Facebook is Dangerous

I ran into this article where Eben describes Facebook as analgous to a "man in the middle" attack that a hacker might employ to intercept apparently private communication for nefarious purposes. I think Eben's analogy is spot on: this isn't a technical hack, this is a social hack, and it amazes me how oblivious we are to the increasing damage Facebook is inflicting on our privacy and the danger it can pose to people who are deemed "criminals" wanted by law enforcement.

At the end of the article, the author Dan Tynan challenges Eben's metaphor. I disagree with Tynan, and I want to quickly respond to his points.

Dan Tynan: A true MITM attack happens without either party knowing about it. When’s the last time you used Facebook without knowing about it, or been forced to use it against your will?
Every day. Every mainstream news website, most blogs, and virtually all shopping websites have Facebook "Like" buttons which can be used to track your activity on that site even if you don't touch the "Like" button. You can't go anywhere on the internet without accessing Facebook's servers, whether or not you even have a Facebook account.

Dan Tynan: You have no control over the data the MITM attacker collects. You have some controls over what Facebook collects.
No, you have the illusion of control. Just because you can turn off what you 'share' on your account doesn't mean that Facebook isn't collecting the data and turning it over to anyone who requests it without a warrant.

Action

I think Facebook is garbage. I didn't have an account for years because of the concern I had for my (and others') privacy. The problem is that our colleagues at the law school send out invitations to events only on Facebook. If you don't have a Facebook account, you miss out on invitations to sweet parties.

One way we can start to solve this problem is by refusing to use Facebook to send out event invitations. Can the Student Senate can create a policy that their events will not be publicized on Facebook? Are there Senators in this class that can make this happen? Let's take action to reduce the utility of Facebook on our campus and make it easier for people to deactivate their accounts.

If you think that you can just deactivate your own account and everything will be fine, you are wrong: the scariest part about what Facebook is becoming is their "Photo DNA" which identifies people by pictures that are uploaded of you even if you are not tagged and even if you don't have a Facebook account. That's why it's important to get everyone to deactivate their accounts or at the very least stop uploading pictures to Facebook.

Maybe you don't care if Facebook or law enforcement can track where you are at any given moment. But if the world someday becomes a place where you do care, by then it might be too late to do anything about it.

-- HarryKhanna - 07 Feb 2012

I may be in the minority on this, but I've always felt the Facebook coverage was a bit sensationalistic. If you have privacy concerns, yes, the best move is to get off Facebook, deactivate (and try to delete) your account, and convince everyone you know to stop using it. The problem is that most of these privacy issues aren't relegated to Facebook. They permeate almost all of the web as we know it. I will concede that Facebook does a particularly (and perhaps intentionally) poor job at offering clear, easy-to-use privacy settings.

First, this is in the realm of "truth vs. accuracy," but it feels relevant to note that Photo DNA (by Microsoft) is not the same as facial recognition (which Facebook also has). Photo DNA allows Facebook to track versions of the same photo, not people. As deployed now, it finds and tracks known images of child pornography when posted on Facebook. Obviously, Facebook does have facial recognition software that raises privacy concerns - you see it every time you tag a photo and it suggests your friends for you - but I'm not aware of any evidence that it is being used for a nefarious purpose (or to aid law enforcement). It may have been, I'm just not aware of it.

Second, Facebook is hardly the only data privacy problem on the web. To free yourself of similar risks, you'd pretty much need to change the way you interact with the Internet altogether. For one, the majority of us use free hosted email (Gmail, predominantly, I'd imagine). I'd venture to guess that more private, relevant data is exchanged through email than through Facebook, especially given that most people see Gmail as a completely private place and Facebook as at least a somewhat public place. Outside of running your own email server (which isn't feasible for a sizable segment of users), there's little way to prevent email providers from doing the same things with your data that Facebook could. Even if you did, you'd still likely be emailing people who have Gmail or Yahoo mail accounts, and your data would still end up on their servers.

I'm running a bit late for school today, so I'll stop here and try to finish this this afternoon, but the general point is that getting off Facebook doesn't seem to cure any real privacy issues. Is it better? Sure. Is it a solution? Not really.

I think this analysis is largely correct, though I think, for reasons I will be discussing in my other course in coming weeks, the Facebook coverage has been anemic and uninformative in the extreme, and your relative indifference to this among other privacy problems is misplaced. Your point, however, that Facebook is merely part of a larger failure in the Net to be robust against attacks on privacy and freedom is surely correct. Hence I agree with you that solving the Facebook problem is one necessary rather than the sufficient condition for remediation of the problem overall. For my diagnosis of the problem overall, and the beginning of my working through a possible solution, see my Freedom in the Cloud.

-- SanjayMurti - 08 Feb 2012

I am joining this conversation a little late, but one of the things that I find interesting in the Facebook debate, is the lack of credit that Facebook users are given. I realize that I am probably in the minority, but I feel that I am very conscious of the fact that really nothing I put on Facebook is ever really "private" in the traditional sense (and yes I too resisted a Facebook account for years). Sanjay makes an interesting point about how far this problem stretches, but in analyzing Facebook's user implications, I also think it is important to remember why people have Facebook accounts. I know this doesn't speak to necessarily everyone, but I don't believe it would be a stretch to say that for the most part- man is a narcissist. Facebook users want people to be able to find them, look at their super cool pictures, their awesome friends, and know about that fabulous job they just landed. People want to be able to connect with others for platonic and not so platonic reasons, as well as make announcements to the world about who they are. Through lack of hindsight, they don't really want to be bothered by the details. I believe it is fair to say that a good amount of people do not mind "Facebook exposure" and are not naive to the fact that through Facebook other websites can track where they've been and create formulas to ascertain suggestions on future internet use. I think if anything, the danger occurs in the public's general lack of understanding of how deep this tracking system extends and how the information can be used against them.

I do agree with Harry's point that the world needs another option. But I think more likely what will happen is that just as some may say that Facebook took over MySpace? , there will be another tech company that takes over Facebook, rendering Facebook obsolete and still leaving us with one popular option. In Moglen's Freedom in the Cloud speech, he said, "It's not a pretty story...We haven't lost. We've just really bamboozled ourselves. And we're going to have to unbamboozle ourselves really quickly or we're going to bamboozle a bunch of innocent people who didn't know we were throwing away their privacy for them forever." I believe this quote sheds light on the importance of properly educating individuals about the extent to which their collected information is used. But at what point should we hold users accountable for performing due diligence, and at least putting in some effort to find out how their information is used?

I am not a tech wiz, and from reading Moglen's speech I was assured of how naive my understanding of the web is. Moglen's Freedom in the Cloud speech gave me an abbreviated history of how technology has gotten to the point where it is now. But more importantly, Moglen's speech left me wondering, if the extent of the problem is so vast, when will people demand more transparency? Beyond protesting against wars and violent crimes, when will people take to the streets to demand that as internet "clients" we be re-empowered?

-- AbiolaFasehun - 28 Feb 2012

In response to your question Abiola - I don’t know what it will take for people to take to the streets and demand internet re-empowerment but I think the first step is certainly being vocal. I believe one benefit of the recent SOPA debate is that it moderately raised the public awareness of the fact that we are clients of the internet. I am not a technology whiz either, but after listening to Professor Moglen talk about SOPA and ACTA in class I have started to pay more attention. Yesterday I went to the lunchtime debate re: SOPA, Protect IP, and OPEN. I know it was basically listening to the equivalent of two live advertisements alternatively for or against anti-piracy laws, but attending an event re: current events, and actually taking an active role in obtaining knowledge about a technological current event is huge for me. I don’t understand most technology and mostly it scares me how pervasive it is.

I approach most technology with the idea that one day we will turn into a form of the world described by Gary Shteyngart’s in Super Sad True Love Story. If you’ve never read the book, Shteyngart depicts a futuristic dystopia where everybody has apparatii (essentially iphones) through which they conduct all activity (social interactions, shopping, reading, playing games, listening to music, etc.). Because all human activity is conducted via these electronic instruments, large companies collect and combine the data with their marketing expertise to subversively psychologically influence America.

What scares me most about our recent discussions in class is my participation in/passive acceptance of injustice and/or the terrifying things I see and hear about the world. Thus far my approach to my fear of technological dystopia I see us heading towards, is to remain as unaware of it as possible. Aside from gmail, facebook, and the occasional Wikipedia search, I legitimately do not use the internet, and pride myself on how little I understand it. But it’s happening without me and eventually it will effect me. Even though the result of the SOPA debate was moot, its prevalence in the news, combined with the fear elicited in me via our discussions in Law in Contemporary Society sparked me to start paying attention. Going to a debate in a law school classroom is far from going to the streets, but it’s at least a step.

-- SkylarPolansky - 29 Feb 2012

Just read this article this morning and found it pretty disturbing: http://redtape.msnbc.msn.com/_news/2012/03/06/10585353-govt-agencies-colleges-demand-applicants-facebook-passwords?fb_ref=.T1YiipFoURA.like&fb_source=home_oneline

I just never was particularly concerned about the possible ramifications of having a Facebook because I always felt as though A) everyone has a Facebook and what is on mine can't be that much worse than anyone else's and B) I wouldn't want to work at or go to school at a place that did not want me based on the content on my Facebook. To me it seems that employers and schools that are demanding usernames and passwords are engaging in a very particular form of voyeurism rather than in any useful applicant vetting process.