Facebook is Dangerous

I ran into this article where Eben describes Facebook as analgous to a "man in the middle" attack that a hacker might employ to intercept apparently private communication for nefarious purposes. I think Eben's analogy is spot on: this isn't a technical hack, this is a social hack, and it amazes me how oblivious we are to the increasing damage Facebook is inflicting on our privacy and the danger it can pose to people who are deemed "criminals" wanted by law enforcement.

At the end of the article, the author Dan Tynan challenges Eben's metaphor. I disagree with Tynan, and I want to quickly respond to his points.

Dan Tynan: A true MITM attack happens without either party knowing about it. When’s the last time you used Facebook without knowing about it, or been forced to use it against your will?
Every day. Every mainstream news website, most blogs, and virtually all shopping websites have Facebook "Like" buttons which can be used to track your activity on that site even if you don't touch the "Like" button. You can't go anywhere on the internet without accessing Facebook's servers, whether or not you even have a Facebook account.

Dan Tynan: You have no control over the data the MITM attacker collects. You have some controls over what Facebook collects.
No, you have the illusion of control. Just because you can turn off what you 'share' on your account doesn't mean that Facebook isn't collecting the data and turning it over to anyone who requests it without a warrant.

Action

I think Facebook is garbage. I didn't have an account for years because of the concern I had for my (and others') privacy. The problem is that our colleagues at the law school send out invitations to events only on Facebook. If you don't have a Facebook account, you miss out on invitations to sweet parties.

One way we can start to solve this problem is by refusing to use Facebook to send out event invitations. Can the Student Senate can create a policy that their events will not be publicized on Facebook? Are there Senators in this class that can make this happen? Let's take action to reduce the utility of Facebook on our campus and make it easier for people to deactivate their accounts.

If you think that you can just deactivate your own account and everything will be fine, you are wrong: the scariest part about what Facebook is becoming is their "Photo DNA" which identifies people by pictures that are uploaded of you even if you are not tagged and even if you don't have a Facebook account. That's why it's important to get everyone to deactivate their accounts or at the very least stop uploading pictures to Facebook.

Maybe you don't care if Facebook or law enforcement can track where you are at any given moment. But if the world someday becomes a place where you do care, by then it might be too late to do anything about it.

-- HarryKhanna - 07 Feb 2012

I may be in the minority on this, but I've always felt the Facebook coverage was a bit sensationalistic. If you have privacy concerns, yes, the best move is to get off Facebook, deactivate (and try to delete) your account, and convince everyone you know to stop using it. The problem is that most of these privacy issues aren't relegated to Facebook. They permeate almost all of the web as we know it. I will concede that Facebook does a particularly (and perhaps intentionally) poor job at offering clear, easy-to-use privacy settings.

First, this is in the realm of "truth vs. accuracy," but it feels relevant to note that Photo DNA (by Microsoft) is not the same as facial recognition (which Facebook also has). Photo DNA allows Facebook to track versions of the same photo, not people. As deployed now, it finds and tracks known images of child pornography when posted on Facebook. Obviously, Facebook does have facial recognition software that raises privacy concerns - you see it every time you tag a photo and it suggests your friends for you - but I'm not aware of any evidence that it is being used for a nefarious purpose (or to aid law enforcement). It may have been, I'm just not aware of it.

Second, Facebook is hardly the only data privacy problem on the web. To free yourself of similar risks, you'd pretty much need to change the way you interact with the Internet altogether. For one, the majority of us use free hosted email (Gmail, predominantly, I'd imagine). I'd venture to guess that more private, relevant data is exchanged through email than through Facebook, especially given that most people see Gmail as a completely private place and Facebook as at least a somewhat public place. Outside of running your own email server (which isn't feasible for a sizable segment of users), there's little way to prevent email providers from doing the same things with your data that Facebook could. Even if you did, you'd still likely be emailing people who have Gmail or Yahoo mail accounts, and your data would still end up on their servers.

I'm running a bit late for school today, so I'll stop here and try to finish this this afternoon, but the general point is that getting off Facebook doesn't seem to cure any real privacy issues. Is it better? Sure. Is it a solution? Not really.

I think this analysis is largely correct, though I think, for reasons I will be discussing in my other course in coming weeks, the Facebook coverage has been anemic and uninformative in the extreme, and your relative indifference to this among other privacy problems is misplaced. Your point, however, that Facebook is merely part of a larger failure in the Net to be robust against attacks on privacy and freedom is surely correct. Hence I agree with you that solving the Facebook problem is one necessary rather than the sufficient condition for remediation of the problem overall. For my diagnosis of the problem overall, and the beginning of my working through a possible solution, see my Freedom in the Cloud.

-- SanjayMurti - 08 Feb 2012

I am joining this conversation a little late, but one of the things that I find interesting in the Facebook debate, is the lack of credit that Facebook users are given. I realize that I am probably in the minority, but I feel that I am very conscious of the fact that really nothing I put on Facebook is ever really "private" in the traditional sense (and yes I too resisted a Facebook account for years). Sanjay makes an interesting point about how far this problem stretches, but in analyzing Facebook's user implications, I also think it is important to remember why people have Facebook accounts. I know this doesn't speak to necessarily everyone, but Facebook users want people to be able to find them, look at their pictures, their friends, and know about that fabulous job they just landed. People want to be able to connect with others for platonic and not so platonic reasons, as well as make announcements to the world about who they are. Perhaps due to lack of hindsight, people don't really want to be bothered by the details. I believe it is fair to say that a good amount of people do not mind "Facebook exposure" and are not naive to the fact that through Facebook other websites can track where they've been and create formulas to ascertain suggestions on future internet use. Perhaps the danger occurs in the public's general lack of how the information can be used against them.

I do agree with Harry's point that America needs another option. But just as Facebook could be viewed as having taken over MySpace? , there will be another tech company that takes over Facebook, rendering Facebook obsolete and still leaving the public with one popular option. In Moglen's Freedom in the Cloud speech, he discusses the flaws in the networks we use, but remarks that all is not lost, "It's not a pretty story...We haven't lost. We've just really bamboozled ourselves. And we're going to have to unbamboozle ourselves really quickly or we're going to bamboozle a bunch of innocent people who didn't know we were throwing away their privacy for them forever." Moglen's speech served as a brief education on how information on the web is collected and can serve as a cautionary tale for educating individuals about the extent to which their collected information is used. If the extent of the problem is so vast, when will we reach the point to where people demand more transparency? At what point should we hold users accountable for performing due diligence, and putting in some effort to find out how their information is used?

-- AbiolaFasehun - 28 Feb 2012

In response to your question Abiola - I don’t know what it will take for people to take to the streets and demand internet re-empowerment but I think the first step is certainly being vocal. I believe one benefit of the recent SOPA debate is that it moderately raised the public awareness of the fact that we are clients of the internet. I am not a technology whiz either, but after listening to Professor Moglen talk about SOPA and ACTA in class I have started to pay more attention. Yesterday I went to the lunchtime debate re: SOPA, Protect IP, and OPEN. I know it was basically listening to the equivalent of two live advertisements alternatively for or against anti-piracy laws, but attending an event re: current events, and actually taking an active role in obtaining knowledge about a technological current event is huge for me. I don’t understand most technology and mostly it scares me how pervasive it is.

I approach most technology with the idea that one day we will turn into a form of the world described by Gary Shteyngart’s in Super Sad True Love Story. If you’ve never read the book, Shteyngart depicts a futuristic dystopia where everybody has apparatii (essentially iphones) through which they conduct all activity (social interactions, shopping, reading, playing games, listening to music, etc.). Because all human activity is conducted via these electronic instruments, large companies collect and combine the data with their marketing expertise to subversively psychologically influence America.

What scares me most about our recent discussions in class is my participation in/passive acceptance of injustice and/or the terrifying things I see and hear about the world. Thus far my approach to my fear of technological dystopia I see us heading towards, is to remain as unaware of it as possible. Aside from gmail, facebook, and the occasional Wikipedia search, I legitimately do not use the internet, and pride myself on how little I understand it. But it’s happening without me and eventually it will effect me. Even though the result of the SOPA debate was moot, its prevalence in the news, combined with the fear elicited in me via our discussions in Law in Contemporary Society sparked me to start paying attention. Going to a debate in a law school classroom is far from going to the streets, but it’s at least a step.

-- SkylarPolansky - 29 Feb 2012

Just read this article this morning and found it pretty disturbing: http://redtape.msnbc.msn.com/_news/2012/03/06/10585353-govt-agencies-colleges-demand-applicants-facebook-passwords?fb_ref=.T1YiipFoURA.like&fb_source=home_oneline

I just never was particularly concerned about the possible ramifications of having a Facebook because I always felt as thoufgh A) everyone has a Facebook and what is on mine can't be that much worse than anyone else's and B) I wouldn't want to work at or go to school at a place that did not want me based on the content on my Facebook. To me it seems that employers and schools that are demanding usernames and passwords are engaging in a very particular form of voyeurism rather than in any useful applicant vetting process.

---

Skylar, I edited out the question you referred to in your post, but for those following along the question asked if people will ever take to the streets to demand that as internet "clients" we have a right to re-empowered as to how our information is used. I was interested in the idea of people taking action, in any form, to demand changes in the way their information is being used. I think that by attending the SOPA lunch time discussion you were taking a step in the right direction. I too have been inspired to attempt to better understand the way the internet works and will be taking a one day workshop on web development and coding during spring break.

Elvira, this article is shocking and went well beyond my knowledge of how future employers and schools can use Facebook to collect information. A lawyer quoted in the article, Bradley Shear, made an interesting analogy to the privacy infringement actions of future employers and schools, Shear said, "A good analogy for this [future employers and schools demanding access to Facebook accounts], in the offline world, would it be acceptable for schools to require athletes to bug their off-campus apartments? Does a school have a right to know who all your friends are?"

On the other hand, the article also noted that when Maryland's Department of Corrections forced applicants to surrender their user names and passwords during an interview, that out of 2,689 applicants, they identified 7 applicants whose social media applications had pictures of gang signs, and subsequently did not hire these individuals. Is there ever an appropriate time for agencies and schools to demand that individuals share their social media information, prior to being found in violation of any crime or policy? Forcing 2,689 individuals to surrender their privacy so that 7 alleged gang affiliates can be weeded out, seems a hefty price to pay.