More Facebook Privacy Invasions

[TaoPhoenix]

Wow. They're getting sneaky-good.

*This week* I got "Is (my mom) a friend? Friend this person" from Facebook! This came through to the fairly shielded email linked to a pseudonym on Facebook. It was a random throwaway Facebook account I set up over a year ago. So who tripped what button to figure out who my mother was this week?    My real name only exists in about four places on that email account and it's purposely different from this "Web Brand" that has all of my web posts.

Some clues: it's the email account to my Apple ID, which has my full name, because that is the account that I pay credit cards on online sales. Just about on that same day I upgraded my iPhone (way overdue) to iOS 5. I also did some maintenance on some apps. *One day later* Suddenly Facebook auto-mails me "Hi, is this someone you know?" Prior to that their automailer was sending junk.

 

[Renegade]

Not sure what to say. Maybe this is appropriate...

Code: C# [Select]

1. public Rant Loudly()
2.         {
3.             Rant result = new Rant();
4.             while (faceIsRed)
5.             {
6.                 result.Profanity.Add(RandomProfanity);
7.             }
8.             return result;
9.         }

I wonder how much of Apple and Facebook's revenue comes from the NSA...

[TaoPhoenix]

Not sure what to say.

I wonder how much of Apple and Facebook's revenue comes from the NSA...

-Renegade (September 15, 2012, 01:42 PM)

Well, this makes me rather nervous, because I worked hard to build an entire shielded email system. My 5,000+ web posts are under my Web Brand to make it at least one step for HR types and lazy GoogleMonkeys to find my personal views on the web. I have two "real name" emails for family and job hunting. Then that one was for all the corporate "gray-spam" (that you opted into so you could do stuff), and the entire point of that account was that it's full of aggressive ad-bots. So now that Facebook is really close to the mark, they'll reverse plaster mom's network "Do you know (crazy pseudonym)?"

I spent 8 years trying to keep these divisions of concept, including over at FreeWebSpace.net, to the irritation of a few host companies in my free web host study. For deep security purposes I left one convoluted path for people to know who I am via this web brand, and that takes at least 15 minutes of inspired web searching to get that right.

So for Facebook to nail it in one shot and then figure out who mom is, the day after I update my phone, makes me very very grumpy because I thought the point of Apple's Walled Garden was to make you feel nice and cozy. I've long had no delusions if the feds ever decided they wanted to get mean - the point was to keep the spammers away, both Nigerian but also corporate. So now that Facebook has it, I no longer trust it not to slip out through a weak link until everyone has it.

In case the full extent isn't clear, the Phishing possibilities are enormous if a couple more weak links go through. "Hi ____. Your mother, _____, (insert scam here.) See, here is her picture." ** Yes, mom's picture is in my email!**

[40hz]

You're only as private as the least secure link anywhere in the chain. I've known people spend years enjoying isolated identities on the web only to have them come crashing down with one bit of carelessness in a message, forum post, or account registration that allowed something to link back to them. It's ultimately a losing battle. Because the web was not designed for privacy. If anything, the fundamental idea behind the web was absolute open access. Just because e-commerce and online banking got bolted onto it after the fact (because the Internet` was just too easy a way to get access to a global data communications infrastructure for peanuts) didn't change anything. Privacy and security has to be designed in to the core if there's even a chance it will provide some reasonable degree of functionality.

Like was said in Fight Club: On a long enough timeline, the survival rate for everyone drops to zero.

[mahesh2k]

I don't think this happens with facebook only. I have linkedin and Google+ sending emails on behalf of me for invite. Linked In still does on random basis and so do other social or say portal networks.

[TaoPhoenix]

I don't think this happens with facebook only. I have linkedin and Google+ sending emails on behalf of me for invite. Linked In still does on random basis and so do other social or say portal networks.

-mahesh2k (September 15, 2012, 03:24 PM)

Oh, LinkedIn is bad too. They swiped my father's contacts and started turbo emailing me. Same thing with a former colleague.

[TaoPhoenix]

You're only as private as the least secure link anywhere in the chain. I've known people spend years enjoying isolated identities on the web only to have them come crashing down with one bit of carelessness in a message, forum post, or account registration that allowed something to link back to them. It's ultimately a losing battle. Because the web was not designed for privacy. If anything, the fundamental idea behind the web was absolute open access. Just because e-commerce and online banking got bolted onto it after the fact because the Internet` was just too easy a way to get access to a global data communications infrastructure for peanuts didn't change anything. Privacy and security has to be designed in to the core if there's even a chance it will provide some reasonable degree of functionality.

Like was said in Fight Club: On a long enough timeline, the survival rate for everyone drops to zero.

-40hz (September 15, 2012, 02:41 PM)

Yeah, though having known how Facebook is, I took some steps. I can't 100% prove it's Apple, but it's mighty suspicious because I hadn't logged into that email in months or the Facebook one in years. So in summary, if it is in fact Apple, then I mis-read them. If it's something else like an amazing coincidence from the Facebook side, then oh well. Still, all this is still partially sandboxed. It's still way better than if I'd just mashed my internet life all into one email, because THAT would have been an explosion of worlds colliding to disastrous effect. It may still, but I got this far, it's 2012 and not 2004.

[Renegade]

...It's ultimately a losing battle...

-40hz (September 15, 2012, 02:41 PM)

+1

I don't even try to hide. There's little point.

[40hz]

You're only as private as the least secure link anywhere in the chain. I've known people spend years enjoying isolated identities on the web only to have them come crashing down with one bit of carelessness in a message, forum post, or account registration that allowed something to link back to them. It's ultimately a losing battle. Because the web was not designed for privacy. If anything, the fundamental idea behind the web was absolute open access. Just because e-commerce and online banking got bolted onto it after the fact because the Internet` was just too easy a way to get access to a global data communications infrastructure for peanuts didn't change anything. Privacy and security has to be designed in to the core if there's even a chance it will provide some reasonable degree of functionality.

Like was said in Fight Club: On a long enough timeline, the survival rate for everyone drops to zero.

-40hz (September 15, 2012, 02:41 PM)

Yeah, though having known how Facebook is, I took some steps. I can't 100% prove it's Apple, but it's mighty suspicious because I hadn't logged into that email in months or the Facebook one in years. So in summary, if it is in fact Apple, then I mis-read them. If it's something else like an amazing coincidence from the Facebook side, then oh well. Still, all this is still partially sandboxed. It's still way better than if I'd just mashed my internet life all into one email, because THAT would have been an explosion of worlds colliding to disastrous effect. It may still, but I got this far, it's 2012 and not 2004.

-TaoPhoenix (September 15, 2012, 03:50 PM)

Look at it this way: up until a year ago you could Google my full name (it's fairly unusual) and get less than 20 hits. And of those, only about five actually applied to me. It's been like that for years and years. And that wasn't by accident. I'm a very open and forthright individual on the personal level. I don't play games or keep secrets from my friends or family. But I'm unusually careful about sharing personal information on the web. I've been "The Discreet Discrete" long before it became prudent to be so.

Then my college recently decided to include me in their online alumni directory. And they did so despite the fact I had specifically opted out...

If you Google me now you will find 118 hits, growing by about 2 per month. And most of them do apply to me.

So it doesn't really matter, in the long run, whether you've "outed" yourself or not. All it takes is one other person or organization - or a slip on your own part - and the whole house of cards you've so carefully built to maintain some privacy comes crashing down.

Like I said - losing battle. Oh well!

[TaoPhoenix]

Unless one's info becomes a copyrighted creative work!   

"That will be $9250 per infraction, please."

[40hz]

^It's been suggested and I think tried. Last I heard you can't copyright a proper name or "factual information." Probably more because it would get you better privacy if they allowed it.

[Renegade]

@40hz - You got me having a quick search, and I found this:

http://howmanyofme.com

Lets you see how many people in the US have the same name.

For my name, pretty much all results are about a hockey player.

[40hz]

@40hz - You got me having a quick search, and I found this:

http://howmanyofme.com

Lets you see how many people in the US have the same name.

For my name, pretty much all results are about a hockey player.

-Renegade (September 16, 2012, 08:30 AM)

Interesting! And thx for finding that. I got this result back:



Which isn't always 100% correct as they pointed out on the website. And in this case, it isn't. Because I do know of one other person with the exact same name as mine except for the middle initial. We've emailed each other back and forth a few times and had a good laugh over it. Funny thing is we both also know a few people in common - so it looks like the Six Degrees of Separation thing has some truth to it.

Still, 2 people out of 314 million makes for a pretty uncommon name.

Of course now that I've said that (which is a good example of how easy it would be to make an unintentional slip that has privacy implications ) some enterprising individual could consult a listing of unique names for the United States, sort by geographic region, and probably narrow it down to twenty or fewer candidates for my name. Some intelligent guessing at age (as revealed by opinions I've expressed, music I listen to, and pop culture things I've referred to) would narrow that candidate list even further. Probably to five or less. Then all you'd need to do is check voter or motor vehicle registrations and find the house address. That's how the US Justice Dept. works data correlation when conducting an investigation or fishing expedition. And it works!

Put a few people on the ground in vans to verify someone is actually at the address and get a current photo - and voila - they have my ass! Especially now that they plan on the widespread deployment of facial recognition software. Use an ATM, enter an airport, pass through an automated toll lane, or show up on the wrong "privately owned" sec-cam and they'll know where I am.

Like I said, losing battle. Or more correctly: lost battle.

Far too late to put that evil genie back in its bottle.




-------

[TaoPhoenix]

Lost battle revisited!

"Any sufficiently paranoid rant will become true soon enough" ... or something. Try this new addition to my themed thread!

"Now Facebook wants YOU to grass-up(snitch) friends not using their real name".
http://blogs.compute...-real-name/index.htm

http://paulbernal.wo...facebook-snitchgate/


I think I banked enough grumpy-faces that I can make a withdrawal here.

----------------------------
(Dramatization)

"Is this your friend's real name?"
Renegade

[TaoPhoenix]

Pro-First-Amendment types like me have posted a lot of comments that use exploratory language to examine the state of news. The Powers That Be are getting stronger, and pretty soon we'll be in Cardinal Richelieu land, where someone paid to have too much time on their hands can sift through for example my 5,000 net posts and find 100 of them that paint me in an evil light.

[Deozaan]

This is, perhaps, the scariest part:

Taking it a step further, look at the nature of the questionnaire. You’re being asked to report on a ‘friend’. If you say ‘I don’t want to answer’ that will be recorded – that’s the whole nature of Facebook – and it’s not hard to see that there could be a list of ‘people who don’t want to answer about their friends’. Indeed, under the terms of the Snoopers Charter, it wouldn’t just be Facebook who could access this kind of information: the authorities could potentially set up a filter to gather data on people who don’t confirm the names of their friends. It could be viewed as suspicious if you don’t answer – or even suspicious if you are friends with people who don’t answer. Again, this is the nature of Facebook’s social data – and how it could be misused.

-http://paulbernal.wordpress.com/2012/09/21/facebook-snitchgate/

[TaoPhoenix]

See, it just gets scarier and scarier. Computers love lists. So does Big Brother, and evil Corps.

Nothing short of an epic revolt is gonna get us out of this. But so far they're careful to do it all a step at a time.

[mahesh2k]

We are on same topic, so decided to drop this link of eff.

https://www.eff.org/...es/who-has-your-back

[TaoPhoenix]

We are on same topic, so decided to drop this link of eff.

https://www.eff.org/...es/who-has-your-back

-mahesh2k (September 22, 2012, 01:18 PM)

Here's an interesting snip from that report:
"We’re also happy to report that several of the companies included in last year’s report have stepped up their game. Facebook, Dropbox and Twitter have each upgraded their practices in the past year and earned additional stars."

Though the recent new developments from this thread almost make it sound like the EFF needs a new category entirely, something like "refrains from creating internal policies that could threaten user privacy."