End-users share a wide variety of information on Facebook, but a discussion of the privacy implications of doing so has yet to emerge. We examined how Facebook affects privacy, and found serious flaws in the system. Privacy on Facebook is undermined by three principal factors: users disclose too much, Facebook does not take adequate steps to protect user privacy, and third parties are actively seeking out end-user information using Facebook.
Undercover Feds on Social Networking Sites Raise Questions
Undercover Feds on Social Networking Sites Raise Questions
The next time someone tries to “friend” you on Facebook, it may turn out to be an undercover fed looking to examine your private messages and photos, or surveil your friends and family. The Electronic Frontier Foundation has obtained an internal Justice Department document that describes what law enforcement is doing on social networking sites.
The 33-page document shows that law enforcement agents from local police to the FBI and Secret Service have been logging on to MySpace and other sites undercover to communicate with suspects, read private postings and view photos and videos that are restricted to a user’s friends.
The document also describes techniques for verifying alibis — such as checking messages posted by a suspect on Twitter disclosing his whereabouts at the time a crime was committed — and uncovering information that might point to illegal activity, such as photos depicting a suspect with expensive jewelry, a new car or even a weapon.
The document says evidence from social networking sites can:
· Reveal personal communications
· Establish motives and personal relationships
· Provide location information
· Prove and disprove alibis
· Establish crime or criminal enterprise
The investigative techniques were part of a slide presentation titled “Obtaining and Using Evidence from Social Networking Sites” given last year by John Lynch, deputy chief of the Justice Department’s Computer Crime and Intellectual Property division to describe how valuable social networking sites can be to give law enforcement access to non-public information. The cops can also map social relationships and networks, among other things. The document does not include guidance or cautionary notes on how to conduct an investigation responsibly using these services, though it acknowledges the problematic nature of using an assumed identity to open an account with a social networking site.
Clickjacking
Certain malicious websites contain code that can make your browser take action without your knowledge or consent this malicious affecting Facebook and made the users feel uncomfortable. Clicking on a link on one of these websites might cause the website to be posted to your Facebook profile without your permission.
Spammy Wall Posts, Inbox Messages, and Chat Messages
When criminals gain access to a Facebook account, they usually post spammy comments on friends’ Walls, or send spammy messages through Inbox or Chat. These messages ask you to click on a link and often try to entice you by claiming there’s a new photo or video of you somewhere on the Internet that you need to check out.
The link then takes you to a phishing site that asks you to enter your login information, or a malware site that prompts you to download malicious software. This is another threat affecting Facebook, hackers always want to steal people profiles so they use different type of tricks and malicious software to access people accounts.
Money Transfer Scams
Scammers sometimes post status updates, or send Inbox or Chat messages, from a friend’s account claiming that the friend is in some difficult situation and in need of money. These messages ask you to help by wiring funds through a money transfer service. Never send money without first verifying the story through some other means, such as by talking to the person over the phone.
Password Interception
The fact that the username and password were sent in clear text is a security vulnerability. An adversary could read Facebook user names and passwords of the Ethernet or unencrypted wireless traffic, obtaining access to users' Facebook passwords, as well as any additional accounts they use those passwords for. Because of the ethical and legal implications of doing so, we did not attempt to steal passwords. It should be noted, however, that MIT cited password theft as a real problem when they maintained telnet servers that had login data sent as clear text. The University of New Mexico cited this as the main reason they chose to disable Facebook access from their network. Because many users use their university email passwords as their Facebook passwords, UNM views Facebook as a security liability for their network.
Lack of User Control of Information
Other users can upload and associate information to one's Facebook account. The most prominent feature of this type is the “My Photos" feature, which allows users to upload photos and tag them with the names of the people in the pictures. This functionality has already resulted in trouble for an underage student at University of Missouri-Columbia when college administrators found a picture of her duct-taped to a chair while another student poured beer in her mouth. This was a matter of considerable embarrassment as she had just been elected student body vice president. The university is currently considering removing her from that role.
The 33-page document shows that law enforcement agents from local police to the FBI and Secret Service have been logging on to MySpace and other sites undercover to communicate with suspects, read private postings and view photos and videos that are restricted to a user’s friends.
The document also describes techniques for verifying alibis — such as checking messages posted by a suspect on Twitter disclosing his whereabouts at the time a crime was committed — and uncovering information that might point to illegal activity, such as photos depicting a suspect with expensive jewelry, a new car or even a weapon.
The document says evidence from social networking sites can:
· Reveal personal communications
· Establish motives and personal relationships
· Provide location information
· Prove and disprove alibis
· Establish crime or criminal enterprise
The investigative techniques were part of a slide presentation titled “Obtaining and Using Evidence from Social Networking Sites” given last year by John Lynch, deputy chief of the Justice Department’s Computer Crime and Intellectual Property division to describe how valuable social networking sites can be to give law enforcement access to non-public information. The cops can also map social relationships and networks, among other things. The document does not include guidance or cautionary notes on how to conduct an investigation responsibly using these services, though it acknowledges the problematic nature of using an assumed identity to open an account with a social networking site.
Clickjacking
Certain malicious websites contain code that can make your browser take action without your knowledge or consent this malicious affecting Facebook and made the users feel uncomfortable. Clicking on a link on one of these websites might cause the website to be posted to your Facebook profile without your permission.
Spammy Wall Posts, Inbox Messages, and Chat Messages
When criminals gain access to a Facebook account, they usually post spammy comments on friends’ Walls, or send spammy messages through Inbox or Chat. These messages ask you to click on a link and often try to entice you by claiming there’s a new photo or video of you somewhere on the Internet that you need to check out.
The link then takes you to a phishing site that asks you to enter your login information, or a malware site that prompts you to download malicious software. This is another threat affecting Facebook, hackers always want to steal people profiles so they use different type of tricks and malicious software to access people accounts.
Money Transfer Scams
Scammers sometimes post status updates, or send Inbox or Chat messages, from a friend’s account claiming that the friend is in some difficult situation and in need of money. These messages ask you to help by wiring funds through a money transfer service. Never send money without first verifying the story through some other means, such as by talking to the person over the phone.
Password Interception
The fact that the username and password were sent in clear text is a security vulnerability. An adversary could read Facebook user names and passwords of the Ethernet or unencrypted wireless traffic, obtaining access to users' Facebook passwords, as well as any additional accounts they use those passwords for. Because of the ethical and legal implications of doing so, we did not attempt to steal passwords. It should be noted, however, that MIT cited password theft as a real problem when they maintained telnet servers that had login data sent as clear text. The University of New Mexico cited this as the main reason they chose to disable Facebook access from their network. Because many users use their university email passwords as their Facebook passwords, UNM views Facebook as a security liability for their network.
Lack of User Control of Information
Other users can upload and associate information to one's Facebook account. The most prominent feature of this type is the “My Photos" feature, which allows users to upload photos and tag them with the names of the people in the pictures. This functionality has already resulted in trouble for an underage student at University of Missouri-Columbia when college administrators found a picture of her duct-taped to a chair while another student poured beer in her mouth. This was a matter of considerable embarrassment as she had just been elected student body vice president. The university is currently considering removing her from that role.
that's true
ReplyDeletei agree that in facebook you can't keep your privacy safe and far away from other people