Category: I Will Give You Security, If You Give Me Your Privacy…

So I’m checking out the web…applications, services and what-not and it just dawned on me….WHAT THE HELL IS EVERYONE DOING??? Every site that I went to and attempted to use their free services asked me to log-in in with my Facebook account….now at first site it seems innocent enough, but then went the screen popped up that said that the site would be able to have access to my friends, all of my personal information and all of my friends personal information….. :  (    what is this world now coming to. I see why they give their services and software away for free. They have a plethora of information at their disposal and in this day and age, information is power.  So no longer is Facebook the                           lone wolf  or shark  in this media game, its everyone with a website that is willing to jump on the bandwagon and actively attempt to secretly trade free services for personal information. They are no longer waiting for the consumer to come to them. They want ALL of your personal information and they want it NOW! The normal procedures would have been for the consumer simply fill out a basic online form with minimum information so that they could receive the free services. Now, they want all of your friends, pictures, personal data that would NEVER be shared with a site like that. And to top it off….the consumer doesn’t have to be logged onto the site in order for the hosting site to access the users personal info and friends info. THEY CANE DO IT WHENEVER THEY WANT TO!!! I don’t know about you guys out there, but this IS scary! They know more about you than you actually remember you do. Soon there will be nowhere you can hide. THEY WILL FIND YOU!!! Good luck people…..I am praying for you.

LONDON - FEBRUARY 03: (FILE PHOTO)  In this ph...
Image by Getty Images via Daylife

Privacy has become the watchword in social networking. We all worry about an invasion of our privacy, usually thought of as a direct release of confidential information or an indirect insight garnered by concatenating a lot of little separate pieces of information about us (e.g., knowing when to rob our house by noting travel plans or location of tweets).

Facebook is no stranger to privacy complaints. Despite its checkered past and flashpoint status, Facebook has no choice but to continue to test the boundaries of privacy — its business model depends on people divulging things about themselves. Its privacy policies have been gradually shifting, in ways users realize and in ways users don’t quite see or understand.

As an Electronic Frontier Foundation (EFF) post detailing the timeline of Facebook privacy policies concludes:

. . . the successive policies tell a clear story. Facebook originally earned its core base of users by offering them simple and powerful controls over their personal information. As Facebook grew larger and became more important, it could have chosen to maintain or improve those controls. Instead, it’s slowly but surely helped itself — and its advertising and business partners — to more and more of its users’ information, while limiting the users’ options to control their own information.

Recently, Facebook announced the Open Graph Protocol, which makes it easier for outside sites to share information with Facebook when visitors want to recommend a page.

On the heels of this new initiative, Technology Review interviewed Danah Boyd of Microsoft Research New England. Boyd is a social media researcher and a vocal critic of Facebook’s approach to privacy.

Facebook argues that social norms are changing, and the old definitions of privacy are outdated. Critics point out that Facebook itself is a major force in changing these social norms in its efforts to erode privacy to drive its business. As Boyd says:

I think the social norms have not changed. I think they’re being battered by the way the market forces are operating at this point. I think the market is pushing people in a direction that has huge consequences, especially for those who are marginalized.

We all inhabit multiple roles in life — employee, researcher, parent, spouse, child, friend, neighbor — and what may be fine in one role (sharing a long night with friends over drinks) may look completely inappropriate when seen by people expecting you to fulfill another role (boss, parent, spouse). Erosion of privacy erodes the bulwarks we expect between these, and that can make us nervous or prove embarrassing or awkward.

We’ve all seen religious, political, or social views of old friends and co-workers revealed on Facebook despite the fact that these views have never mattered to our relationships with these people and, worse, may make it harder to look at those people the same way afterward. You can’t unlearn the fact that Person A was just revealed as a Scientologist, for example.

As Boyd notes, it’s especially bad for teachers:

[Teachers] have a role to play during the school day and there are times and places where they have lives that are not student-appropriate. Online, it becomes a different story. Facebook has now made it so that you can go and see everybody’s friends regardless of how private your profile is. And the teachers are constantly struggling with the fact that, no matter how obsessively they’ve tried to make their profiles as private as possible, one of their friends can post a photo from when they were 16 and drinking or doing something else stupid, and all of a sudden, kids bring it into school.

Some reactions to these perceptions of privacy erosion are stronger than others. Some critics urge others to dump Facebook specifically, and accuse Facebook of nearly evil behavior. Business Insider has a list of 10 Reasons to Delete Your Facebook Account. They include:

  • Facebook’s Terms of Service are completely one-sided
  • Facebook’s CEO has a documented history of unethical behavior
  • Facebook has flat-out declared war on privacy

The essential message from the full list is that Facebook is trying to redefine privacy to suit its purposes — commercial purposes based on a plan to become the dominant force online.

Expectations for privacy are very high among the critics of Facebook. As Thomas Baekdal stated in his first rule of privacy:

I am the only one who can decide what I want to share.

In light of this very simple and reasonable rule, it’s tempting (and perhaps too easy) to say that these social networks must reflect social expectations and norms as they exist, and not try to shift them to suit their engineering preferences, business models, or tin-eared anthems of social media utopianism.

However, a recent paper in arXiv calculates a mathematical threshold of privacy for social recommendation engines, one that is probably lower than current social norms would accept. The authors believe their calculations indicate a fundamental limit on privacy in social networks, and show that the more people and recommendations that are present, the more this threshold moves toward a lack of privacy. In other words, to get social recommendations, we have to give up some of our privacy — and the more people who share and seek social recommendations, the less privacy there is. As the authors state it:

This finding throws into serious question the feasibility of developing social recommendation algorithms that are both accurate and privacy-preserving for many real-world settings.

Facebook is a flashpoint among social networks — being the leader, it’s on the forefront of criticism. But if this recent paper is correct, the genre itself may demand a change in social expectations of privacy among users. It may not be Facebook’s fault or Mark Zuckerberg‘s business cynicism at work. It may be reality, and the critics may just be scapegoating Facebook.

Perhaps Facebook’s sense of shifting social norms is right, informed by years of watching a major social network blossom around them. The trade-off their observations might have identified could be: If people continue to use and rely upon social networks, they are implicitly accepting a lower threshold of privacy.

Facebook to allow 3rd party access to users’ Home Addresses and Phone Numbers

Posted by Bradley Wint on 28/02/2011

Facebook has issued a response to Congressmen Edward Markey (D-Mass.) and Joe Barton’s (R-Texas) letter about their plans to combat privacy concerns when giving out private information to 3rd party apps, including data such as telephone numbers and home addresses.

In a 7 page letter, Marne Levine, Vice President of Global Public Policy at Facebook mentioned many times that users accessing 3rd party apps must first choose whether they want to give access to their information before using the app. If they are uncomfortable with data sharing, they can always reject the terms to avoid data being passed on to the 3rd party. Also, they are making efforts to bring more attention to the categories of data being accessed, so if users are concerned about their phone numbers or addresses being given out.

Even though a time frame wasn’t mentioned for the re-implementation of the additional data fields, it definitely will be coming soon.

Above you can see a sample of the current permissions gateway, highlighting what kind of data you are asked to relinquish to 3rd parties if you use the app. If you don’t want to give it up, then hitting the Don’t Allow button will take you away to the home page.

In the document, they also make mention of those under the age of 13, saying that persons in that category are barred from using the service all together and that all measures are being put in place to make sure they don’t bypass such requirement. With regards to those in the 13-18 bracket, they are considering limiting the passage of any information at all (or maybe limited information) to 3rd parties. If such a measure were to come in place, it could be a major blow for some applications geared towards teenagers.

With regards to users who are already part of applications for which they feel some level of discomfort, users are given total control of their data and if they wish to remove it, they simply have to get rid of the application.

It is unclear what other measures will be put in place for control of data, but I would have liked them to allow users full access to 3rd party apps with another permission gateway asking them whether they want share information or not.

One of the biggest problems with data sharing and this gateway is that many users don’t read the terms and conditions when using applications. They just quickly click through just to get to the program without really paying attention to how much access was granted to their personal information. Also, with so many rogue apps on the market, users could be sucked into joining an app through a false click or some other form of trickery.

There are a number of good app developers who develop legit applications, but users should also be aware that an equally amount of bad apps exist.

With regards to Facebook’s detailed response, Congressmen Markey was happy with their steps to protect its users but reiterated how important it was to protect its younger audience.

“Mobile phone numbers and personal addresses, particularly those that can identify teenagers using Facebook, require special protection,” said Rep. Markey. “We must ensure that this sensitive information is safeguarded, with clear, distinct permissions so that users know precisely what’s in store when they opt to share this data with third parties. Moreover, simple, easily accessible tools are needed so users can rescind these permissions if they subsequently find they no longer want their information in the hands of third parties.

“While permission slips give parents piece of mind, Internet permission ‘slip-ups’ can expose children and teens to dangers online. That’s why it’s critical that Facebook get this right.

“I’m pleased that Facebook’s response indicated that it’s looking to enhance its process for highlighting for users when they are being asked for permission to share their contact information. I look forward to monitoring the company’s work in this area. I’m also encouraged that Facebook is deciding whether to allow applications on the site to request contact information from minors. I don’t believe that applications on Facebook should get this information from teens, and I encourage Facebook to wall off access to teen’s contact information if they enable this new feature. Facebook has indicated that the feature is still a work in progress, and I will continue to monitor the situation closely to ensure that sensitive personal user data, especially those belonging to children and teenagers, are protected.”

“Hundreds of millions of people use Facebook, and it is important that the company works as hard at protecting their user’s privacy as they do providing a popular social interaction platform,” said Rep. Barton. “People enjoy the games and applications that Facebook offers, but taking advantage of them shouldn’t jeopardize a user’s privacy. Facebook has a responsibility to their customers not just the third party vendors it associates with. I hope they continue to improve protection of users’ private information.”

If you are unhappy with the move, there are really some simple steps to avoid data loss:

  • Remove all data from your profile which you wish not to share with any 3rd party or anyone else (e.g. phone numbers, addresses, etc.)
  • Do not join applications if you feel uneasy giving 3rd parties access to your personal data.
  • Read the terms and conditions in the permissions box before approving any applications, especially the type of data being accessed.
  • If applications seem suspicious in any way, do not join them and report them for review.

Facebook to release phone numbers, addresses to third-party developers

Posted on Mar 1st 2011 by Lydia Leavitt

Facebook is reportedly moving forward with plans to provide third-party developers and external websites with access to the home addresses and cellphone numbers of its members.

The social networking site originally announced the feature in its Developer Blog in January only to incur serious public outcry over security concerns. Within three days of the announcement, Facebook suspended the feature until the hype died down, only to reintroduce it today.

Facebook to release phone numbers, addresses to third-party developersIn response to January’s announcement, Representatives Edward Markey (D-Mass) and Joe Barton (R-Texas) sent Facebook execs a letter expressing their concern.

Facebook reaffirmed it would indeed be allowing third parties to request access to users’ address and phones numbers.

The motivation behind Facebook’s move is the enormous amount of cash marketers and third-party websites will pay the site for the pressure information. It’s all part of Facebook’s bigger plan to become a viable marketing channel for businesses.

Facebook added that it is considering implementing controls that would make it more clear to the masses that their personal information is being shared. The site is “actively considering” whether to restrict users under 18 from sharing their content with third-party developers.

“We expect that, once the feature is re-enabled, Facebook will again permit users to authorize applications to obtain their contact information,” Facebook’s Marne Levine, vice president of global public policy, wrote in the letter to Reps. Markey and Barton.

“[H]owever, we are currently evaluating methods to further enhance user control in this area.”

With such a wealth of information embedded into the social networking site, it becomes a much higher up target for scammers and thieves hoping to mine personal information. Though Facebook prohibits applications from selling users’ information or sharing it with others, phishing scams and malicious apps are not at all uncommon.

“[Scammers] might be able to impersonate you if they had your phone number,” said Norman Sadeh-Koniecpol, a professor at the Carnegie Mellon School of Computer Science.

“They’re saying, ‘Please give us your phone number,’ but they’re not telling you whether they’ll share it or whether they’ll sell it or use if for malicious purposes. In fact, you don’t know who you’re dealing with.”

Others, such as  Mary Hodder, chairman of the Personal Data Ecosystem Consortium, expressed concern over the lack of transparency on the site.

“People never thought when they were posting this data [such as their phone numbers] that it would be accessible to anyone but friends. There’s a real mismatch of expectations around that.

“Even if Facebook comes back with new protections, they’re still saying, ‘Hey, get over it, your data is public.’ I feel sad for users that Facebook’s approach is ‘You give us anything and it’s all fair game.'”

Meanwhile, Rep. Markey offered a follow-up comment, stating: “I’m pleased that Facebook’s response indicated that it’s looking to enhance its process for highlighting for users when they are being asked for permission to share their contact information.”

This is clearly an attempt to polish a turd. Facebook had no intentions on securing its subscribers because if they did, they would not be releasing the personal home addresses and phone numbers of its users. WATCH OUT FOR THE SHARK IN THE WATER PEOPLE!!!

As I was studiously engaged in active research on my final project for Social Internet TECH621, I ran across some interesting information regarding Facebook’s new http standard. I totally understood that they were implementing new security protocols for the benefit of its media users, but really didn’t understand WHY, considering they are willing to divulge the personal home addresses and phone numbers of its dedicated subscribers. Then I saw a web page that (luckily studied and took notice) noted that third-party application developer’s application would no longer work while its users were browsing under https. Their applications did not work. Hmmm, so i wonder if it was an intentional secret that Facebook did not care to mention to its user via Facebook that they were choosing to implement this new standard. Is Facebook the Sneaky Shark?                                              

Apparently, they ARE the shark in the water and nothing can stop them from taking over social media and manipulating the rules as they see fit. Or is it not them who is the sneaky shark, but the government who is merely using Facebook as a tool to implement their “transparency” and exploit everyone’s personal life who engage in social media? What a way to look at it…. As I’ve said before, if you don’t want them to know…stay off the sites…that is the only way to be sure that your privacy is yours and your alone….

Over the past few years it has been noticeably apparent  that Facebook aims to deregulate standard  privacy practices that users are accustomed to while using social media. Although Facebook’s stance is that if users are navigating their media platform, then they should be willing to fore-go the right to be anonymous browsers, IT DOES NOT MEAN THAT I SHOULD TRADE YOU MY PRIVACY FOR SOCIAL INTERACTIONS. But, Facebook doesn’t stop there. They go as far as to, not only fore-go standard privacy practices, but invite 3rd party API developers to have the same exact access to user’s personal information as the host site itself.

In a 2008 research study by Adrienne Felt, it was discovered that Facebook’s 3rd party API’s generally require none of the users personal information, but have complete access to it. Out of 150 studied Facebook applications, only 14 required private information. Of those 14 application, 4 of them violated Facebook’s Terms of Service Agreements. THIS IS WILD! Facebook is allowing 3rd party API developers to violate legal agreements set forth by the host site itself. They pull user data and add it to an in-application profile, making it visible to other application users who would otherwise not have access to it. I don’t know about you guys out there, but since beginning the class, Social Internet, I am much more aware, now, of certain privacy regulations and what is legitimate and what is not. SO users, beware because your information is up for grabs to Facebook API developers and the parties they sell their software to. C-R-E-E-P-Y!

GCIS CYBER-SECURITY BRIEFING: Internet “Kill Switch”: Mapping Out Governmententals Proper Role in Cybersecurity

ISSUED BY: GCIS Communications Command Center

SOURCE: The Heritage Foundation

22February2011 2:03pmEST

GCIS CYBER-SECURITY UPDATE: The problem is indeed a challenging one. Clearly, the federal government needs the ability to protect its own interests, some of which require use of the private-sector portions of the Internet. Likewise, the government is charged with providing “for the common defense,” and all Americans would expect it to play a role in defending, say, the West Coast electrical grid against a Chinese assault.

The Government's Internet Kill SwitchThe recent report of Chinese infiltration of Canadian government computers is a salient demonstration of the need for some defensive measures. And the reality is that if pre-enforcement judicial review of any governmental order is required, it is possible that the governmental response will be delayed so long that it proves ineffective.

But equally clearly, giving the government power over the private sector and the Internet is fraught with peril to civil liberties. Even though the legislation has explicit language denying presidential power to cut Americans off from the Internet generally (and even though any President of either party should not be presumed to exercise powers granted in a dictatorial way), the recent experiences in Egypt make it clear how relatively easy it is for an autocratically minded leader to take control of private conduct.

And even when government acts with good intent, mistakes happen—for example, the recent error in which DHS mistakenly seized a number of innocent domain names that it thought were tied to child pornography but were not. Post-enforcement judicial review is of less value after the order has already been given and implemented. (read full report)

“GCIS INTELLIGENCE UPDATE” is an intelligence briefing presented by Griffith Colson Intelligence Service, and provided to the public for informative purposes only. All subject matter is credited to it’s source of origin, and is not intended to represent original content authored by GCIS, it’s partners or affiliates. All opinions presented are those of the author, and not necessarily those of GCIS or it’s partners.

The military has issued a request for bids on software to let it spread messages and make online friends using non-existent identities on social media sites.

ISSUED BY: GCIS Communications Command Center

SOURCE: Information Week

23February2011 7:25pmEST

GCIS CYBER-SECURITY UPDATE: The United States Air Force is taking an unusual approach to cyber-security with a request for bids for “Persona Management Software,” which would let someone Air Force to use fake IDs onlinecommand an online unit of non-existent identities on social media sites. The move became a major topic last week following the release of emails from private security firm HBGary, which were disclosed after an attack by Wikileaks competitor and collaborator

According to Solicitation Number: RTB220610 , the armed services division sought a software program that could manage 10 personas per user, including background; history; supporting details, and cyber presences that are ” technically, culturally and geographacilly [sic] consistent. Individual applications will enable an operator to exercise a number of different online persons from the same workstation and without fear of being discovered by sophisticated adversaries. Personas must be able to appear to originate in nearly any part of the world and can interact through conventional online services and social media platforms. The service includes a user friendly application environment to maximize the user’s situational awareness by displaying real-time local information.” (read full report)

“GCIS INTELLIGENCE UPDATE” is an intelligence briefing presented by Griffith Colson Intelligence Service, and provided to the public for informative purposes only. All subject matter is credited to it’s source of origin, and is not intended to represent original content authored by GCIS, it’s partners or affiliates. All opinions presented are those of the author, and not necessarily those of GCIS or it’s partners.