|
The BBC and numerous other websites have posted articles about a large scale data mining effort that collected personal information of 100 million FaceBook users and then posted these details online. You can download the data here (mind you, it is 2.79Gb). Seeing as it is Summer and probably slow for news, now that the World Cup is over, news agencies start publishing silly tempests in teapots. All the information is publically available on FaceBook – which means anyone can go and find it themselves. All this “exploit / hack / security breach'” does is is collate all the information in one place. Since this is publically available information, there is no breach of privacy - Google or any other search provider collects the same information any time it crawls FB. This is not to say FaceBook did not have issues with privacy. In the early days, if you knew the ID of a user, you could bypass the security settings and browse accounts without being friends by simply hand crafting a URL with their user ID. FaceBook still has a security issue (maybe more, but this is the one I notice): when I log in, if I type my password incorrectly, FaceBook shows me the following page: 
This is wrong because FaceBook confirms my account exists, just that the password was wrong. The proper way to handle authentication failure is to fail BOTH the account and the password and have the user re-enter both. The way FB does it rewards ‘accidental’ or ‘random’ account names by telling me they exist. For example: I entered the account richard@some-popular-email-provider.com and was rewarded with: 
Which gives me the full name of the person at the given e-mail address (assuming he doesn’t use an alias on FB). While not terribly revealing, it does allow me the potential of personally addressing him in some sort of confidence scam e-mail: Dear Richard , Routine monitoring of Internet traffic is showing that your account has been accessing illegal Internet content. Please contact the Internet Security Task Force within the next 5 business days to assist in our investigation of this activity. Regards, Buzz Lightyear Chief Security Honcho ISTF Anyway ... I think the best last word on this FaceBook scandal comes from this satirical news article. A few choice quotes of which are: Facebook user Sharon Bott was outraged, telling reporters, “So you’re saying that when I put holiday pictures on Facebook, and set it so that anyone can see them, then anyone can see them? That’s outrageous!” and Welsh hacker Dewey Thomas said that it was not just Facebook that was allowing unscrupulous people access to limited amounts of publicly available and relatively harmless personal information. “Only this morning I got the names, addresses, and phone numbers of thousands of Cardiff residents, simply by opening a phone book.” Let’s face it, if you don’t want information public, then don’t put it in a public place.
Read 2 Comments... >> |
