Category Archives: Privacy

Another Facebook Hole?

(Update: Facebook have confirmed the flaw—although it’s not as serious as it looks—and have fixed it. See comments.)

The complexity of Facebook makes it likely there are holes in its privacy. But this one, if I’m right, seems to suggest that it’s possible to access someone’s private data by a social engineering trick outside Facebook.

Today I received an email invite to join Facebook from someone I’ve never heard of. Weird, firstly, because this was not someone I think I’d have known. Weird, also, because I’m already on Facebook.

image

Just to make sure, I clicked on the link to sign up for Facebook and took the option there to sign in with my existing account.

That took me to my usual Facebook page. No more mention of the dude wanting to be my friend. At no point was I given any option to let this person into my life or not.

So I Googled the guy’s name and, lo and behold, I find I’m already on his list of friends:

image

Slightly freaked out, I went back to my account to see if this person was included in my list of friends. He wasn’t.

In other words, this guy can now see all my account details, and I can’t see his. Moreover, at no point have I accepted anything. All I’ve done is click on a link that said: To sign up for Facebook, follow the link below.

What I guess has happened is what happens if you click on the profile of someone who is not a friend but has sent you a message, or asked you to be a friend. In either case, I believe, that person then gets a week’s access to your profile.

I think this is dumb. But I think it’s dangerous that anyone can email me and, if I then click on a link to check out who they are, I now cede access to my information without being able to block it, or to be able to access his Facebook profile to see what kind of person can now access my data.

Think Hard Before You Get Linked In

I’ve been trying to remove a contact on LinkedIn who proudly claims to be one of the best linked people on the planet. Why that’s a good thing I’m not sure, but I noticed I was getting LinkedIn spam—spam to my own email address, but coming via LinkedIn–from this person, so I tried to remove him

Turns out that it wasn’t enough. This morning I got an email from another guy claiming to be the best connected person on the planet (“(he is one of the most linked people in the world”) who said I had been referred to him by none other than the LinkedIn spammer guy I thought I’d removed eight months ago. He wrote:

If so, then please accept my connection request. Since I presently have over 8,900 first tier connections, I cannot send an invitation to you because I have exceeded my limit. Therefore, to connect with me and to benefit from the millions of total connections that I have, click here: [LINK DELETED] and enter my email address [EMAIL DELETED].

So what gives? How come someone I removed from my LinkedIn network is able to refer me to someone else who has somehow been able to get my email address despite not being my buddy, nor connected to a buddy of mine? I’m asking LinkedIn about this, but I also wanted to know what happened to the original spammer I’d deleted. Was he still in my system?

Turns out he is.

Removing a connection in LinkedIn is not, it turns out, the same as removing a contact. It seems to work like this (and I might be wrong, because the explanations on LinkedIn are contradictory.)

The FAQ says you remove a connection via the Remove Connections link:

image

which takes you to a separate list:

image

What you’ll notice about this list is that, unlike your Connections list, it’s not alphabetical. Well it is, in that you can jump straight to a letter (M, say) but within that list the contacts are not in sub-alphabetical order. A cynic would say this is an extra deterrent to connection-pruning, but I’m not a cynic so I won’t say that.

But you might notice this:

image

Huh? Good that the connection won’t be notified that they’ve fallen off your Christmas card list, but how come they’ll still be on my list of contacts? And  how does it square with this other note, on the same page, that says:

Note that once this action is completed this individual will not be able to be added back as a connection.

So the person you’ve gone to all this trouble to remove will still be in your contact list—no way that I can see of removing them from there—but you can’t change your mind and then re-add them back as connection. You can, however, re-invite them, and, indeed, they will remain in your contact list as a constant reminder.

(Just out of interest, how do you re-invite someone to be a connection who didn’t know you’d banished them before? How do you explain that, exactly? “Sorry, I hated you before, but now I don’t hate you anymore?” Could be a good lyric in there.)

Confused? So am I? But here’s the kicker: Does the fact that he’s still in my contacts, and that he’s out there, apparently, recommending me to other LinkedIn spammers, mean I’m still in the LinkedIn spammer’s list of connections?

I suspect it does, because he’s still in my list of connections (but not in my Remove Connections list, if you’re still with me) and he’s still listed as 1st in my list of connections—meaning we still have a connection.

In other words, unless this is a glitch, it is impossible to remove a connection from LinkedIn once you’ve established one.

I’m going to ask LinkedIn to shed light on this. But if it’s true, it should give you pause for thought before you accept a connection via the otherwise useful service. It’s one thing to build one’s network. It’s another to find you have no control over that network—and who in that network might use the information you put there—once it’s built.

The Scam Potential of Presence Messages

image

David Weinberger as ever hits nail upon head with dose of humor, but his point to me opens the gates to all sorts of thoughts, some of them Web 2.0ish:

Often, on the back of a ‘Do Not Disturb’ sign is a ‘Make Up My Room Now’ message of some sort. But, now matter how they phrase it, isn’t it the same as an “I’m Out, So This Would Be a Good to Rob Me, Especially If You Are Squeamish about Violence” sign?

My question is this: When will Web 2.0 presence tools start to create the same informational hazard? Whether it’s twitter, saying you’ve nipped out for coffee, or dopplr, saying you’re planning an overseas trip, at what point do scammers decide this information is useful to them? Or are they already doing so? I’ve long considered automatic Outlook away messages to be dangerous, but I wonder at what point do the scamsters start to pick up on the usefulness of this presence, or rather absence messages.

P.S. I’m off out for a coffee.

Joho the Blog » The opposite of Do Not Disturb

Photo credit: ores2k

Facebook Connect – To What?

image

I’m trying to work out why this irritates me so much: Visit The Insider and you’ll be continually pestered by a popup (for some reason not caught by the pop-up blocker in Firefox) inviting me to install The Insider’s Facebook application.

This is the much-touted Facebook Connect – a successor to the disastrous Beacon thing, that upset users because it drew their activity on other sites and published it to their Facebook feed. Facebook Connect enables you to use your Facebook log-in to access other sites, and to bring your Facebook friends with you as you visit those sites—in other words, insteading of building separate communities for each site you frequent, you have one: Facebook.

I’m not going into the pluses and minuses of this right now. What concerns me is how it touts itself.

First off, there’s no way to stop the pop-up window coming back: Click cancel and it’ll come back a few pages later; hit the x in the top right hand corner and the same thing happens.

Secondly, The Insider knows who I am:

image

I have no Facebook windows open in Firefox. So I can only assume that The Insider is reading my Facebook cookies. Is there any other way? So somehow the Facebook Connect third party site is able to connect my login ID to my name and email address, even when no Facebook session is in progress?

It’s irritating, but it’s also a source of some concern. If Facebook Connect proliferates, are we going to get these popups at every site? Why is there no way of blocking this and future intrusions, should I so wish? And why are Facebook Connect partners getting access to my Facebook signon and name without my say-so?

Why Social Network Sites May Fail

Look at a social networking site lie Yaari and you can see where the social networking phenomenon may fail, simply by abusing the trust of its users.

Sites like LinkedIn, Plaxo etc rely on expanding quickly by offering a useful service: trawling your address book to find friends and contacts who use the same service. We’ve gotten used to this, and it’s a great way to build a network quickly if you sign up for a new service.

But any service that uses this needs to stress privacy, and put control in the hands of users. Plaxo learned this a few years back. Spam a user’s contact list without them realising and you invite a firestorm of opprobrium on your head.

But surprisingly some services still do it. And in so doing they risk alienating users from what makes Web 2.0 tick: the easy meshing of networks—your address book, your Facebook buddies, your LinkedIn network—to make online useful.

Take Yaari, a network built by two Stanford grads which has for the past two years abused the basic tenets of privacy in an effort to build scale.

What happens is this.

You’ll receive an email from a contact:

 image

It’s an invitation from a “friend” which

  • gives you no way to check out the site without signing up. The only two links (apart from an abuse reporting email address at the bottom) take you to the signup page.
  • neither link allows you to check out your “friend”  and his details before you sign up.

If you do go to the sign up page you’ll be asked to give your name and email address:

image

Below the email address is the reassuring message:

Your email is private and will stay that way.

But scroll down to below the create my account button and you’ll see this:

By registering for Yaari and agreeing to the Terms of Use, you authorize Yaari to send an email notification to all the contacts listed in the address book of the email address you provide during registration. The email will notify your friends that you have registered for Yaari and will encourage them to register for the site. Yaari will never store your email password or login to your email account without your consent. If you do not want Yaari to send an email notification to your email contacts, do not register for Yaari.

In short, by signing up for Yaari you’ve committed yourself, and all the people in your address book, to receiving spam from Yaari that appears to come from your email address. (Here’s the bit from the terms: “Invitation emails will be sent on member’s behalf, with the ‘from’ address set as member’s email address.”)

You should also expect to receive further spam from Yaari, according to the terms:

MEMBERS CONSENT TO RECEIVE COMMERCIAL E-MAIL MESSAGES FROM YAARI, AND ACKNOWLEDGE AND AGREE THAT THEIR EMAIL ADDRESSES AND OTHER PERSONAL INFORMATION MAY BE USED BY YAARI FOR THE PURPOSE OF INITIATING COMMERCIAL E-MAIL MESSAGES.

In other words, anyone signing up for Yaari is commiting both themselves and everyone else in their address book to receiving at least one item of spam from the company. Users complain that Yaari doesn’t stop at one email; it bombards address books with follow-up emails continually.

Needless to say, all this is pretty appalling. But what’s more surprising is that Yaari has been doing this for a while. I’ve trawled complaints from as far back as 2006. This despite the company being U.S.-based. I’m surprised the FTC hasn’t taken an interest.

So who’s behind the site? This article lists two U.S.-born Indians, Prerna Gupta and Parag Chordia, and quotes Gupta as saying, back in 2006, that to preserve the integrity of the network access is restricted to the right kind of Indian youth. I’m not young, I’m not Indian, and I’m probably not the right kind, so clearly that goal has been abandoned.

Here are some more details of the two founders.

Gupta, who is 26, is an economics major who graduated in 2005, was working for a venture capital firm in Silicon Valley called Summit Partners until 2005. Her facebook profile is here; her LinkedIn profile is here. According to this website she once won the Ms Asia Oklahoma pageant (her hometown is listed as Shawnee in Oklahoma, although she lives in Atlanta.

Chordia, chief technology officer at Yaari, has a PhD in computer music, and is currently assistant professor at the Georgia Institute of Technology, according to his LinkedIn profile. His facebook profile is here.

There’s a video of them here. An interview with Gupta last year indicates that they’re going hell for leather for size:

We are focused on growing our user base and becoming India’s largest social networking site within the next two years. Our goal for the next year is to become one of India’s Top 10 Internet destinations.

What’s interesting is that nearly every site that mentions Yaari and allows comments contains sometimes angry complaints from users. In that sense Web 2.0 is very effective in getting the word out. Unfortunately if Yaari and its founders continue to commit such egregious abuses of privacy, we can’t be sure many people will trust such websites long enough for the power of networking sites to be properly realised.

(I’ve sought comment from Gupta, which I’ll include in this post when received.)

The Predictable Human (and a Privacy Issue)

A study of mobile phone data shows that we are extraordinarily consistent about our movements. Mobile phone data, unsurprisingly, provides rich pickings for researchers since we carry one around with us all the time, and, unlike dollar bills, it’s more likely to stick with one person. But some have questioned the ethics of such a study.

The BBC reports that the study, by Albert-László Barabási and two others, shows we are much more predictable in our movements than we might think:

The whereabouts of more than 100,000 mobile phone users have been tracked in an attempt to build a comprehensive picture of human movements.

The study concludes that humans are creatures of habit, mostly visiting the same few spots time and time again.

Most people also move less than 10km on a regular basis, according to the study published in the journal Nature.

This is fascinating stuff, and perhaps not unexpected. But appended to the Nature news article on the study are two signed comments by readers alleging that the authors of the study didn’t follow correct ethical procedure. Someone calling themselves John McHaffie says

What is particularly disturbing about this study is something that the Nature news article failed to reveal: that Barabasi himself said he did not check with any ethics panel. And this for an action that is, in fact illegal in the United States. Disgusting lack of ethics, I’d say. And the statement from his co-author Hidalgo isn’t much better: “We’re not trying to do evil things. We’re trying to make the world a little better”. The old “trust me, I know better” argument. Maybe this two should take a basic graduate-level ethics course.

I’ve not yet confirmed it, but it’s likely to be John G. McHaffie of the University of Wake Forest. Another commenter, Dan Williams, calls for a federal investigation of the school involved in the study.

I don’t have access to the original Nature article, so I can’t explore this further right now. But the Nature news item itself says that “Barabási and his colleagues teamed up with a mobile-phone company (unidentified to protect customers’ privacy), who provided them with anonymized data on which transmitter towers had handled the calls and texts for 100,000 individuals over the course of 6 months.”

This is clearly gold. The article suggests that others have long sought to get their hands on mobile phone data. It quotes Dirk Brockmann of Northwestern University in Illinois, as saying that he had not been able to expand a study he did using dollar bills because of privacy issues:

Strict data-protection laws prevented Brockmann from carrying out his own version of the mobile-phone study in Germany, where he was based until recently. Mobile-phone data have the potential to reveal information about where individuals live and work. “I’ve been trying to get my hands on mobile-phone data but it isn’t possible,” he says.

Privacy issues aside, the study is fascinating, and could be useful in monitoring disease outbreaks or traffic forecasting. (I wrote about one using Bluetooth a couple of days ago.) And how about riots? Unrest? Shoppers?

BBC NEWS | Science/Nature | Mobile phones expose human habits

Bluetooth Tracking

morning rush hour

Research from Purdue University shows that Bluetooth would be a very good way to track travel time. Bluetooth devices give off unique IDs which could be used to measure speed and movement of pedestrians and vehicles.

But why stop there? Wouldn’t it be possible to track people via their Bluetooth signal, if you knew one of their device IDs? Anyway, here’s the abstract (thanks, Roland.)

Travel time is one of the most intuitive and widely understood performance measures. However, it is also one of the most difficult performance measures to accurately estimate. Toll tag tracking has demonstrated the utility of tracking electronic fingerprints to estimate link travel time. However, these devices have a small penetration outside of areas served by toll facilities, and the proprietary tag reading equipment is not widely available. This paper reports on tracking of a wide variety of consumer electronics that already contain unique digital fingerprints.

Method uses ‘Bluetooth’ to track travel time for vehicles, pedestrians

Facebook’s Trapdoor

I’m puzzled.

I can’t understand this quirk in Facebook that means I can’t politely brush off someone requesting my friendship without giving them access to all my friends and a lot of my info. 

Receive a friend request and you get this message:

image

I have a rule that I don’t make buddies with people I’ve not actually met, or know online. Instead I divert them to LinkedIn, a sort of frat house for networking. Facebook is for friends. So I usually try to brush them off with a message.

Only you can’t do that anymore.

Click on the Send message button, and you get this text at the bottom of the message window:

image

It says:

If you send xxxx a message, you will give them permission to view your list of friends, as well as your Basic, Work and Education info for one month.

In other words, you can confirm someone, you can ignore someone, but you can’t send them a message that says “do I know you?” or “not sure we’ve met, how about you email me on LinkedIn?” Well you can, but you’ve got to give them some of the biggest keys to your little Facebook kingdom first.

Why? What is the point of that? What possible benefit is it to me to allow that to happen? Why would I let someone I haven’t met, and who I have no friends in common with, have access to that kind of information? And, more importantly, shouldn’t I be a little bit worried that my Facebook friends are allowing this to happen? How many of us actually read those little notes?

I am trying to think of a logical reason for this. Why would Facebook make it impossible for someone to reply to a request with a message that does not commit them to giving access to their information?

The only reason I can assume, perhaps because of my conspiracy-addled mind and limited brain power, is this: If the person requesting the connection has access to that information, so do most of the applications he is using. Facebook doesn’t care how long the connections last between users; all it cares is that it has access to the data. Who cares if it’s only for one month? That information only needs to be grabbed once. In other words, my theory goes, that data is valuable enough for Facebook to create a sort of trapdoor through which unsuspecting folk might allow their data to be compromised.

Or am I missing something? I must be.

Technorati Tags: ,

Filtering Communications So They Don’t Drive Us Mad

A dear friend was supposed to drop something off around 11 pm last night. I turn in around that time, so I just nodded off. Luckily I didn’t hear her SMS come in around 1 am. But I could have. I consider the phone the primary communications device–if someone has an emergency, that’s how they’re going to reach me–and so you can’t really close it off. But how do you filter out stuff like my ditzy friend SMS-ing me at 1 am to tell me that after all she’s not going to drop something off?

In short, how can we set up filters on our communications channels so they don’t drive us mad?

One is not to give out your phone number. I keep a second prepaid phone around and I give that number, and that number only, to people I do business with. That phone gets turned off on weekends and evenings. I often don’t answer a cellphone call if I don’t recognise the number; if it’s important enough, I figure they’ll SMS me first, or else they’ll already be on my contact list.

Another is to confine and contain online. I don’t accept contacts on Facebook unless I’ve met them in person (and like them.) Everyone else I point to LinkedIn. I’ve noticed a lot of people are now following me (and everyone else, it seems; I’m not special) on Twitter so I’ve scaled that back to ‘public’ observations.

Indeed, Web 2.0 hasn’t quite resolved this issue: We’ve been campaigning to bring down those walled gardens, but we’ve failed to understand that garden walls (ok, fences) make good neighbors.

Email is still a burden: I’m still getting a ton of stuff I didn’t ask for, including press releases from UPS, just because I once complained to them about something, and stuff from a PR agency touting posts on a client’s blog (that’s pretty lame, I reckon. What would one call that? “My-Client-Just-Blogged Spam”?)

One way I’ve tried to limit incoming stuff is through a page dedicated to PR professionals. I then point anyone interested in pitching to me to that page. I’m amazed by how few people who bother to read it, but I’m also amazed at how good the pitches are by those that do. (And of course, I then feel bad that I don’t use their painstakingly presented material.)

I like this from Max Barry, author of Jennifer Government, who gives out his email address but says If you put the word “duck” in your subject (e.g. “[duck] Why you’re an idiot”), it’s less likely to be accidentally junked. What a great idea.

Then there’s simple things that help to keep the noise level down: Subscribe to twitter on clients like Google Talk and you can turn it on and off just by typing, well, on or off. (You can also turn on and off individuals, so if scoble is getting a bit too much for you, just type ‘off scoble’. I’ve always wanted to be able to do that.)

I’d like to see more and better filtering so we don’t have to succumb to the babble.

Stuff I’d like to see:

  • Phones that change ringtone or volume after a certain time unless they’re from some key numbers.
  • SMS autoreturns, that say “The person you sent this message to is asleep. If you need to wake him/her, please enter this code and resend. Be aware that if the message is not urgent or an offer of money/fame/sexual favors you may face disembowelment by the recipient.”
  • Oh, and while I’m at it, the ability to opt out of Facebook threads if they lose your interest.

And, finally, a way to turn down friends and contacts from my communication channels without them knowing. A great service, in my view, would be one that appeared to authorise their requests to be your buddies, but didn’t. Call it faux-thorising.

Who Needs Enemies When You Have Facebook Friends?

It might be time to remove a) all your data and b) all third party apps from your Facebook profile. Here’s why.

Add a Facebook app — SuperPoke, all that kind of stuff — and you’re required to agree to “allow this application to…know who I am and access my information.” Disagree and you can’t install it.

Now this may be fine for you. But what the application doesn’t say is that the application is also now able to access the private data of your friends. To be clear about this, I’m not talking about friends who also agree to install the app; I’m talking about all your friends, period.

And most applications do access this data, without really needing to, according to research by the University of Virginia. In other words, by accepting someone’s friendship on Facebook, you’re agreeing to allow all the third party apps they install to access your private data.

What is private data? Well, think your name, your profile picture, your gender, your birthday, your hometown location…your current location…your political view, your activities, your interests…your relationship status, your dating interests, your relationship interests, your summer plans, your Facebook user network affiliations, your education history, your work history,…copies of photos in your Facebook Site photo albums…a list of user IDs mapped to your Facebook friends. (from Facebook’s Application Terms of Service, via Webware.)

This is not good. Especially when you consider that this data is stored, not on Facebook’s computers where you and they might be able to keep an eye on it, but on the computers of the third party apps. And this is where it gets tricky.

Facebook’s response to these revelations, detailed and explored by Chris Soghoian over at Webware, is that it’s basically up to us users to gauge whether a Facebook app is kosher and going to be careful with our data. But who are these third party developers?

I explored this a bit last November, when I tried to find out who was behind one app called ATTACK! I eventually was able to, but it wasn’t easy, and it definitely wasn’t just a question of visiting their homepage (they didn’t have one, although the developers have since posted a comment there saying they hadn’t had time to set one up, and have changed certain features. It still doesn’t have a link to any webpage that might give a user any insight about who is behind the app, though the developers do provide links to their Facebook pages.)

The points are twofold:

  • Our data is vulnerable to the weakest link in the chain, which will be a friend we’ve given full access to who installs every third party app there is. Do you know who all your friends are, and can you trust them not to install every app they come across?
  • We’re endangering our friends’ security by installing third party apps.

For me the bigger issue is this. Facebook is already facing investigation in the UK for making it too hard to delete one’s personal data. So, if these third party apps are storing our data without our knowledge on their own computers, what happens to that data if we decide to delete our private data from our Facebook account, or our Facebook account entirely? How do we know what is deleted and what isn’t?

Exclusive: The next Facebook privacy scandal | Webware : Cool Web apps for everyone