Morisy dot com
The personal homepage of Michael Morisy, technology journalist.
Search
Topic “Facebook”
Facebook's 'great betrayal' does users a favor
Two points, perhaps slightly contradictory:
- Facebook's new privacy rollout is doing users a favor.
- "Free" may be the limit that social networks can, by and large, charge users, but it means the users aren't the customers.
I've been trawling the Internet for quite some time now, but there's something I learned early on, shortly after starting my first blog (we called then web journals back then) in the 8th grade: Privacy on the Internet is as real as that magical glittery unicorn you rode in on. A lot of people, including people who should really know better, don't seem to have that figured out yet.
Gawker's Preferred Facebook Privacy PolicySee Gawker's Ryan Tate:
Its new privacy policy have turned the social network inside out: millions of people have signed up because Facebook offers a sense of safety. For the last five years — as long as you're relatively careful about who you accept as your friends — what you do and say on Facebook for the most part stays on Facebook. Katie Couric's daughter first posted pictures of her famous mom dancing silly in 2006, but it took three years for them to leak to us.
"Privacy is dead, deal with it,” Scott McNealy famously said. As someone who dallied both in college journalism and gossip blogging, I will sadly testify that what privacy has existed on social networks, blogs, and in online life generally was more or less an illusion until someone wanted that information enough, or until another security hole was exposed, or until a friend decided to share your tidbit with the world, innocently intentioned or not.
Just today, the seemingly innocuous Gravatar service has a privacy hole that let one researcher correctly guess flies around the Internet plain as day for God's sake. The fact that Gawker bolsters its privacy argument by saying private photos remained private for three whole years is just icing on the cake.
Facebook's "Great Betrayal" is more of a cession to reality rather than an "anti-privacy plot".
The more their users are aware of reality, the better they'll be equipped to defend themselves against it. By having a glittery magical unicorn approach to privacy concerns, they were just fooling some of the press and anyone who would prefer to live comfortably rather than live with the facts.
If you're not comfortable with it being public, it probably shouldn't be anywhere on any of your social networks.
The second point is that, unless you're paying, you're probably not that important a customer. Facebook's advertisers and, increasingly, search partners are. And you can't search what's mired under privacy constraints.
So if you really want to be in control of your data and privacy, pay for it. Better yet, build it: Kits like Drupal make it easy for those of at least a slightly technical bent, but there are tons of hosting services that support Fantastico which let you set up your very own website, which you control, for about $30 a year. Is that too much to ask? Well, given what you give up in usability, maybe, but I've been doing it, and just recently launched my own galleries where I can fine grain the privacy to my heart's content and never have to worry about changing Terms of Service. I also use Drupal's Activity Stream module to backup (publicly) my Tweets, delicious tags, and Google shared items in one convenient place. I even get a copy of my entire site e-mailed me to daily, so if this hosting provider pisses me off, I can move at a moment's notice.
Try doing that with Facebook.
PS: I can't find any documentation, but I could've sworn for a while that Facebook prevented users from downloading images via some Javascript tomfoolery. It would have been easily bypassable, as such measures always are, but would have made users feel better, maybe. Anyways, I can't find any reference to it, so I may not be remembering correctly.
Drupal: Facebook Connect or not to connect ...
Editor's Note: In the interest of sanity and others' edification, I thought it might be nice to start logging my travails developing Spare Change News in Drupal. I probably won't post all the updates to Instant History (the main blog), but the major ones will show up there, with everything cross-posted to the new Drupal Developer blog (It's all really just one blog with different categories, but shh ...).
So far, one of the biggest challenges I've run into with Spare Change is getting staff to actually log in and post content. The most common excuse? "I can't remember my user name and password." It's a sentiment I'm sympathetic to, having written about user hatred of password rules. But what's a site admin to do?
How to log and pull up your Facebook chat history
Update: The comments have an alternative method that works without installing anything and is retroactive. Unfortunately, that doesn't pull all Facebook chats, just the most recent ones
Finally, users can record and find Facebook chat history, but it requires a bit of a workaround including a Firefox plugin and a Facebook app. Not the most elegant solution, but for those who are just can't seem to keep track of what they're Facebook chatting about, it'll have to do.
First, head over to the Facebook Chat History Manager homepage and install the plugin. It'll prompt you over to the Facebook app after successful installation, where you'll have to register the app and then create a local user account (all the chat history is stored on your own computer, not someone else's servers).
One interesting thing to note: Unlike in GMail's GChat, the chat logging application doesn't notify the person on the other end that your conversation is being logged:
The logs are also not particularly well formatted nor particularly intuitive to access. At any point in Firefox, you can just hit CTRL-ALT-F and the logs will come up, but there's no easy way to click through to the logs inside Facebook itself, short of going to the application's own URL. There's also no way to search for chats, so you're stuck either wading through them by date and name, and the output isn't exactly well styled:
The good news is that these quibbles can probably be fixed with relatively minor updates, and the solutions gets bonus points for offline chat history access. In any case, it's the best that can be done until Facebook unveils a chat history lookup of their own. If today's announcement of improved Facebook inbox searching is any indication, that could be the near future.
Further Reading:
Find your Facebook message history
After my posts on how to fix the Facebook virus after an attack, I've noticed a number of searchers looking for information on how to find a particular message in your Facebook message history. I've put together a Facebook message search guide to help just these people, including some bad news about Facebook chat history. Read the full post.
What to do if you get hit by the Facebook brunga.at virus attack
Most of my hits lately have been people searching for information on bunga.at or another variant, like kirgo.at, nutpic.at, or 151.im. I've put together bits and pieces of information on the continuing Facebook phishing attack, but here's a quick guide on what to do if you've already fallen for it:
- IMMEDIATELY change your passwords, particularly if you use the same password for Facebook as you do for other sites, like your bank or e-mail. This is the most important thing you can do, and the number one way to protect yourself from further, serious damage.
- Report the breach to Facebook by e-mailing them at privacy@facebook.com. They're likely getting dozens of e-mails on the topic every second, but if they have your info they might be able to scrub any damage done before it gets passed much further.
- Post a link on your wall to articles like this or the Facebook Phishing Scam Awareness group and let your friends know you've been compromised. It happens, but spreading the word about what they can do can minimize the damage.
- Check your sent messages: You might be able to see who you've forwarded the worm to, and if so you can reply to all the people and warn them not to click your link. This won't always work but is worth a try.
- Run anti-virus. Some users who've been hit have reported getting attacked by a Windows executable, and de-activating whatever nasty payload you might have gotten should be your next priority after changing your passwords and trying to prevent the virus from spreading further. If you don't have anti-virus already installed, learn your lesson and at a minimum, go install AVG, which is free. Many, many schools and service providers also give out free anti-virus to their students and customers.
Facebook itself had a few anti-phishing recommendations:
- Use an up-to-date browser that features an anti-phishing black list. Some examples include Internet Explorer 8 or Firefox 3.0.10.
- Use unique logins and passwords for each of the websites you use.
- Check to see that you're logging in from a legitimate Facebook page with the facebook.com domain.
- Be cautious of any message, post or link you find on Facebook that looks suspicious or requires an additional login.
Further Reading:
Facebook virus attacks continues: Check kirgo.at, nutpic.at, and brunga.at continue to lure unwary
Already hit? Check out this guide of what to do now.
Looks like claims to have cleaned up the the Facebook 151.im worm were a bit premature. I've gotten three more offers to check scam sites in the past few hours, including to Kirgo.at, nutpic.at, and brunga.at. It looks like the phishers have changed from the Isle of Man's .im domain to Austria's .at. I'd still pick the former this time of year.
Most of what I wrote about the Facebook virus previously still applies, although it looks like the bad guys' servers are having trouble handling all the images, which will hopefully slow down the amount of people falling for the trick.
One way to make sure that it's the real Facebook site you're logging in to? Simply put in a made up e-mail and password in the login page. The phishing sites have been putting out a "502 Bad Gateway" error, while the real Facebook would ask you to try again. Note that this is not a 100% fool proof method (check the address bar!), but few phishers, particularly for a scheme like this, are likely to go through the trouble of a complicated input verification scheme.
Further Reading:
- What to do if you get hit by the Facebook brunga.at virus attack
- Facebook virus attacks continues: Check kirgo.at, nutpic.at, and brunga.at continue to lure unwary
- Facebook says "Check 121.im"; Common sense says don't
- Facebook's blog post on how to Protect Yourself Against Phishing
- Find your Facebook message history
Facebook says "Check 121.im"; Common sense says don't
Since I've already gotten two of the spam Facebook messages today, I figure other people probably are, too. What sets this phishing attack from others? For one, no obvious misspellings:
John Doe sent you a message.
Subject: Hello
"Check 121.im"
To reply to this message, follow the link below:
http://www.facebook.com/n/?inbox/readmessage.php&t=1146328106860&mid=764a5aG638f2G2a6619cG0___
This message was intended for morisy@gmail.com. Want to control which emails you receive from Facebook? Go to:
http://www.facebook.com/editaccount.php?notifications&md=bXNnO2Zyb209MjQwMjc0MDt0PTExNDYzMjgxMDY4NjA7dG89NDA3Nzk0
Facebook's offices are located at 156 University Ave., Palo Alto, CA 94301.
Pretty much identical to a regular Facebook message:
John Doe sent you a message.
--------------------
(no subject)Great to see you the other day. The artist that I was trying to think of was Thomas Barbey:
http://www.facebook.com/l/;https://www.artifactsgallery.com/art.asp?!=A&name=Thomas%2520Barbey%2520Photography&ID=787#LINKS- John
--------------------John has shared a link with you. To view it or to reply to the message, follow this link:
http://www.facebook.com/n/?inbox/readmessage.php&t=1099969910945&mid=742ccdG638f2G2a40a06G0___
This message was intended for morisy@gmail.com. Want to control which emails you receive from Facebook? Go to:
http://www.facebook.com/editaccount.php?notifications&md=bXNnO2Zyb209NDAyMzEwO3Q9MTA5OTk2OTkxMDk0NTt0bz00MDc3OTQ=
Facebook's offices are located at 156 University Ave., Palo Alto, CA 94301.
If you click through the link, even the log in pages are pretty identical (click image to enlarge), mostly differing in that the real one offers "English" as an option below, prompts that you must log in to continue, and has a (very slightly) wider "Sign Up" button. Tricky, particularly since Facebook doesn't automatically use SSL encryption (manually go to the more secure version at https://www.facebook.com, and many browsers will display a green indicator in the address bar to let you know you're at the legit location).
Still, it's a good reminder that avoiding phishing traps is easy: Always, always, always look at the address bar when you enter your password and username for any website, whether it's a bank, social networking site, or e-mail. Even if only a trivial account is compromised, many users use the same passwords across all their logins, meaning big trouble even if it's the most clueless script kiddie who gets your data.
Update: Facebook has acknowledged the virus, and is taking steps to thwart its effects, the L.A. Times reports.
"This is a phishing attack. We’re well aware of it and are already blocking links to these new phishing sites from being shared on Facebook," Facebook e-mailed the LA Times. "We’re also cleaning up phony messages and Wall posts and resetting the passwords of affected users. We think this is related to the fbaction.net/fbstarter.com campaign of a couple weeks ago. "
Facebook has also put a better anti-phishing blog post than mine on preventing attacks, though it would be nice (if expensive to them) to make SSL the default connection.
Update 2: Removed some Real Life (TM) first names I'd accidentally left in, to protect the innocent and guilty.
Further Reading:
- What to do if you get hit by the Facebook brunga.at virus attack
- Facebook virus attacks continues: Check kirgo.at, nutpic.at, and brunga.at continue to lure unwary
- Facebook says "Check 121.im"; Common sense says don't
- Facebook's blog post on how to Protect Yourself Against Phishing
- Find your Facebook message history
What Michael's been up to elsewhere ...
Fri, 2010-09-03 15:45
michael tweeted "The 7 habits of highly effective writers http://bit.ly/azbVEP #8: When all else fails, make lists /via @estherschindler" 3:45pm#
michael linked to Q & A: Longshot co-founder Alexis Madrigal : CJR 3:30pm#- michael tweeted "@spanoplos And maybe all the bugs, too." 3:29pm#
- michael tweeted "Facebook sees impressive growth via time travel, signing up every human ever: http://bit.ly/aKgHYQ" 3:05pm#
- michael tweeted "Dictionary Attack, Middle Earth-style http://bit.ly/bv7RXS #Security" 1:30pm#
Wed, 2010-09-01 21:35
- michael linked to A Times Must-Read on the News Corp. Hacking Scandal : CJR 9:35pm#
- michael linked to NOW, union blast Levy, Beth Israel board - BostonHerald.com 9:23pm#
- michael tweeted "@andymboyle Take solace: They're rich in anti-oxidants bc they're made with tomato puree not paste. Had a cookbook with Spaghettio recipes." 7:02pm#
- michael tweeted "RT @zseward: Ken Cosgrove and Harry Crane marvel at the Macbook http://3.ly/KKFp #MadMen" 4:25pm#
- michael tweeted "Purdy Ink RT @NiemanLab: Chicago Tribune expected to debut a Panorama-like "premium" weekly in January http://nie.mn/cH2xYX (via @romenesko)" 4:02pm#
Wed, 2010-09-01 14:32
- michael linked to Five Tools to Increase Productivity « DigiDave 2:32pm#
- michael tweeted "What it takes to shut down a botnet http://bit.ly/cKdHfB" 1:20pm#
- michael linked to Full D7 Interview Video: Mark Cuban, Chairman of HDNet | Kara Swisher | BoomTown | AllThingsD 1:18pm#
- michael linked to Evan Sandhaus 12:46pm#
- michael linked to Something funny happened on the way to MassDOT - BostonHerald.com 12:32pm#