| | |
|
FacebookIsDangerous 15 - 08 Apr 2012 - Main.HarryKhanna
|
| |
| META TOPICPARENT | name="LawContempSoc" |
|---|
Facebook is Dangerous
I ran into this article where Eben describes Facebook as analgous to a "man in the middle" attack that a hacker might employ to intercept apparently private communication for nefarious purposes. I think Eben's analogy is spot on: this isn't a technical hack, this is a social hack, and it amazes me how oblivious we are to the increasing damage Facebook is inflicting on our privacy and the danger it can pose to people who are deemed "criminals" wanted by law enforcement. | | | People keep getting this wrong. It's not about what you place on the internet. It's about where you go, what you look at, how long you look at it. What you intentionally place on the internet is trivial compared to information on the profiles you looked at, the photos you spent the most time on and the people that were tagged in them. | |
<
< | Obviously, I acknowledge the critical importance of metadata, but could you please help me understand how the metadata that social media sites collect is meaningfully different and potentially more pernicious than that which is already collected about people through other means? Hasn't my ISP (Columbia, Comcast, AOL, Compuserve, or even Prodigy) been able to track all of my online behavior since before my middle school friends were using their parent's dialup connection to download Metallica's greatest hits from Napster and potentially spending a few minutes considering whether to download Wierd Al's coolest jams on the side? | >
> | Obviously, I acknowledge the critical importance of metadata, but could you please help me understand how the metadata that social media sites collect is meaningfully different and potentially more pernicious than that which is already collected about people through other means? Hasn't my ISP (Columbia, Comcast, AOL, Compuserve, or even Prodigy) been able to track all of my online behavior since before my middle school friends were using their parent's dialup connection to download Metallica's greatest hits from Napster and potentially spending a few minutes considering whether to download Wierd Al's coolest jams on the side?
| | | | |
<
< | That's the real interesting information that is being collected about you, not the fact that you listed Twilight as your favorite movie. | >
> | Two major differences: 1) the lack of ability for ISPs to inspect the content of transmissions on a large scale, and 2) your ability to protect yourself with SSL encryption.
First, by default, your ISP only tracks and logs the address (location) of everyone's transmissions, not the content of those transmissions. It can track the content but it is difficult for an ISP to do that on a large scale since it involves processor-intensive packet-sniffing. If your ISP was targeting you specifically, I have no doubt they could discover the content of your transmissions, unless you encrypted them (discussed shortly). But it is simply not realistic for an ISP to eavesdrop on the content of everyone's internet usage simultaneously. Facebook does not have this limitation. It does not need to resort to packet sniffing since you are accessing it's domain and it can easily match the location of your transmission to the content. It knows that www.facebook.com/profile=1234420 is Kieran's profile since it designed the URL matching scheme. It knows how long you spent on Kieran's page since the asynchronous Javascript on the page is in constant communication with Facebook's servers. Your ISP does not have these shortcuts and must inspect the content of every packet you send to get a meaningful idea of what you're doing on the internet. It can do it, but it cannot do it for everyone at once. Therein lies the danger of Facebook: it can record all this information about everyone at once, and it does.
Second, when you access your bank or, say, Gmail, your communication is encrypted through something called SSL. That means it is mathematically very, very difficult for an ISP to snoop on your communication to discover what you are doing on that website. It knows roughly what domains you're accessing (e.g. bankofamerica.com) but it cannot decrypt the content that's been sent to your browser. It cannot discover your bank balance, since the information is garbled by encryption until reaches your web browser on your computer, outside the eyes of the ISP. Again, Facebook has no such limitation. It should be obvious why: it is not a third party relaying information like your ISP is, it is actually the server you're communicating with. It knows what it's sending you, even if it encrypts it before sending it.
| | | Nevertheless, I was still shocked by the vast scale of information provided in this social-media subpoena that the Boston Police Department delivered to Facebook in the course of their investigation of the "Craigslist Killer." Facebook handed over lists with lists of the suspect's friends, IP logins, photos, tags, and messages. Given that facebook won't acknowledge how many subpoenas they've responded too, we have no way of knowing how often domestic law enforcement or other less savory entities are pouring through our social data.
Source: |
|
|
|
|
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
|
|
| | |