Two-faced Facebook takes 'social' out of social networks

2/10/2012 11:58 AM EST

insightful article thank you.

2/10/2012 12:14 PM EST

I think a lot of us are jaded, when we hear about identity theft on social networks. I hear from my friends comments ranging from "Oh, Junko, you just need to be careful with the security settings," to "Get used to it, this happens all the time."

Maybe. But just a minute here.

If the social media means that we are "the people" and we are "the government," we'd better do a much better job telling Facebook that this is NOT acceptable.

Deleting my comment and my friends' comments on my wall without my permission is not kosher.

I am still waiting to hear from Facebook.

2/10/2012 12:31 PM EST

You can probably expect more of that from Facebook. I do.

2/10/2012 12:34 PM EST

By the way, I got your request for my bank account number. I'll be sending it shortly.

2/10/2012 12:38 PM EST

That is disturbing all the way around. In a real sense, there is no protection against someone deliberately impersonating you online in Facebook, nor of you knowing about it when it happens.

Once your identity is hijacked, the impostor could request information, opinion etc or even set up a "meeting" somewhere with evil intent.

On the other side of this - how do you know you are actually communicating with an actual friend and not some stalker or government agent?

Thinking further, I use gmail for email and their Google+ is integrated in as a recent Facebook competitor. (I have not used it) I can see where attaching a social network app to a pre-existing, unique email address would be much safer and less open to spoofing/impersonation by hackers. Facebook does not have this layer of verifiable account information.

Publicizing this vulnerability could put a damper on their upcoming IPO, hence maybe why they want to keep this buried by deleting references to it?

2/10/2012 1:13 PM EST

The ugly truth is that doing anything on line carries a great deal of risk in exposing personal details and potential financial loss. Merely putting your phone number in an email to someone you want to have it does not prevent it from being picked up by a data mining service somewhere. From that, skilled 'miners' can find a lot more info than you would care to have out there.

Like all tools, in the wrong hands, the internet and related online 'services' can wreck non repairable harm in our lives. And laws with any teeth in them to protect the user, or punish the wrong doers, or compensate the victims, are almost totally lacking.

This week Google has put forth a plan to pay browser users IF that user would allow Google to add some more 'tracking' software to their browser "to allow them to better serve" the user.

Coupled with the unfettered ability for anyone to publish('blog')anything about you true or not, your reputation can be totally screwed. Some companies are now offering (for $$$$) to fix your online reputation.

I once read a business plan of a proposed social network company which at least told the truth by stating in the prospectus that the user should have no reason to expect any privacy at all.

2/10/2012 1:38 PM EST

The only real way to avoid this situation is to create a way of authenticating identity. Interestingly enough, this is seen as 'Big Brother' interference in our lives, even though the net result is increased security in terms of protecting our identities. Ideally there would be verified accounts for actual people and anonymous accounts for those who want or need them (political bloggers out of China, for example) or those just trying to be incognito. This status should be clearly indicated on each account.

Larry M.

2/10/2012 4:15 PM EST

I have stopped using Facebook for any personal reasons at all. I do need to use it for work, but that is an account that shares none of my personal information.
Facebook is always changing security policies without any notice and it is up to the user to go in and reset things if you want to keep them private.
In this day and age I have absolutely no expectation of privacy. Anything you send in an email or even do can be online in an instant is someone has a cell phone at the ready.

2/10/2012 5:59 PM EST

As others have pointed out, anything you do online has risks. What makes this story newsworthy was how FB dealt with it, which strikes me as very odd. It's too bad they refused to comment on this matter.

2/10/2012 10:22 PM EST

Junko, thanks a lot for this article. Really an eye opener. I think FB should comeup with something similar to twitter which has "verified" accounts. FB can charge a nominal amount to confirm the identity of the user.

2/11/2012 9:30 AM EST

FB probably can start having advanced authentication such as face recognition.

2/11/2012 11:42 AM EST

What Facebook has demonstrated to me is that there are some services that people want to be supplied by a single source. There is only one Facebook, the competition is miniscule in comparison. Clearly people want only one social networking hub.

This single 'black hole' effect is common in human behaviour, and has another feature: the 'herd' can spontaneously abandon one fashion for another. which will happen when FB gets just enough people disappointed that they switch to the next big thing. at that point Facebook will be history, and rebranding will not help.

FB's best move is to create a 'NEW FB' and get everyone to switch, offering better, more secure etc etc. Hell they could switch everyone automatically, its only software!

Come to think of it, the competition could switch us all over from FB without asking anyway, by the sound of it!

2/13/2012 1:43 AM EST

My brother had an impersonator once too. I think nothing major happened. But I think he now uses another name just to avoid this kind of things. He's a TV artist so that's why he gets some attention, lucky for us who are not so famous and have not much to fear. Nevertheless quite interesting to read that Facebook is capable of playing "Big Brother" and tweak one's profile willingly. Yikes!

2/13/2012 1:52 AM EST

I don't like facebook, never did. Just use google +!

2/13/2012 4:36 AM EST

Junko, thanks a lot for the article, would never have suspected.

2/13/2012 7:35 AM EST

If you don't pay for a service and have a service level contract with the provider, then all you are to them is a source of revenue that they can derive from the data you put onto their site. If it is not obvious how a company makes money out of giving a free service then it is because they are selling what you gave them for free. Currently this is through focussed advertising - but is that the limit to what they can do with your data?
Does FB really need you real date of birth, and all of the other data that "prove" who you are in other contexts eg when opening a bank account?
[For that matter do you need to know what everyone you have ever met have eaten for lunch? ;) ]

2/13/2012 11:32 AM EST

The removal of the messages is both disturbing and, sadly, not terribly surprising.

I think there's a natural tendency to assume that governments and old-guard corporations can't be trusted, but new Internet companies can. Wealth, power and control are prime motivators for misdeeds in government and old companies. The people in new Internet companies are really no different and are just as likely to succumb to those temptations.

The other thing that is easy to forget is that Facebook and similar companies don't really have anything to stop them from deleting or even altering users' data because it's really not "users'" data. It pretty much belongs to FB and they have a lot of legal leeyway in what they do with it.

2/13/2012 11:49 AM EST

I personally am much more afraid of this happening on Linkedin, which would, at least for me, be much more serious.

I'm not sure if anyone has had any similar issues on Linkin.

2/13/2012 12:59 PM EST

An unknown user hacked my facebook account and was talking to my friends asking for ransom money. I was able to post on my wall that my account was hacked, and not to respond. I was also able to go into the account settings and change my password. It was surreal watching someone chatting as if they were me, and there was nothing I could do, until they logged out and the account settings were updated. I also had to refriend several folks that my hacker had unfriended, since they called him/her on the fact that it clearly wasn't me. My advice is to make your password very secure, and change it often.

2/13/2012 4:04 PM EST

The only way you can expect to protect your online data is to either run your own social network site out of your house on your own hardware with uber-secure passwords, or don't use social networks. I choose the latter. My personal information is far too valuable to me to simply give away for free to some faceless corporation to exploit with only it's own interests in mind. What people forget, is that the operator of these social network servers have complete admin access to all user account information public and "private". No thanks. I never jumped on that bandwagon. This is one of those cases where people get what they pay for.

2/13/2012 6:45 PM EST

A facebook hacker entered my account and sent porno messages to a lot of my facebook accounts- friends and professional contacts. How do you undo that damage?

2/13/2012 7:57 PM EST

FIRESHEEP

This comment is potentially troublesome, but the larger community should be aware of how vulnerable we are around open WiFi hot spots. EETimes, delete this if you think it is harmful.


A programmer has posted "free-ware" that allows anyone to instantly scan surrounding computers in an open WiFi environment and take over another user's Facebook, Twitter etc sessions with just a single click. The link below explains just how easy this is. Software install is easy too. He did it to protest websites that do not provide end-to-end session encryption (HTPPS or SSL) leaving users vulnerable. It is eye-popping. This is not a function of the browser, rather the website.

Home wireless routers with encryption enabled will be safe from this attack. I understand banks are using end-to-end encrypt.

http://codebutler.com/firesheep

E-t-E encryption puts higher processing loads on site servers, hence their reluctance to add the additional cost for consumer protection.

2/14/2012 4:03 AM EST

A simple solution: don't touch Facebook with a bargepole.

2/14/2012 12:52 PM EST

I have regretted signing up on facebook almost as soon as I did. I am now thinking of dropping it altogether and letting my friends know that I am (so as to avoid "hurt" feelings and future spoofing). If enough people dropped FB then they WOULD sit up and take notice..

2/14/2012 1:15 PM EST

My wife and kids all have farcebook. My wife's dang fancy phone is constantly tinkling.

Sometimes it pays to be a Luddite...

2/15/2012 1:19 AM EST

It is we people who have made FB or such other social networks part of our life .If we all collectively decide then such social networks will get reduced from those millions of members to may be a few thousand hackers who will keep stealing each others' identity.

For companies using Facebook to reach out to their customers this is a serious warning

2/15/2012 4:37 AM EST

I've been browsing online more than 3 hours today, yet I never found any interesting article like yours. It is pretty worth enough for me. In my view, if all web owners and bloggers made good content as you did, the internet will be much more useful than ever before.Great post, you have pointed out some good details , I also think this s a very great website.

http://www.topseolinks.com

2/17/2012 2:17 PM EST

Look at the FB business model. Who pays for all the staff, the server farms, and the exorbitant executive salaries? You do, in the form of your private data being sold to advertisers and anyone else who shells out a buck to FB (or LinkedIn, Google+, etc). You put stuff out there, it's gonna get sold to the highest bidder(s). Your hacker could have been a FB employee just jacking up the user count for their IPO.

Anything you put out on the "cloud", expect to get treated in the same way.

People ask me why I am not on FB, and I tell them. Privacy seems to be a thing of the past, both for the end user and the cloud vendors, and it takes something like this for people to wake up.

2/17/2012 2:40 PM EST

So they neglect to pull down a page someone has reported to them as being a stolen identity and remove all comments regarding the fraud, but they had no problem deleting my REAL page because I didn't want to give them my phone number? I fail to see the logic behind that.

2/19/2012 2:02 AM EST

I think George should contact Facebook and ask for his money back.
Oh.
Well, you can't really "demand" any kind of service which no one asked you to pay for. Social networking is an option, not a requirement, carries risks and should be used carefully.

2/20/2012 5:10 PM EST

@Battar - You've hit on a real key point here. We pay for our electricity, Internet service, water, gas, car, food, clothing, roads, fire protection, police and other services. We don't pay for Facebook, Google or most anything on the Internet.

Realistically, Facebook, Linkedin, Google and all of those other free site give an incredible amount of value for essentially nothing. We may have cause to be frustrated and stop using the service, but we really don't have much cause to complain to an organization that we voluntarily participate in that gives service for free.

6/14/2012 9:08 AM EDT

I recently found your blog post perfect for my best necessities. It contains terrific together with practical articles or blog posts. Maintain the job. In fact, I would really prefer that will thank you so much for creating an extremely fine web-site.
http://www.seocorporation.net/

6/20/2012 12:03 PM EDT

I honestly think that things are going to get worse since they went public. But I have to say I do agree with Duane on his commentary.

-Joseph
http://dallasmarketing.blogspot.com

9/4/2012 5:53 AM EDT

Great article. This should help protect our identities and create some security awareness.

- Hal

http://www.kalliance.com/

11/7/2012 10:48 PM EST

halo kawan

http://rumahjakarta2.blogspot.com/2012/11/obat-wasir-dan-ambeien-manjur-di.html