I got this from ReadWriteWeb, and am running it in its entirety. It’s interesting, even though the writers were too kind to Facebook. This, by the way, was a sponsored post–meaning it’s pretty suspect. My comments are interjected below.

Does Facebook Need Its Own Anti-Malware Service?: “

Does Facebook need to run its own anti-virus and anti-malware security system? That’s a question that may need to be addressed in the near future as the now almost 500 million users on the social networking service are facing regular attacks from rogue applications, phishing attempts and other sorts of hacks, not to mention the onslaught of viral, but often completely inaccurate reposted status messages that spread around the network like modern-day chain letters. These messages warn users about some supposed threat occurring on site, but are often either misguided or out-and-out lies.

Out and out lies, my butt. I spent about an hour chasing down something that a) sent random weird messages to my Facebook friends and b) was identified as malware by several excellent sources. This missive smacks of spin control to me.

Is it time for Facebook to step in and do more to protect its network and its users from threats like these?


Rogue Facebook Apps Top Rogue Anti-Spyware During Busy Weekend



The latest threat to make the rounds on Facebook is a rogue application dubbed ‘Distracting Beach Babes.’ The app compromised the security of thousands of users’ accounts by way of status messages that appear to be from friends. But when the users click through on the tantalizing link, they’re asked to give an application permission to run. The app then tells users they must update their ‘FLV player’ before they can see the video. Those that attempt to do so are sent off-site to another page where malware is installed on their computer.




This is hardly the first rogue application to take advantage of Facebook’s automated app approval systems. In fact, only days ago, a similar attack was underway. This one was a link to what was purportedly the ‘sexiest video ever!’ (Those hackers sure know how to entice, don’t they?)


Shoot, this wasn’t even the first attack involving the FLV player. If y’all haven’t read the sordid tale yet, do so


This particular application led to a very busy weekend for anti-virus firms, indicating a major push by rogue Facebook apps, says AVG’s chief research officer, Roger Thompson. Via the AVG website, Thompson reported that from midnight to 9 a.m. on May 15, its anti-malware software blocked more than 30,000 rogue Facebook applications, more than three times the rate of rogue anti-spyware.



In other words, the new anti-malware wave won’t be coming from email, IM or other random websites users are tricked into visiting. It will come from your Facebook friends… or so it will seem.



Thompson acknowledged that Facebook’s security team was ‘very responsive’ in identifying and removing these sorts of rogue applications, but Facebook’s by-default viral nature allowed them to spread rapidly and affect large numbers of users before the apps could be removed. ‘This attack was actually stunning in terms of scale,’ he said.


“Very responsive?” I’ll bite. This issue came to my attention May 2. If they were “very responsive,” this would be a dead issue and no more needs to be said or written. 


Oh. I forgot. It was a different video this time. That’ll throw ’em every time. Silly me.

Rogue Apps, Phishing, Scams and More



Other recent Facebook-related malware attacks have included fake Facebook password reset emails, the seemingly never-ending spread of the Koobface worm, the ‘stalk my profile’ scam (a rogue app with 25 variations, claiming it could tell you who visited your profile), the rogue ‘like’ app (which borrows the infamous like icon), and many others. Other unpatched attack vectors pop up everyday, like this security hole which researcher Joey Tyson (a.k.a theharmonyguy) describes as a ‘dream situation for phishing.’ This vulnerability is especially troubling as it enables a hacker to present a convincing Facebook login page that actually contains the term ‘facebook.com’ within its URL. (See it action here. Can you tell that’s not the real Facebook.com?)


The situation has gotten so bad that users, in an attempt to be helpful, end up spreading around messages about various threats. Unfortunately, the threats they report are often false or are simply harmless bugs that Facebook is fixing, adding to the confusion. Case in point is the warning that anyone who received ‘tons of friend suggestions’ was infected with a virus. The reality, ironically, involved a widespread misunderstanding of the actual Facebook friend suggestion feature. The situation is so out of control that people are now spreading jokes poking fun at the trend itself.

See my above comment. If this was a bug Facebook was fixing, this would not be an issue. Next question …?


Facebook’s Security Efforts to Date



For what it’s worth, earlier this year, Facebook implemented virus-scanning for the PCs of compromised users after they had fallen victim to an attack. The company also runs its own Security Page, which serves as a warning system of sorts. The page now has over 1.8 million fans (or in the new lingo, ‘people who like this’). But on a network of nearly 500 million, this is the equivalent of a drop in the bucket. And it may not be enough to combat this ever-growing threat.

Ohh, yeah. Online virus scanning of the end user’s computer. There are a few services that offer this; you will see their ads popping up every once in a while. Unfortunately, these are the kind of “services” that ad a whole different breed of malware to your computer. I’ll pass on that.


And Facebook implementing this virus scanning? The way they totally don’t give a rip about user security, I’d pass on that too. And if you have half a brain, you’ll likewise pass.

Sophos security researcher Graham Cluley recently pondered this same question, asking, ‘Isn’t it time that Facebook set up an early warning system on their network, through which they can alert their… users about breaking threats as they happen?’ The impact of such a feature could be dramatic, he explains. ‘Imagine just how many people could have been protected if a simple message had appeared on all users’ screens warning them of the outbreak.’



Whether an early warning system is actually needed is debatable. Another option would be for Facebook to more closely monitor the applications submitted to its platform. As the New York Times recently reported, ‘Facebook’s automated system for application developers leaves a door open to the creation and distribution of abusive applications,’ even if the apps’ ability to spread is short-lived.



But apps that only live for a few hours can still have thousands of victims. Maybe it’s time for Facebook to make sure they never get to live at all?



Image credits in original article: Facebook; Sophos


Bottom line: Facebook has not earned my trust. There’s no way on this earth I’d trust them to do anything with my computer. I won’t even let them wipe the dust off my screen. And now this?


###

Facebook handing advertisers names, hometowns

Might this be another reason to ditch Facebook? 


From Newser:

Facebook Handing Advertisers Names, Hometowns: “Despite promises to the contrary, Facebook and MySpace are supplying information to advertisers that can be used to find an individual’s name, age, hometown and occupation, reports the Wall Street Journal . Typically on the Web, advertisers receive nothing more than an unintelligible string of letters and numbers ‘identifying’ an Internet…


The full article can be read in the Wall Street Journal:

Facebook, MySpace and several other social-networking sites have been sending data to advertising companies that could be used to find consumers’ names and other personal details, despite promises they don’t share such information without consent … the practice, which most of the companies defended, sends user names or ID numbers tied to personal profiles being viewed when users click on ads. After questions were raised by The Wall Street Journal, Facebook and MySpace moved to make changes. By Thursday morning Facebook had rewritten some of the offending computer code … advertising companies are receiving information that could be used to look up individual profiles, which, depending on the site and the information a user has made public, include such things as a person’s real name, age, hometown and occupation … several large advertising companies identified by the Journal as receiving the data, including Google Inc.’s DoubleClick and Yahoo Inc.’s Right Media …

OK. Have you dumped your Facebook account yet? While I do miss the networking with friends, I’m surviving pretty well without it. I sure don’t miss the malware. Or the privacy settings that require a degree in nuclear physics to figure out. Or the random people I really don’t want to hear from. Or all this Farmville and FishyWorld or whatever-it-is crap that’s cluttering up my computer.

###

 

Facebook stonewalls on privacy questions

Facebook’s been in a lot of hot water lately, what with the much-discussed privacy issues facing the social media giant. 

I’d had my moment in writing about the issue, as I went so far as to shut down my Facebook account after a bout with spyware from the site and this increasingly snaky feeling that Facebook doesn’t really give a rip about user privacy.

Anyway, Facebook folks had a major meeting this afternoon to discuss these issues. Whether this meeting involved mass executions, I have no idea. Yet.

It seems Facebook is bringing stonewalling to an art form.

This account is from ReadWriteWeb, a source I trust on tech matters:

***

Facebook Clams Up After Meeting on Privacy

Facebook_logo.jpgAs we reported yesterday, Facebook’s high and mighty summoned unto them their employees, to talk about the savage beating they’ve been taking in the media, on blogs and among users, big and basic. The meeting, held at 4:00 pm PST has produced no audible results … when we asked a Facebook spokesman about the meeting we got the same boilerplate as every other organization:

“We have an open culture and it should come as no surprise that we’re providing a forum for employees to ask questions on a topic that has received a lot of outside interest.”

But wait, there’s more:

In an e-mailed statement to Computerworld, Facebook spokesman Andrew Noyes said, ‘We had a productive discussion where comments were made and questions were asked and answered” … Noyes declined, however, to say if the social networking giant made any decisions about changing its contentious privacy policies or if the meeting was simply to allow employees to ask questions about the brouhaha that has arisen over them.

***

Looks like Facebook is trying its level best to screw things up here. See, they were on top for some time. Reduced Friendster into a trivia question, and stripped MySpace of all relevance.

Facebook became the only game in town.

When you’re the only game in town, you get caught up in Hubris real easily. And as the ancient Greeks so tiresomely remind us, that’s when Nemesis hands you your bee-hind. 

Oh, yeah. I have not restarted with Facebook. Nor do I plan to. I’m sure my old Facebook friends would understand, and it’s not like social media is the only way we keep in contact.

###