In less than ten years, Facebook has transformed--for better or for worse--the way that the entire world interfaces with one another. For many, it has become the prime forum for social participation. Critics of Facebook point to the narcissistic exhibitionism which it promotes, but the internet site has also provided communities, groups, activists, and individuals with a virtual nexus.

Increased connectivity, by way of Facebook, has not come without a cost. As we meander, linger, and troll through the internet, our choices transform into pieces of data which characterize our virtual counterparts. This data can then be used by companies attempting to sell us products, and in some cases, by law enforcement officials attempting to peer into our lives. This post, started by HarryKhanna, examines some of the risks of Facebook as it currently operates and discusses our own complicity with regards to those risks.

Facebook is Dangerous

In an article for IT World Magazine, Eben describes Facebook as analagous to a "man in the middle" attack that a hacker might employ to intercept apparently private communication for nefarious purposes. I think Eben's analogy is spot on: facebook is not a technical hack, it is a social hack. We, as a society, are oblivious to the increasing damage Facebook is inflicting on our privacy and the danger it can pose to people who are deemed "criminals" wanted by law enforcement

Every mainstream news website, most blogs, and virtually all shopping websites have Facebook "Like" buttons which can be used to track your activity on that site even if you don't touch the "Like" button. You can't go anywhere on the internet without accessing Facebook's servers, whether or not you even have a Facebook account. Some people believe that they can control the data gathered about there internet use, but instead they have more of an illusion of control. Just because it is possible to turn off what one 'shares' on your account doesn't mean that Facebook isn't collecting the data and turning it over to anyone who requests it without a warrant.

How Does Facebook Collection Differ From Other Internet Uses

It's not about what you place on the internet. It's about where you go, what you look at, how long you look at it. What one intentionally places on the internet is trivial compared to information on the profiles that person has looked at, the photos someone has spent the most time on and the people that were tagged in them.

Two major differences between the methods used by other internet platforms and Facebook: 1) the lack of ability for ISPs to inspect the content of transmissions on a large scale, and 2) your ability to protect yourself with SSL encryption.

First, by default, your ISP only tracks and logs the address (location) of everyone's transmissions, not the content of those transmissions. It can track the content but it is difficult for an ISP to do that on a large scale since it involves processor-intensive packet-sniffing. If your ISP was targeting you specifically, I have no doubt they could discover the content of your transmissions, unless you encrypted them (discussed shortly). But it is simply not realistic for an ISP to eavesdrop on the content of everyone's internet usage simultaneously. Facebook does not have this limitation. It does not need to resort to packet sniffing since you are accessing it's domain and it can easily match the location of your transmission to the content. It knows that www.facebook.com/profile=1234420 is Kieran's profile since it designed the URL matching scheme. It knows how long you spent on Kieran's page since the asynchronous Javascript on the page is in constant communication with Facebook's servers. Your ISP does not have these shortcuts and must inspect the content of every packet you send to get a meaningful idea of what you're doing on the internet. It can do it, but it cannot do it for everyone at once. Therein lies the danger of Facebook: it can record all this information about everyone at once, and it does.

Second, when you access your bank or, say, Gmail, your communication is encrypted through something called SSL. That means it is mathematically very, very difficult for an ISP to snoop on your communication to discover what you are doing on that website. It knows roughly what domains you're accessing (e.g. bankofamerica.com) but it cannot decrypt the content that's been sent to your browser. It cannot discover your bank balance, since the information is garbled by encryption until reaches your web browser on your computer, outside the eyes of the ISP. Again, Facebook has no such limitation. It should be obvious why: it is not a third party relaying information like your ISP is, it is actually the server you're communicating with. It knows what it's sending you, even if it encrypts it before sending it.

Examples of the Disturbing Uses of Facebook

Elvira pointed to an article which highlights the disturbing uses of facebook. She made the point that employers and schools that are demanding usernames and passwords are engaging in a very particular form of voyeurism rather than in any useful applicant vetting process.

Rumbi also highlighted another troubling use of Facebook: a geolocation app that allows users to map the presence of prospective paramours with publicly available facebook profiles.

Kieran noted an article that shows the ways in which Facebook provides data to police investigators. Facebook handed over lists with lists of the suspect's friends, IP logins, photos, tags, and messages. Given that facebook won't acknowledge how many subpoenas they've responded too, we have no way of knowing how often domestic law enforcement or other less savory entities are pouring through our social data.

All of these articles illustrate the ways in which data collected through facebook can be used in ways that is not consistent with users' desires and not anticipated by them when they choose to sign up for Facebook.

The Dangers of Facebook Reflect Broader Internet Hazards

The problem is that most of these privacy issues aren't relegated to Facebook. They permeate almost all of the web as we know it. To free ourselves of similar risks, we may need to change the way you interact with the Internet altogether. For one, the majority of us use free hosted email (Gmail, predominantly, I'd imagine). It is likely that more private, relevant data is exchanged through email than through Facebook, especially given that most people see Gmail as a completely private place and Facebook as at least a somewhat public place. That being said, the pervasive nature of internet spying supports an argument for greater public outcry and stronger attempts to limit companies' use of our online information, not less of either.

What Can Users Do?

"Maybe you don't care if Facebook or law enforcement can track where you are at any given moment. But if the world someday becomes a place where you do care, by then it might be too late to do anything about it." Harry's ominous warning should not be ignored. To some degree, facebook users are not oblivious as to how their internet use is monitored. It is possible that a good amount of people do not mind "Facebook exposure" and are not naive to the fact that through Facebook other websites can track where they've been and create formulas to ascertain suggestions on future internet use. But perhaps the danger occurs in the public's general lack of how the information can be used against them. In Moglen's Freedom in the Cloud speech, he discusses the flaws in the networks we use, but remarks that all is not lost, "It's not a pretty story...We haven't lost. We've just really bamboozled ourselves. And we're going to have to unbamboozle ourselves really quickly or we're going to bamboozle a bunch of innocent people who didn't know we were throwing away their privacy for them forever." Moglen's speech served as a brief education on how information on the web is collected and can serve as a cautionary tale for educating individuals about the extent to which their collected information is used. If the extent of the problem is so vast, when will we reach the point to where people demand more transparency? At what point should we hold users accountable for performing due diligence, and putting in some effort to find out how their information is used?

It is necessary that we lift the veil on the ways that we use technology and how it can be used against us. Skylar noted that the recent SOPA debates helped to catalyze discussions around internet freedom. Lectures on these topics and other ones related to internet rights are good first steps towards understanding our online lives. If we educate ourselves, we can better advocate for ourselves. Harry also suggested that we can make attempts to use alternative corridors for information sharing. At the very least, we should remember that we have options.

-- HarryKhanna, SanjayMurti, AbiolaFasehun, SkylarPolansky, ElviraKras, RumbidzaiMaweni, KieranCoe, TomaLivshiz

P.s. I tried to edit and consolidate this post as Eben has suggested that we do. If you feel that I have mischaracterized a point in a way that has upset you or consolidated the post in an ineffective manner, I apologize and please feel free to modify it!

This is a wonderful synthesis, Toma, thank you for doing it!