Wednesday, December 16, 2009
















While covering Facebook's systematic elimination of privacy, we've been deluged with questions from readers asking how to restore certain Facebook privacy protections. Sadly, many such settings appear to be lost forever. Here are the most glaring examples.
1. Hide group and page memberships
Facebook changed its formal Privacy Policy to say that "pages you are a fan of... and networks" are now totally public information (along with many other things). There's apparently no setting to shield page and network data, which leads to terrible situation like this one, sent in as a reader plea:
All of a sudden my grandmother can see that I belong to the Queer Graduate Student Union and Open Relationships Networking Group. Please help. I can't bring myself to de-friend my grandmother!
2. Block Facebook activity from appearing on your wall
There used to be a setting that allowed users to prevent Facebook activity from automatically showing up on their Facebook wall, thus blocking updates like "John commented on Jane's picture," "John is now friends with Bob," "John is attending Uber Gay Circuit Party 2010," etc. This setting is apparently gone, and you have to remove such notices one at a time.
Writes one tipster:
It is extremely annoying not to mention a complete tell of how often I use Facebook during work hours:)
3. Prevent strangers from friending you
It used to be you could keep non-friends from sending you a Facebook friend requests, although they could confirm. That's not the most, well, social way to use a social network, but judging from our email, it was a frequently used and valued feature. Wrote one Gawker regular:
Before the changes I wasn't searchable on FB and hence friended only those I wanted to friend, in essence, I would initiate the request. But... I am now getting friend requests from people I don't know, or worse, from people I know but I don't want to befriend on FB...
Facebook now makes you offer the "Add friend" option to all friends of friends — you can't restrict any tighter than that, so strangers can still send you friend requests. Screenshot (click to enlarge):
4. Completely hide friends list
Your friends list, too, is considered public information. Though you can remove it from your profile, you can't keep friends of friends from seeing it. They just have to pull up one of your friends' friend list, click you name, and view your friends list.
Writes one reader: "Many of us are concerned, seeing as how there are thousands of people faced with the threat of stalkers." Another, right on cue:
I have been dealing with a deranged, threatening stalker... There is no way of keeping your Friend list private... I have been obsessively reading about this topic [overall Facebook privacy]... To say I'm outraged is an understatement.
We thought Facebook might be improving this, but we continue to receive emails like these, and Facebooks written Privacy Policy still states that friends lists are now public information.
5. Block Wall announcements that you've been tagged in a photo
You can keep photos of yourself out of the "Photos" tab on your profile, even if they've been uploaded by other people. But it seems you can't block from your Wall announcements that you've been tagged in someone else's photo , which sort of defeats the purpose: It leaves your profile as a very convenient central location for any incriminating pictures of yourself.
You can remove each notification manually, but that becomes a game of whack-a-mole.
Wrote one Facebooker:
I've already blocked everyone from viewing photos that I'm tagged in, but I'd prefer that my friends not even see that I've been tagged in the small preview photo that gets posted to my wall every time someone tags me.
UPDATE: According to a helpful tipster, this can be disabled by going to the Settings menu at the top right of your Facebook home page, then to "Application Settings," then the "Photos" application, then click "Edit settings." Then click the "Additional Permissions tab," and there is an option to "Publish to streams." Uncheck this. Like so (click to enlarge):
And more, we're sure
We'd love to be wrong about any of these privacy rollbacks, so if you know of settings or workarounds we've overlooked, do email us at tips@gawker.com. Conversely, if we've left out a lost privacy option you feel strongly about, let us know about that, too.
Facebook CEO Mark Zuckerberg (pictured) originally said his social network's privacy changes were intended simplify and enhance the privacy experience on the site. Judging from our inbox, it would seem he's achieved neither.
Send an email to Ryan Tate, the author of this post, at
Rot13.write('elna@tnjxre.pbz');
ryan@gawker.com.
The implications of Facebook's recent privacy rollback will likely take months to reveal themselves. But it's already clear they go beyond Mark Zuckerberg's stash of intimate pics; we're already starting to learn new things about Hollywood celebrities.
Take Angelina Jolie, for example: Did you know the sought-after actress has just 27 Facebook friends, and they're almost all A-listers? Talk about a meticulously curated list:
Then there are the surprising affiliations. Will Smith, for example, is a member of the Facebook page "Jesus Daily," which posts bible quotes from Jesus each morning, even though the actor has made repeated donations to groups affiliated with the Church of Scientology; echoes the cult's "spiritual physics" rhetoric; has set up a middle school staffed with Scientologists; and has said Scientology is filled "brilliant and revolutionary" ideas. Smith was raised Baptist and has insisted he takes ideas from multiple religions. A look at his page (click to enlarge):
And you can send direct Facebook messages to a surprising number of celebrities, right from the "Send message" command in the upper left corner of their profiles, though it's not clear to what extent, if any, this has been affected by the new privacy framework, since some celebrities, like Tobey Maguire, still have messaging turned off. Some who have it enabled:
Angelina Jolie
Brad Pitt (aka Bradpitt Bp, via Angelina's profile)
Orlando Bloom
Tom Hanks
Robert DeNiro
Sean Connery
Julia Roberts
More, we're sure, to come.
(Top pic: Jolie, giving an interview to NBC's Matt Lauer in 2008, via INF)
Send an email to Ryan Tate, the author of this post, at
ryan@gawker.com.
Thank you Ryan Tate and Gawker.com
Personal details of Facebook users could potentially be stolen, the BBC technology programme Click has found.
The popular social networking site allows users to add a variety of applications to their profile.
But a malicious program, masquerading as a harmless application, could potentially harvest personal data.
Facebook says users should exercise caution when adding applications. Any programs which violate their terms will be removed, the network said.
Stealing details
Facebook is the darling of the moment, allowing friends to stay in touch, post photos, and share fun little games and quizzes. And it also lets you keep your details private from the rest of the world. Or at least that is the implication.
We have discovered a way to steal the personal details of you and all your Facebook friends without you knowing.
We made up the fictitious profile of Bob Smith. He keeps most of his details on his profile private from non-friends.
While we could not get all details, what we did get, included his name, hometown, school, interests and photograph, would certainly help us to steal someone's identity.
Mining data
So how did we do it?
Using a couple of laptops and our resident coder Pete, we created a special application for Facebookers to add.
One of the reasons Facebook has become so popular so quickly is because of the wealth of applications users can add to their profile pages.
Little games, quizzes, IQ tests, there are thousands of them available. And once you have added an application, your friends are encouraged to add it too.
Anyone with a basic understanding of web programming can write an application.
We wrote an evil data mining application called Miner, which, if we wanted, could masquerade as a game, a test, or a joke of the day. It took us less than three hours.
But whatever it looks like, in the background, it is collecting personal details, and those of the users' friends, and e-mailing them out of Facebook, to our inbox.
When you add an application, unless you say otherwise, it is given access to most of the information in your profile. That includes information you have on your friends even if they think they have tight security settings.
Did you know that you were responsible for other people's security?
Security
Now, many applications do need access to your details, in order to work properly.
We do not know of any specific application which abuses user information, apart from ours.
But the ease with we created our application has many people worried. If it is being used you would not even have to use the application we created to become a victim, you would just have to be a friend of someone who has.
“ Morally, Facebook has acted naively ” Paul Docherty, Technical Director of Portcullis Security
Because these applications run on third-party servers, not run by Facebook - it is difficult for the company to check what is going on, whether anything has changed, and how long applications store data for and what they do with it.
Although Facebook's terms and conditions contain a warning that this could in theory happen, and offer the option to stop an application from accessing your details, many games and quizzes would not work if this option is engaged.
In fact, the only way we can see of completely protecting yourself from applications skimming information about you and your friends is to erase all the applications on your profile and opt to not use any applications in the future.
So has Facebook done enough to protect its users from identity theft?
Paul Docherty is the Technical Director of Portcullis Security, which advises several governments on IT security matters including British government.
He told us he believed that Facebook's terms and conditions stated on the site meant that Facebook had legally covered itself from any liability.
But he added: "Morally, Facebook has acted naively."
He said: "Facebook needs to change its default settings and tighten up security."
He also believes it would be difficult to secure the current system because so many third party applications are now in circulation.
Removal team
We put these concerns to Facebook.
It told us that it has an entire investigations team watching the site, and removing applications that violate its terms of use which would include our Miner application.
It also advises users to use the same precautions while downloading software from Facebook applications that they use when downloading software on their desktop.
Now, all this comes in the month that competitor MySpace opened up its application platform. However, it handles them differently - here all applications run on its own servers so it can see what they are up to.
MySpace also manually checks all submissions and rechecks them if authors wish to change the code. We were unable to create a similar threat to users' security using the MySpace system.
It certainly seems that Facebook's standard security settings are not sufficient to protect your personal information, and those of your friends.
Are you a Facebook user concerned about your personal details? Have you had your data skimmed?
Your comments:
I'm a Facebook user and although I've not been skimmed (I can't even know yet until something flags it) it's really scary to hear that this is possible with the ever number of applications in the site. Everyday I get about 20 requests to join/add different applications onto my profile and this news makes me want to remove all of them. Problem is, if you do remove them, then what are you going to do on Facebook? Give us more security features Facebook. Ralph Ofuyo, Nairobi, Kenya
The only data an application can "steal" is that which has already been posted to Facebook by the user themselves. Common sense dictates "anything" you put on the internet can be found by just about anyone. Mark, Dallas, Texas, USA
Perhaps the problem lies not so much with Facebook than with our banking system. If your date of birth and address are enough to get a credit card or a mortgage, no wonder this is being abused. Isn't this yet another sign that we need a better way to prove one's identity? Surely a national identity card would go a long way towards this - other countries don't seem to have these problems. Bob, Oxford
This is why I lie to Facebook about things like date of birth, setting them to be roughly there but not accurate enough. I tend to do this to any site that insists on having this information but I don't see the need for. Richard, Leeds, UK
I use Facebook on a daily basis to keep in touch with friends. I've gotten very tight with my security settings but it never occurred to me to worry about the applications that my friends and I have added. Thanks for the heads up! Kate K, Washington DC, USA
http://news.bbc.co.uk/2/hi/programmes/click_online/7375772.stm


0 Comments:

Post a Comment