

Why Facebook is never safe - bootload
http://newmatilda.com/2012/01/23/why-facebook-never-safe

======
pron
Oh those poor, poor sheep. It's funny how eagerly people are willing to give
up their privacy and freedom for some marginal benefit. And Facebook's dangers
will always vastly outweigh its meager benefits. A relative of mine was just
denied residency at a prestigious hospital when the admissions committee found
out through Facebook that she has children, and there are numerous other
examples. And the root of the problem is more than Facebook's monopoly or
terrifying business model; these will be somewhat mitigated when its services,
which have proven so far to be essential, will be commoditized (just like
e-mail) by the wonderful Diaspora* and others like it. The root of the problem
is people's willingness to expose themselves. And maybe I'm wrong, and it's
not a problem at all but a cultural shift, or maybe even a necessary outlet
for a human desire that's always been there.

What I am certain of is that Facebook's IPO comes at a time of peak-Facebook.
The ridiculous valuations Facebook and other web companies, and the outlandish
profit multipliers analysts bestow on them never cease to amaze me. When
companies grow so quickly it's hard to know when something really mirrors a
true market shift or is just a fad. And even if it's not a fad, competitors
can disrupt the market just as easily. After all, if investors expect
upcommers to succeed so quickly, it must surely mean that they expect
"established" companies to fail just as quickly; you can't have it both ways.
Who could have predicted five years ago that Facebook will pose such a threat
to Google (search)? Search seemed like it will forever be the preferred method
of finding things online. And so will Facebook be displaced (or squeezed) by
something new that comes along, or its product commoditized and Facebook
turned into AOL circa 1994. The whole web economy is built on black swans
(<http://en.wikipedia.org/wiki/Black_swan_theory>).

But whenever Facebook's inevitable market decline arrives (and it will happen
quite soon), the question remains whether people's extroversion or naivete
will continue to be fodder for web corporations. I would like to hope that
with time and with the proper lessons learned, this behavior, too, will
decline.

Good article, BTW.

~~~
baha_man
"A relative of mine was just denied residency at a prestigious hospital when
the admissions committee found out through Facebook that she has children..."

Would you care to elaborate on that?

~~~
pron
Well, I don't want to give too much information because that's a very well
known hospital in a major US city, but after the interview, a contact of hers
on "the inside" told her that he'd heard the interview had not gone that well
because the panel didn't like that she was too concerned with the work hours.
She, of course, never mentioned or asked anything about the hours (she's too
smart for that), but then remembered that one of the interviewers told her
that he'd looked her up online. She appears in her Facebook profile picture
with her two small children. And it's a well known fact among young doctors
that that particular hospital, an many other like it, does not care to hire
residents with young children, esp. female residents.

~~~
artmageddon
I thought employers weren't allowed to ask about age, religion and family
situations. I realize that finding it on Facebook is not the same as asking,
but it strikes me as pretty shady if not a little overreaching. I could be
wrong, though.

~~~
a_a_r_o_n
That's the beauty of Facebook, you get to find the answers to all kinds of
illegal questions. Collateral information, if you will.

------
ddw
People in this thread are asking for ways that Facebook is used by third
parties.

How about future credit checks based on your network of debt-ridden college
friends?
[http://www.pcworld.com/article/246511/how_facebook_can_hurt_...](http://www.pcworld.com/article/246511/how_facebook_can_hurt_your_credit_rating.html)

How about health insurance claims?
[http://www.cbc.ca/news/canada/montreal/story/2009/11/19/queb...](http://www.cbc.ca/news/canada/montreal/story/2009/11/19/quebec-
facebook-sick-leave-benefits.html)

How about investigations?
[http://en.wikipedia.org/wiki/Use_of_social_network_websites_...](http://en.wikipedia.org/wiki/Use_of_social_network_websites_in_investigations)

Skeptics will say "just don't do anything wrong and you'll be fine." But what
about civil disobedience, like the Occupy movement? What about when the
definition of "wrong" changes? What about when the information is used not to
implicate you in something, but just learn more about your activities?

I think eventually this will become a big enough issue with some event (maybe
a popular crime case in which the defendant is perceived to be innocent but FB
data is used to implicate him/her) that the general public is appalled and
will try to delete their data. But by then it'll be too late.

------
Alexx
Just out of interest, as I've never come across many examples, can anyone give
me some rock solid examples of what scary stuff facebook / a 3rd party could
do with my data?

I'm in the UK. I post an update roughly once ever 3 months, usually a photo
from my phone. I have around 100 friends. I'm tagged in a handful of photos,
some geotagged. None of any particular interest. My about me section has some
basic information on my home city. I do however have chat history with a few
people.

My privacy settings are all on the maximum, so no one public can see anything
without being my friend, nor am I in search results. I block facebook outside
of facebook.com.

I always feel like if a corrupt entity (lets say the government) wanted to
'take my freedom' then my email, skype, public paperwork (property ownership
records etc) and bank statements etc would be of much greater benefit? Most of
the 'facebook data is bad' stories at the moment seem to revolve around people
with poor privacy settings and job interviews etc.

If your of the mindset that if the current government collapses and you end up
with an extremist regiem in place, then a list of people you met over the last
few years might be useful. But I'm not really in that camp, and my email
address book or skype logs would be more accurate anyway.

I'm not saying facebook data isn't a bad thing; I'm just wondering what
concrete things could happen?

~~~
pron
Well, besides your data being sold to advertisers (which may give you a creepy
feeling but not much more), the friend list for most (all? I'm not that
familiar with Facebook) Facebook users is public, and a lot could be learned
from that alone.

By canvassing you friends list, and your friends' lists and the way different
lists intersect, it's often very easy to know who are your, say, school
friends, and who are your work friends. It is also quite easy to find out who
your close friends are, and whom you only know in passing or have fallen out
of touch with.

Using that information, I could introduce myself (online or offline) as a
friend of one of your not-so-close friends. Then, it would be quite easy to
gain your confidence. I could use you trust to get something directly out of
you, or I could gain your trust just enough to friend you on Facebook (under a
false identity) and pass your information (which is no longer so private) to a
third party that has hired me to follow you.

~~~
Alexx
I have read about people doing such things as 'proof of concept' type attacks
indeed. However it requires that you have your privacy settings to public.

No information on my profile is public. You must set your friends to public,
mine are set to 'me only', so even my friends can not see them (always
wondered why anyone would set it to anything else!). Were you to friend me I
would not accept as I don't know you. So this attack would not work.

It highlights the point about 'public' facebook data though, which many users
are very lax with, but provided you take the steps to contain your data is not
a concern. This is more about social engineering than facebook doing any scary
with your data on a 3rd party / government level. The same 'job interview'
situation can arrise from a blog, a forum or any service with public URLs.

~~~
rkudeshi
One of Facebook's redesigns a while back made everyone's friend lists public
with no option to hide it. Have they since reverted that?

------
lignuist
I wonder, if there are any known cases, where people did not get a particular
job (or experienced any other disadvantage), because they had NO facebook
account.

Personally I don't own a facebook account and any request to facebook from my
computer is blocked, since they introduced their like button. In my world it's
very much like facebook doesn't exist at all. The only disadvantage I
experience is, that I'm locked out of some websites, which require a facebook
account for log-on (stupid, if you ask me).

~~~
a_a_r_o_n
"Personally I don't own a facebook account"

Neither does anyone else.

~~~
lignuist
Well, maybe Mark Zuckerberg does. :)

------
mohene1
The article is appealing. I think it can become better by using several
arguments in case privacy does not resonate with a reader (e.g. financially
exploiting personal information, building stronger social relations, how other
countries use facebook alternatively), and listing viable middle-ground
solutions (using aliases on facebook).

Example Solutions

1.Dont use your real name

In Mexico, many people do not use their real names on Facebook partially
because names (Jorge, Paula, Arturo, Pancho, Gomez, Ramirez, Rodriguez) are so
common and using an alias makes it easier to find people.

2.Dont use your real information

I dont use my real info on facebook. My real friends should know my birthday
and where I live.

3.Use privacy settings so strangers can not view your personal life.

I say this because, I quit facebook, then realized how popular it is as a form
of communication these days for some demographic groups. I like letters and
postcards, but I realize that's my preference

~~~
spacemanaki
If you follow all 3 of those things, it would make it almost impossible for
someone you just met to find you on FB. Unless you explain in person what your
FB strategy is. Basically if you did all those things, at that point you might
as well not use it at all. (I no longer have an account)

~~~
ajdecon
I follow a similar strategy; but for me, 98% of Facebook usage is keeping in
touch with people I've known for years, but are geographically distant. They
know my nickname, they know how to find me, and FB does in fact help us keep
abreast of each others' lives pretty well. (Photos, life events, amusing
anecdotes...)

On the very rare occasion I add someone new to Facebook (1/month max) it is
not difficult to say "I'm on Facebook as Nickname. My work e-mail address is
not connected, use specialized-address." It requires about a minute's out-of-
band explanation, but so what? I have no interest in being friended by random
strangers.

------
GigabyteCoin
I have something to add to the FUD statement "What’s the greatest database of
Jews on the planet? Facebook."

...

"Why could the holocaust never, ever happen again? Facebook."

Try systematically killing 10 million+ people when their relatives can't poke
them on facebook anymore.

People would catch on pretty quickly I think.

~~~
pron
Uhhh, I don't think the holocaust happened because people weren't noticing.

~~~
ImprovedSilence
Correct me if I'm wrong, but I thought that at the time, most of the outside
world wasn't noticing? (or at least pretending not to notice?)

~~~
joering2
i think you wrong. it wasnt about "noticing" and besides if you notice what
you are going to do? you can notice Wall street movement but did you and
EVERYONE else joined? during WW2 most countries were busy fighting or
preparing to fight with aggressors. on the other note, if you dont live in US
but in one of country where abortion is illegal and assumed a human killing,
you can notice 50,000 abortion done in China every day. Thats 15 million
abortions a year, more than holocaust claimed. Do you see everyone "noticing"
and doing something about it?

~~~
ImprovedSilence
You have valid points with your abortion point in that it's very often about
perception of right and wrong. But it looks like the U.S. at least didn't
"know" until a year after they entered the war[1], but even when they did, it
appears that they had reservations about acting on it[2] (ie, do you bomb
Auschwitz and kill the current prisoners to prevent future prisoners from
being gassed there?)

[1]
[http://www.ushmm.org/research/library/faq/details.php?lang=e...](http://www.ushmm.org/research/library/faq/details.php?lang=en&topic=01#06)

[2] <http://www.ushmm.org/wlc/en/article.php?ModuleId=10005182>

------
tigerweeds
Yeah, well I always tell people I know how FB use their data etc., and they
reply "but how does FB actually affect me??!?! I'm not a public person, I'm
nobody! So what if I share all my family pictures?! FU! don't tell me about
privacy, you paranoid!"

People need more awareness.

~~~
StavrosK
That's a good question. How _will_ sharing their data influence the average
person?

------
dmoy
Relevant comedic relief: [http://www.theonion.com/video/cias-facebook-program-
dramatic...](http://www.theonion.com/video/cias-facebook-program-dramatically-
cut-agencys-cos,19753/)

------
joejohnson
What about the opposite: I need to use Facebook for my job, but I would prefer
to not even have an account. I hate Facebook, but am forced to use it, or
switch jobs :(

~~~
rwallace
Surely you can then use it _only_ for your job, and post only work
information, no personal information?

------
darksaga
I found it interesting Appelbaum was so concerned about the government
intrusion and collecting of personal data, yet spends several paragraphs about
all the regulating the government should do to keep people safe.

Unfortunately, you can't have it both ways. Either government is a part of it
and you take your chances with the possibly they over-regulate and use the
data for harmful purposes. Or, you just let free market economics handle it
and keep the government out of it entirely.

~~~
pron
No, you can, and often do have it both ways. I know Americans often treat
their government as some kind of foreign entity, but in Europe and other
places as well, people see the government as truly representing them. What you
said sounds to me like, you can give parents control over their children and
hope they don't abuse them, or you can let children retain control, but you
can't have it both ways. Well, no. You can trust and demand the government to
have the best interest of its citizens in mind, just like you can demand and
trust that of parents. I realize that in some parts of the American political
spectrum this sort of thing is hard to grasp, and I don't want to get into
what is a peculiarly American political argument, but you should know that in
most democratic countries people often view their own government very
differently from Americans. They demand certain things of their government and
can trust it to behave a certain way, and if it doesn't - they punish it.

In short: there is such a thing as good government (which, sadly, the American
democratic party doesn't stress enough).

~~~
edderly
(As a European) I think it's an exaggeration to say it's a common view that
the government truly represents them. However, there also isn't a shared faith
that corporations will do the right thing automatically, or there is more
cynicism about the 'free market'.

------
janlukacs
I just don't use it. The result? More time to do stuff that matters.

~~~
lena
Me too, but I noticed the other day that you can only save your progress at
Khan Academy if you sign it with either Google or Facebook. That stung. I
don't want to sign up for a social network, just to save my progress on a math
course.

~~~
julian25
I agree. I have always steered away from sites that require "facebook
connect." I'm worried one day many more sites that I use daily require
Facebook, which I don't use.

------
Karunamon
FTA: (the govenrment) shouldn't endorse Adobe.

Um.. is this guy aware that the spec for PDF has been open for a long time?
Using PDF isn't endorsing Adobe any more than using MP4 is endorsing the
motion picture experts group.

------
nn2
facebook is for sheep

------
shareme
If you really want to mess with those who choose to violate privacy and other
laws whether its corporate idiot or your government..you will figure out that
you can fake profiles and data attached to them..

You know how easy it is to fake meta data in a camera image?

The possibilities to make the FBI or CIA or some corporate private
investigator look very stupid are endless..

Shall we play a game or two with them and expose their own stupidity? Why not?

It would be the perfect hack and best part non-one gets hurt but we do a great
public service..

~~~
Cadsby
"The possibilities to make the FBI or CIA or some corporate private
investigator look very stupid are endless.."

You can try to mess with the FBI, CIA or any other three letter agency if you
want, but I wouldn't recommend it.

