You are browsing the archive for Facebook.

by msmolly

Over Easy: …one more thing

6:45 am in Uncategorized by msmolly

Not facebook not like thumbs down

(Dis)Like Button

A certain Over Easy crew member and commenter (ahem, BoxTurtle, ahem) likes to remind us that “If you’re getting it for free, YOU are the product.” That has never been more true than with Facebook.

Where Does Facebook Stop and the NSA Begin?

Facebook’s business model’s governing premise is that our personal information does not actually belong to us. No matter how often the company is told (including by the FTC) to stop using our personal information in ways we didn’t authorize, it keeps coming up with new ways to do just that.

Facebook founder Mark Zuckerberg asserted back in 2010 that people have become more comfortable sharing private information online and no longer have an expectation of privacy.

People have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people. That social norm is just something that has evolved over time.

We now know that by 2010, Facebook (along with Google, Microsoft, Apple, and others) was collaborating with the NSA’s PRISM program that swept up personal data on vast numbers of internet users. Had we all known, would we have “really gotten comfortable” with that?

Then not long after Zuckerberg declared that we don’t care about our privacy any more, Facebook had to promise it would stop putting our picture in ads targeted at our “friends.” But in August that promise evaporated when Facebook “clarified” its right to do with your photos (and those of your family) whatever it wants (or finds profitable) to do.

The company has a long track record of failing to keep their promises about your privacy.

Facebook Settles FTC Charges That It Deceived Consumers By Failing To Keep Privacy Promises

The social networking service Facebook has agreed to settle Federal Trade Commission charges that it deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public.

The 2011 settlement barred Facebook from making additional deceptive privacy claims, required it to obtain consumers’ approval before it changes the way it shares their data, and required it to obtain periodic assessments of its privacy practices by independent, third-party auditors for the next 20 years.

Where Facebook Went Wrong

The agency’s 8-count complaint boils down to this: Facebook’s privacy practices often flew in the face of its stated policies and, as one count alleges, the company made significant retroactive changes to its privacy practices, without getting users’ consent.

Now comes the latest: in the last couple of weeks, Facebook analytics chief Ken Rudin told the Wall Street Journal that the company is experimenting with new ways to suck up your data, such as “how long a user’s cursor hovers over a certain part of its website, or whether a user’s news feed is visible at a given moment on the screen of his or her mobile phone.”

I am increasingly disenchanted with Facebook. My son told me if I wanted to keep up with my grandkids, that’s where they are. But the college kid posts almost nothing but stuff about his “metalcore” band, the HS senior almost never posts anything, and my freshman granddaughter either has her settings such that I don’t see posts (for awhile they were frequent and inane), or she’s grown bored with Facebook. The 5 younger grandkids don’t have Facebook (yet). From friends I see lots of political stuff and photos of fingernails with Halloween designs and rarely anything worth seeing. I get into arguments (that I can’t win) with right-wing friends who rant about Obama and the ACA. This latest revelation tempts me to just abandon Facebook altogether. I’m not sure I’d miss anything.

by msmolly

Over Easy: …one more thing

7:45 am in Uncategorized by msmolly

Snooping dog

Snoop dog!

Surveillance notes from all over, for your Friday morning indigestion.

Did you know that J. Edgar Hoover and the FBI relentlessly pursued Dr. Martin Luther King?

The Dark Side of “I have a dream”

FBI agents placed bugs in King’s hotel rooms; they tapped his phones; they bugged his private apartment in Atlanta. The surveillance collected conversations about the civil rights movement’s strategies and tactics—and also the sounds of sexual activity.

If you had trouble getting to the NYT or using Twitter this week, it was because they were hacked by a Syrian group.

MelbourneIT, an Australian Internet service provider that sells and manages domain names including Twitter.com and NYTimes, said on Tuesday the credentials of a reseller had been used improperly to change domain settings and hack into sites including the NYTimes.com.

Facebook released its first Global Government Requests Report, and guess which country is #1 in the number of requests for information about Facebook users?

Kevin Drum observes:

…the real takeaway from this chart is that the United States isn’t really very unique in its desire to spy on people. When you adjust for their smaller size, Germany, France, Italy, and the UK are all in the same league. These countries may not intercept phone calls on the scale we do, but if Facebook nosiness is any clue, that’s only because they don’t have the technical capability, not because the idea outrages them.

It’s not just the NSA (but we knew that)…
Data Brokers Amass Detailed Profiles on Everyone Online

The excellent Wall Street Journal series, What They Know, provides a feel for what these databases can mean for people. One story was about Linda Twombly, a 67-year-old woman who, when surfing the Internet, was flooded with ads for Republican candidates leading up to the 2010 primary elections. The Journal revealed that RapLeaf Inc had a profile on her that included her full name and identified her as a conservative who was interested in Republican politics and the Bible, and donated to political and environmental causes. “Holy smokes,” she said. “It is like a watchdog is watching me, and it is not good.” The Journal found that RapLeaf’s profiles included such sensitive information as a person’s household income range, age range, and political leaning; the gender and age of children in the household; and personal interests in topics including religion, the Bible, gambling, tobacco, adult entertainment, and “get rich quick” offers.

And this week we learn that The Scariest Thing About NSA Analysts Spying On Their Lovers [LOVEINT] Is How They Were Caught

So not only can the public add LOVEINT to the list of abuses by government workers with access to government databases, but lack of security mechanisms also means that nobody truly knows how widespread the abuses have been.

I feel safer already. Don’t you??

by msmolly

Over Easy: Friday Free for All

7:45 am in Uncategorized by msmolly

Cat peeking from couch

Before I dive in to this final post on Internet security and privacy, I’d like to point you to a U.S. government website I discovered only this week, OnGuard Online, that contains a lot of useful information about Internet safety. If you’re interested, you might investigate and bookmark it for later exploration.

I want to conclude this series by talking a bit about anonymity and something known as “reidentification.”

Promises of anonymity can be misleading and are anything but absolute guarantees. In a 2000 study, Latanya Sweeney determined that a voter list could be correlated with medical records at a rate of 87 percent, using only three pieces of demographic data: sex, ZIP code and birth date. This enabled anyone with some technical skills to link the “anonymized” medical data to a particular name. The term for this linking is reidentification.

The Electronic Privacy Information Center (EPIC) defines reidentification as

…the process by which anonymized personal data is matched with its true owner. In order to protect the privacy interests of consumers, personal identifiers, such as name and social security number, are often removed from databases containing sensitive information. This anonymized, or de-identified, data safeguards the privacy of consumers while still making useful information available to marketers or datamining companies. Recently, however, computer scientists have revealed that this “anonymized” data can easily be re-identified, such that the sensitive information may be linked back to an individual. The re-identification process implicates privacy rights, because organizations will say that privacy obligations do not apply to information that is anonymized, but if the data is in fact personally identifiable, then privacy obligations should apply.

At Tech.Pinions, Steve Wildstrom writes,

For the past several years, a highly technical but very important debate has raged among privacy experts: How easy is it to identify an individual from a collection of data that supposedly lacks personally identifiable information?


A centerpiece of the debate is a 1997 incident in which Latanya Sweeney, then an MIT graduate student and now a computer scientist at Harvard, identified the medical records of Massachusetts Governor William Weld from information publicly available in a state insurance database. The incident led to important changes in privacy rules for medical information, especially under the Health Insurance Portability and Accessibility Act (HIPAA), and 15 years later it is still influencing the debate over data privacy.

By default, browser and mobile software don’t protect against the collection of data. Only a small fraction of Internet users install simple but powerful browser add-ons such as DoNotTrackMe or Ghostery to prevent tracking via cookies on personal computers. Even those can’t prevent the many other forms of tracking, and mobile devices don’t allow their installation in any case.

There is no regulatory infrastructure set up to monitor collection, aggregation and trading of consumer information. Privacy laws are no guarantee of anonymity. For example, despite HIPAA, it isn’t too difficult to determine a lot about an individual’s health and medical history just by looking at his or her routine purchases and activities. If the amount is large enough, collected and aggregated non-confidential information can violate privacy every bit as much as disclosure of confidential information does. Resistance to aggregation of our information has been mostly temporary — and mostly focused on a particular instance du jour that makes headlines.

Back in 2007, Facebook launched Beacon, which allowed them to put an invisible “bug” on websites of its more than 40 “partners” (among them Sony Pictures, eBay, Epicurious, the New York Times, and Travelocity) that allowed Facebook to see everything its users did on the partner sites, and associate that activity with their Facebook accounts, whether or not they were logged in. When someone purchased an item from Overstock.com, for example, that purchase would appear on the person’s Facebook wall, and in the News Feed of that person’s friends. Facebook users were opted-in to Beacon without being asked, and had to manually turn it off. After an outcry from Facebook users, Beacon was shut down in October, 2009, and Facebook subsequently settled a class-action lawsuit in 2012 for $9.5M that alleged Beacon breached federal wiretap and video-rental privacy laws.

But Facebook didn’t abandon Beacon’s goals. Using “like” buttons, requirements for registration to comment at online publications with your Facebook ID, and installing third-party cookies, Facebook still can monitor lots of your online activities that Beacon was supposed to capture. And we consumers still mostly aren’t aware of this monitoring.

Data collection without consumer notification now is the norm in Internet commerce. Facebook also has drastically weakened its privacy policies several times, each time making more user information less private — by default. The Electronic Frontier Foundation published a timeline (unfortunately, current only as of 2010) of Facebook’s Eroding Privacy Policy. And as of January 2013, Facebook is at it again, launching Graph Search to allow users to search and filter through friends, friends of friends, and even total strangers’ activities, likes, and interests.

On Facebook, things are more available by default than people may think. But even beyond specifically public settings, actions and photos that were once lost in the “sands of Timeline” are now more easily discoverable by strangers with loose ties, forcing us to reassess what we actually think is private and what is not.

There are many more examples, but I think you have the idea, so I won’t belabor it. Reidentification and collection of our personal information happens every time we go online. I urge you to be careful online, to install tracking blockers, and to adjust your Facebook privacy settings and then review them often. A good guide is here. Websites like the Electronic Frontier Foundation provide a wealth of information on staying safe online.

As always, please feel free to discuss this, or any other topic, in the comments. It’s Friday Free for All!

Read the rest of this entry →

by msmolly

Over Easy: Friday Free for All

7:45 am in Uncategorized by msmolly

Facebook Cat How many of you use the same logon ID and password for more than one online account? Do you working folks have your password written on a sticky note inside your desk drawer or taped to your monitor? Who uses a password that’s a word in the dictionary, your birthday month, a favorite sports team, a spouse’s or child’s name, your street name, your family pet? If you’ve switched email providers (for example, from Hotmail to Gmail), did you simply abandon your old account without deleting it? And don’t even get me started on what people do on Facebook!

I do so much electronically that last winter when I lost connectivity for a few days, I was nearly frantic thinking of what I couldn’t get at. I do all of my banking online, receive and pay all of my bills, prepare and file my income tax returns, keep my appointment calendar, make many purchases on Amazon or eBay, pay for them with PayPal, and communicate with friends and family via email or Facebook. I wouldn’t have it any other way now, but it requires a higher level of cyber-awareness and personal protection.

Although my career was in information technology, I confess I was, until recently, guilty of some of the things I asked about in the intro. A couple of hacking incidents last summer, affecting Wired’s Mat Honan and The Atlantic’s James Fallows, with devastating results that received a fair amount of publicity, made me wake up to how exposed I was. I promptly took precautions to make my online activities much more safe. It is impossible to be totally safe online, but we can make it considerably more difficult for someone to gain access to our personal information, just by investing a bit of time and effort. Here are some Web sites with good information (and I hope your eyes don’t glaze over with too much geekspeak).

Protect Your Privacy Online has definitions of common cyber security terms, and lists several suggestions for protecting yourself (and your children) from online predators.

Follow some simple guidelines for creating and managing your passwords. We have finite brain cells to keep track of multiple logon IDs and passwords, so consider using a password manager like LastPass (free and very secure) to generate complex passwords and keep track of them for you. And then protect your LastPass “vault” with a complex password/passphrase. I’ve used a memorable (to me) four-word phrase, substituted numbers and symbols for many letters and used a combination of lower and upper case to “spell out” the phrase. It’s probably not hack-proof, but it’s pretty darned secure.

Two-factor authentication provides an extra level of security, because it requires two different means of identifying you before permitting access to your accounts. It uses both something you know, like a password or PIN, combined with something you possess, like your cell phone. After you enter your password, you’ll receive a code on your phone via text message, and only after you enter the code will you get into your account. You can now use two-factor authentication to protect your password manager software, your Facebook and Google/Gmail accounts, and several other places you’re vulnerable.

If you use Facebook, “like” Facecrooks and you’ll be kept current on Facebook scams, privacy concerns, etc. One of their best posts recently is How to Lock Down Your Facebook Account for Maximum Privacy and Security. Since Facebook seems to tweak things regularly that affect your privacy, it’s a good idea to check your settings frequently. And if your offspring are teens who use Facebook, make sure they have their accounts protected, and do insist that they give you full privileges to see what they’re posting! I discovered that my college-freshman grandson had a very naive understanding of what can happen to his Facebook posts! (“But Grandma, only my FRIENDS could see that!”)

Get Safe Online has a wealth of information (do hover your cursor over the topics across the top of the page).

Hopefully if you’ve followed even a few of the links, you’re prepared to tackle making your cyber life more secure. And feel free to ask questions or share experiences in the comments. This is, after all, Friday Free for All!

Photo: Wikimedia Commons Creative Commons Attribution 2.0 Generic license. Author: olga.palma

by msmolly

Over Easy — Friday Free for All

4:55 am in Uncategorized by msmolly

Photo by Rich Kaszeta under Creative Commons license.

Good Friday morning, Firepups. Fridays will be a grab bag of what I’ve been reading, what I’ve been mulling over, an occasional rant, current events, and a standing invitation to put in your two cents. As our Suzanne likes to say at Late Late Night, “Off topic IS the topic” — so come join in.

Here’s what’s on my mind this morning:

A choice that men will never have to make.

Matt Taibbi — always worth reading!

Helen visits the zoo at Fox News and tells Margaret all about it. The animals are in cages and not so scary.

Apparently Facebook wants to organise our relationships. What could possibly go wrong?

My local classical station starts playing Christmas music at Thanksgiving and then plays it exclusively starting about two weeks before the holiday. I’ve written them to suggest that many in their listening audience don’t celebrate Christmas (Muslims, Jews, etc.) and might like some variety, but I got a polite lame response and they continue. They still play Christmas music after Christmas until at least New Years. And Kohl’s started playing Christmas music in their stores on November 1st. I am sick of it already!! (I told you there might be a rant!)

Nordstrom has the right idea! They post this sign in their store windows at this time of year.


My recollection is that they curtain their store windows and “unveil” them that Friday morning. As you might expect, they’re usually lovely.

I’m having a toasted Asiago cheese bagel with a generous schmear. What’s your pleasure this morning?