I think a lot of us are jaded, when we hear about identity theft on social networks. I hear from my friends comments ranging from "Oh, Junko, you just need to be careful with the security settings," to "Get used to it, this happens all the time."
Maybe. But just a minute here.
If the social media means that we are "the people" and we are "the government," we'd better do a much better job telling Facebook that this is NOT acceptable.
Deleting my comment and my friends' comments on my wall without my permission is not kosher.
I am still waiting to hear from Facebook.
That is disturbing all the way around. In a real sense, there is no protection against someone deliberately impersonating you online in Facebook, nor of you knowing about it when it happens.
Once your identity is hijacked, the impostor could request information, opinion etc or even set up a "meeting" somewhere with evil intent.
On the other side of this - how do you know you are actually communicating with an actual friend and not some stalker or government agent?
Thinking further, I use gmail for email and their Google+ is integrated in as a recent Facebook competitor. (I have not used it) I can see where attaching a social network app to a pre-existing, unique email address would be much safer and less open to spoofing/impersonation by hackers. Facebook does not have this layer of verifiable account information.
Publicizing this vulnerability could put a damper on their upcoming IPO, hence maybe why they want to keep this buried by deleting references to it?
Very true. When I first received a message from George Haber on this incident via Facebook, I was suspicious. I checked, double-checked his Facebook page; sent an e-mail; but I wasn't still sure that I am talking to the right George Haber; I sent a Linked-In message; etc. and finally talked to him in person -- good old way -- via voice. It was a good thing I knew his voice.
The ugly truth is that doing anything on line carries a great deal of risk in exposing personal details and potential financial loss. Merely putting your phone number in an email to someone you want to have it does not prevent it from being picked up by a data mining service somewhere. From that, skilled 'miners' can find a lot more info than you would care to have out there.
Like all tools, in the wrong hands, the internet and related online 'services' can wreck non repairable harm in our lives. And laws with any teeth in them to protect the user, or punish the wrong doers, or compensate the victims, are almost totally lacking.
This week Google has put forth a plan to pay browser users IF that user would allow Google to add some more 'tracking' software to their browser "to allow them to better serve" the user.
Coupled with the unfettered ability for anyone to publish('blog')anything about you true or not, your reputation can be totally screwed. Some companies are now offering (for $$$$) to fix your online reputation.
I once read a business plan of a proposed social network company which at least told the truth by stating in the prospectus that the user should have no reason to expect any privacy at all.
Your last paragraph says it all.
The guys who are developing social networks are operating under the assumption that "the user should have no reason to expect any privacy at all."
We should be all reminded of it; and I wish the social network companies would say it outright. Just like surgeon general's warning on smoking.
The only real way to avoid this situation is to create a way of authenticating identity. Interestingly enough, this is seen as 'Big Brother' interference in our lives, even though the net result is increased security in terms of protecting our identities. Ideally there would be verified accounts for actual people and anonymous accounts for those who want or need them (political bloggers out of China, for example) or those just trying to be incognito. This status should be clearly indicated on each account.
I have stopped using Facebook for any personal reasons at all. I do need to use it for work, but that is an account that shares none of my personal information.
Facebook is always changing security policies without any notice and it is up to the user to go in and reset things if you want to keep them private.
In this day and age I have absolutely no expectation of privacy. Anything you send in an email or even do can be online in an instant is someone has a cell phone at the ready.
Whatever regarding how to attract an individual's vision place there has to be on your behalf on this subject webpage. Check it out together with and that you will get most of you must fully understand.
As others have pointed out, anything you do online has risks. What makes this story newsworthy was how FB dealt with it, which strikes me as very odd. It's too bad they refused to comment on this matter.
You are absolutely right, Frank.
We all understand that there are security risks on a lot of sites. We even understand someone could impersonate us on Facebook.
What separates an excellent company from others is how the company deals with it. Let's hope that the pending IPO would help Facebook act more responsibly and maturely.
Junko, thanks a lot for this article. Really an eye opener. I think FB should comeup with something similar to twitter which has "verified" accounts. FB can charge a nominal amount to confirm the identity of the user.
What Facebook has demonstrated to me is that there are some services that people want to be supplied by a single source. There is only one Facebook, the competition is miniscule in comparison. Clearly people want only one social networking hub.
This single 'black hole' effect is common in human behaviour, and has another feature: the 'herd' can spontaneously abandon one fashion for another. which will happen when FB gets just enough people disappointed that they switch to the next big thing. at that point Facebook will be history, and rebranding will not help.
FB's best move is to create a 'NEW FB' and get everyone to switch, offering better, more secure etc etc. Hell they could switch everyone automatically, its only software!
Come to think of it, the competition could switch us all over from FB without asking anyway, by the sound of it!
My brother had an impersonator once too. I think nothing major happened. But I think he now uses another name just to avoid this kind of things. He's a TV artist so that's why he gets some attention, lucky for us who are not so famous and have not much to fear. Nevertheless quite interesting to read that Facebook is capable of playing "Big Brother" and tweak one's profile willingly. Yikes!
I think we all know that any entity that stores a lot of personal information about individuals -- like Facebook does -- is totally capable of play a "Big Brother" role.
The question is how much trust and faith we put in them, assuming that they would "do the right thing."
Clearly, in this case, Facebook failed to live up to our expectations.
Thanks, resistion. When a company with power thinks that they can get away with such a practice as "erasing" what people said about the company on a "social" network site, I think they went too far.
After all, Facebook is "a social network," and if the social network giant can't take the heat on the social playground they have created, there is nothing "social" about Facebook.
If you don't pay for a service and have a service level contract with the provider, then all you are to them is a source of revenue that they can derive from the data you put onto their site. If it is not obvious how a company makes money out of giving a free service then it is because they are selling what you gave them for free. Currently this is through focussed advertising - but is that the limit to what they can do with your data?
Does FB really need you real date of birth, and all of the other data that "prove" who you are in other contexts eg when opening a bank account?
[For that matter do you need to know what everyone you have ever met have eaten for lunch? ;) ]
The removal of the messages is both disturbing and, sadly, not terribly surprising.
I think there's a natural tendency to assume that governments and old-guard corporations can't be trusted, but new Internet companies can. Wealth, power and control are prime motivators for misdeeds in government and old companies. The people in new Internet companies are really no different and are just as likely to succumb to those temptations.
The other thing that is easy to forget is that Facebook and similar companies don't really have anything to stop them from deleting or even altering users' data because it's really not "users'" data. It pretty much belongs to FB and they have a lot of legal leeyway in what they do with it.
An unknown user hacked my facebook account and was talking to my friends asking for ransom money. I was able to post on my wall that my account was hacked, and not to respond. I was also able to go into the account settings and change my password. It was surreal watching someone chatting as if they were me, and there was nothing I could do, until they logged out and the account settings were updated. I also had to refriend several folks that my hacker had unfriended, since they called him/her on the fact that it clearly wasn't me. My advice is to make your password very secure, and change it often.
If I may ask, do you have any idea how long did this fake person existed on Facebook pretending like you?
And since you had noticed it and notified that to Facebook, how long did it take for Facebook to take down the fake account?
The only way you can expect to protect your online data is to either run your own social network site out of your house on your own hardware with uber-secure passwords, or don't use social networks. I choose the latter. My personal information is far too valuable to me to simply give away for free to some faceless corporation to exploit with only it's own interests in mind. What people forget, is that the operator of these social network servers have complete admin access to all user account information public and "private". No thanks. I never jumped on that bandwagon. This is one of those cases where people get what they pay for.
That had happened to me too three or four years ago.
No, you can't undo it.
I remember that I received a ton of e-mails from my friends that my facebook page got hacked -- at 9:30p.m. That's when it hit me that my friends are NOT watching TV but they are reading FB pages!
This comment is potentially troublesome, but the larger community should be aware of how vulnerable we are around open WiFi hot spots. EETimes, delete this if you think it is harmful.
A programmer has posted "free-ware" that allows anyone to instantly scan surrounding computers in an open WiFi environment and take over another user's Facebook, Twitter etc sessions with just a single click. The link below explains just how easy this is. Software install is easy too. He did it to protest websites that do not provide end-to-end session encryption (HTPPS or SSL) leaving users vulnerable. It is eye-popping. This is not a function of the browser, rather the website.
Home wireless routers with encryption enabled will be safe from this attack. I understand banks are using end-to-end encrypt.
E-t-E encryption puts higher processing loads on site servers, hence their reluctance to add the additional cost for consumer protection.
I have regretted signing up on facebook almost as soon as I did. I am now thinking of dropping it altogether and letting my friends know that I am (so as to avoid "hurt" feelings and future spoofing). If enough people dropped FB then they WOULD sit up and take notice..
It is we people who have made FB or such other social networks part of our life .If we all collectively decide then such social networks will get reduced from those millions of members to may be a few thousand hackers who will keep stealing each others' identity.
For companies using Facebook to reach out to their customers this is a serious warning
I've been browsing online more than 3 hours today, yet I never found any interesting article like yours. It is pretty worth enough for me. In my view, if all web owners and bloggers made good content as you did, the internet will be much more useful than ever before.Great post, you have pointed out some good details , I also think this s a very great website.
Look at the FB business model. Who pays for all the staff, the server farms, and the exorbitant executive salaries? You do, in the form of your private data being sold to advertisers and anyone else who shells out a buck to FB (or LinkedIn, Google+, etc). You put stuff out there, it's gonna get sold to the highest bidder(s). Your hacker could have been a FB employee just jacking up the user count for their IPO.
Anything you put out on the "cloud", expect to get treated in the same way.
People ask me why I am not on FB, and I tell them. Privacy seems to be a thing of the past, both for the end user and the cloud vendors, and it takes something like this for people to wake up.
Anybody who is stupid enough to put all their private details on one page and blindly believe that corporate facebook has their best interests in mind is an idiot and a fool.
Facebook is looking to ultimately profit and the only way they can do that is to sell your data to advertisers & marketers. By giving them your information freely, you are endorsing them to use/sell your information as they see fit. Don't blame facebook for your security woes, you are your own worst enemy.
So they neglect to pull down a page someone has reported to them as being a stolen identity and remove all comments regarding the fraud, but they had no problem deleting my REAL page because I didn't want to give them my phone number? I fail to see the logic behind that.
I failed to mention I received a notification when I attempted to log in that I had to provide a phone numer for them to call or text for verification. I refused to enter the information, so within a week my page had disappeared.
I think George should contact Facebook and ask for his money back.
Well, you can't really "demand" any kind of service which no one asked you to pay for. Social networking is an option, not a requirement, carries risks and should be used carefully.
@Battar - You've hit on a real key point here. We pay for our electricity, Internet service, water, gas, car, food, clothing, roads, fire protection, police and other services. We don't pay for Facebook, Google or most anything on the Internet.
Realistically, Facebook, Linkedin, Google and all of those other free site give an incredible amount of value for essentially nothing. We may have cause to be frustrated and stop using the service, but we really don't have much cause to complain to an organization that we voluntarily participate in that gives service for free.
I recently found your blog post perfect for my best necessities. It contains terrific together with practical articles or blog posts. Maintain the job. In fact, I would really prefer that will thank you so much for creating an extremely fine web-site.
A Book For All Reasons Bernard Cole1 Comment Robert Oshana's recent book "Software Engineering for Embedded Systems (Newnes/Elsevier)," written and edited with Mark Kraeling, is a 'book for all reasons.' At almost 1,200 pages, it ...