×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Tunisian Gov't Spies On Facebook; Does the US?

timothy posted more than 3 years ago | from the bet-you-a-few-lire dept.

Facebook 221

jfruhlinger writes "Tunisians logging into Facebook encountered extra JavaScript, probably a sign of their repressive government's attempt to spy on them. The question is: does the US government do the same thing, just more subtly? We're not talking about agents friending you on Facebook to get more information about you; we're talking monitoring your supposedly private information behind the scenes."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

221 comments

Of course not! (5, Funny)

Anonymous Coward | more than 3 years ago | (#34843624)

Amendment IV - The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Re:Of course not! (1)

LordLimecat (1103839) | more than 3 years ago | (#34843740)

Checking facebook is neither an unreasonable search nor a seizure. It is publicly available information.

Re:Of course not! (1)

LordLimecat (1103839) | more than 3 years ago | (#34843752)

Whoops, didnt RTFS, disregard that

Re:Of course not! (1)

Professr3 (670356) | more than 3 years ago | (#34843810)

Too late, it's on now...

Re:Of course not! (1)

davester666 (731373) | more than 3 years ago | (#34844636)

Given that the server's are physically located within the US, odd's are that if you are at all interesting to the US gov't, they have direct, live, real-time updates on all information you, and probably also your 'friends', put on Facebook.

Same with every other service in the US.

Re:Of course not! (1)

davester666 (731373) | more than 3 years ago | (#34844670)

And since you are an enemy combatant [defined as a terrorist not wearing the uniform of any military service], no warrant was required.

Re:Of course not! (2)

LearnToSpell (694184) | more than 3 years ago | (#34844708)

Given that the 'server's are phy'sically located within the U'S, odd's are that if you are at all intere'sting to the U'S gov't, they have direct, live, real-time update's on all information you, and probably al'so your 'friend's', put on Facebook. 'Same with every other 'service in the U'S.

FTFY. [angryflower.com]

Re:Of course not! (1)

Kitkoan (1719118) | more than 3 years ago | (#34843848)

But facebook isn't any of these you listed. Facebook is a server owned and operated by someone other then yourself. Just because you gave them your secret information doesnt mean they'll keep it private. So far I'd believe only Twitter keeps this information quiet, and not Facebook what with all the current matter going on with the US government wanting access to those private messages sent that might involve WikiLeaks information. We havent heard Facebook making any comments against any requests and its unlikely the US government would have ignored such private comments on Facebook and only wanted the private messages on Twitter.

Re:Of course not! (0)

Anonymous Coward | more than 3 years ago | (#34843982)

Sure, sure... I love that amendment! But remember, the current administration is continuing most of the same "war against terror" policies that the previous administration did. And recall that those guys pressured telcoms to illegally turn over information on Americans, even though they had a law requiring a little paperwork and practically no oversight that would have gotten them the information anyway!
 
Assume your government is spying on any given activity. It's unlikely they're watching YOU, but they won't hesitate, so pray they don't take an interest in you, Mr. Tuttle, er, Buttle.

except when i have panties on your head (0)

Anonymous Coward | more than 3 years ago | (#34844112)

then i can spy

Re:Of course not! (2)

Opportunist (166417) | more than 3 years ago | (#34844278)

Constiwhatnow? Oh c'mon, that server's been hacked years ago. Root password is waronterror, in case you want to know.

Re:Of course not! (0)

Anonymous Coward | more than 3 years ago | (#34844480)

Amendment IV - The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Which part applies to Facebook accounts?

Tell that to... (4, Insightful)

KingSkippus (799657) | more than 3 years ago | (#34844498)

Tell that to the guy who has his cell phone rummaged through [slashdot.org] without a warrant. And tell it to the the guy who has a GPS tracker attached to his car [slashdot.org] without a warrant. Tell it to the guy who has his computer searched, with anything found being prosecutable [slashdot.org] , whether it was what the warrant specified or not. Tell it to the people whose cars (and possibly even persons) have been subjected to airport "naked body" scanners from vans on the street [slashdot.org] without--you guessed it--a warrant. Tell it to the people whose Internet information is handed over [slashdot.org] to the government willy-nilly without any kind of warrant. Tell it to the guy whose cell phone signal is geo-located [slashdot.org] without a warrant. Tell it to 94 baseball players [slashdot.org] whose drug results that were obtained without a warrant.

The list goes on and on. The Fourth Amendment is a joke today. I know it, the government knows it, and apparently you didn't get the memo. It's at the point where we need to pass a new amendment that basically says, "Goddammit, we mean it." Realistically, it's probably never going to change because too many people stupidly think that 1) if you're innocent you shouldn't have anything to hide, and 2) it could never happen to them.

Re:Of course not! (1)

RobertM1968 (951074) | more than 3 years ago | (#34844520)

Amendment IV - The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Besides the fact that it probably doesn't quite apply to FB, I thought that the 4th was repealed in the last ten or so years... sure seems like it at times. ;-)

Maybe (2)

Alarindris (1253418) | more than 3 years ago | (#34843638)

Are they? Who knows?

Can they? No doubt.

Alternate Headline (1)

Kagura (843695) | more than 3 years ago | (#34843750)

Alternate Headline: Tunisian Gov't Spies on Facebook; Does Spain?

Sigh...

Re:Maybe (4, Interesting)

AHuxley (892839) | more than 3 years ago | (#34843832)

http://en.wikipedia.org/wiki/Operation_Mockingbird [wikipedia.org] version 2.0 would be their game.
To shape, fake, twist, bait and id any and all that have exposed their operations in the past or might sway larger groups of people.
The real skill is to twist or change any statement of past fact or a projected path.
Also a good place just to watch what gets traction and what was never picked up by the herd.
In other parts of the world, getting a friend with the security emblem can send a clear and final message. The FBI would be looking for a way in to 'groom' a group for domestic press exposure.
Anyone into peace/anti war protests would be very fair game.
As twitter showed, they now seek the ip's, in US courts. The subtly aspect of past direct 'news' forming is now more a chilling 'we can find you' anytime.

Re:Maybe (1)

siddesu (698447) | more than 3 years ago | (#34844222)

Of course they aren't. They don't need to -- they get the data wholesale on request, just as they did from the telephone carriers when it were necessary.

Quite likely the US does... (1)

LongearedBat (1665481) | more than 3 years ago | (#34844460)

...whether by use of page scripts or by data mining: http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=10456534&pnum=0 [nzherald.co.nz]

If the link is right, then the CIA probably has direct access to the Facebook database.
If worked for the CIA and had direct access to the Facebook database, then I would prefer to mine the database, because page scripts can be found by users and can fail for a variety of reasons.

supposedly private information ? (5, Insightful)

icebike (68054) | more than 3 years ago | (#34843656)

Clue:

If it were private, your information wouldn't be on facebook in the first place.

Have you been off planet for the last year or two?

Re:supposedly private information ? (3, Insightful)

wizardforce (1005805) | more than 3 years ago | (#34844180)

You give all of your private information to goohle if you use Gmail too but that doesn't mean that it's ok for the government to go fishing there either.

Re:supposedly private information ? (0)

Anonymous Coward | more than 3 years ago | (#34844344)

Its already known that there is a US Gov backdoor in gmail. Maybe that wasn't a good example? Or maybe it was a perfect one.

Re:supposedly private information ? (0)

hedwards (940851) | more than 3 years ago | (#34844672)

Yes, but you don't generally give your information to Google for Gmail in order for them to spread it all over the place. You give it to them for the purposes of sending email and receiving ads. None of that implies that the information is public or to be given to the government.

With Facebook, it's a bit like leaving the information on your front lawn

Re:supposedly private information ? (4, Interesting)

Urza9814 (883915) | more than 3 years ago | (#34844424)

Why is that at all relevant?

What I say when I'm on the phone with my friends isn't private, but I still don't want the government snooping on all those calls. What I do while I'm out in public isn't private, but I don't want a cop following me every time I step out the door. The fact that it isn't private (and there are plenty of ways to communicate privately in facebook BTW,) doesn't mean it's OK for the government to secretly monitor everything you do there.

Re:supposedly private information ? (-1)

Anonymous Coward | more than 3 years ago | (#34844440)

Why yes, I have!

Hi, I'm Glornat from Beta-6 Nespy. I'm here doing a corrolary study on information sharing and intelligence and have found some VERY interesting data just after the 3 hours of observation. Would anyone like to see my early findings?

Let's think about this... (1)

relikx (1266746) | more than 3 years ago | (#34843658)

War is Peace, Freedom is Slavery, Ignorance is Strength - yeah that sounds about right.

https://www.facebook.com (1)

badboy_tw2002 (524611) | more than 3 years ago | (#34843666)

Any reason why the secure site wouldn't work for this?

Re:https://www.facebook.com (1)

Darkness404 (1287218) | more than 3 years ago | (#34843702)

I don't think so.

Already, in-depth information is surfacing on how the hacks were committed. It appears that the Agence tunisienne d'Internet, a government agency which supervises all of Tunisia's ISPs, or someone with access to the agency committed them. Tunisian ISPs are running a Java script that siphons off login credentials from users of Facebook, Yahoo and Gmail.

I think what they are doing is injecting extra scripts into the Facebook login which compromises the site and then sends the password to a different site.

When you can't trust your ISP and that the site you are connecting to is genuine, I don't think HTTPS works that well.

Re:https://www.facebook.com (3, Informative)

Anonymous Coward | more than 3 years ago | (#34843782)

Not true. HTTPS works quite well against a rouge ISP. Where it fails is with a rogue Certificate Authority willing to sign bogus certificates. If you can get a CA to sign your bogus certificate, then you can execute a main-in-the-middle attack against HTTPS.

Re:https://www.facebook.com (1)

icebike (68054) | more than 3 years ago | (#34843834)

Google has long recommended https for gmail for precisely this reason. If you sign in from a web secure page, you should be fairly safe. All the injected scripts should be caught.

Man in the middle with a bogus certificate? I donno. Spoze its possible. (Does anyone really sign Google's certificates?).

But Tunisia hardly seems the technological hotbed of the mid east.

Re:https://www.facebook.com (1)

SanityInAnarchy (655584) | more than 3 years ago | (#34844098)

Does anyone really sign Google's certificates?

You'd know if they didn't. I don't know about other browsers, but Firefox and Chrome both throw up a giant red page warning you that someone might be listening whenever it encounters an unsigned certificate.

And as far as I know, Google isn't a CA.

Re:https://www.facebook.com (2)

TheLink (130905) | more than 3 years ago | (#34844300)

Firefox and Chrome both throw up a giant red page warning you that someone might be listening whenever it encounters an unsigned certificate.

But they don't give any warnings if say the www.citibank.com certificate turns out to be signed by CNNIC (a chinese CA), or any other CA installed in your browser, or signed by sub-CA certs that are signed by any CA in your browser!

So all the Tunisian gov would have to do is get a CA to sign some certs for them, or get them to sign a sub CA cert for them - so that they can sign any cert with that[1]

To handle this scenario you either have to rely on third party plugins like certificate patrol, or manually check the certificates every time without error (good luck with that).

[1] http://groups.google.com/group/mozilla.dev.security.policy/browse_thread/thread/7ba51ca49de0f6cf/82ae68bc8d4292f8 [google.com]

Re:https://www.facebook.com (1)

Galactic Dominator (944134) | more than 3 years ago | (#34844290)

(Does anyone really sign Google's certificates?).

On a massive public site, an unsigned certificate wouldn't be very comforting to the masses right?
The CA for mail.google.com is:
Thawte Consulting (Pty) Ltd.

Re:https://www.facebook.com (1)

mrsurb (1484303) | more than 3 years ago | (#34844302)

But Tunisia hardly seems the technological hotbed of the mid east.

They'll be glad to hear that, seeing as they're in North Africa.

Re:https://www.facebook.com (0)

Anonymous Coward | more than 3 years ago | (#34844598)

The applicable term when I was studying mideast/african relations was SWANA-- Southwest Asia/Northern Africa. It's all part of the same sandbox. Pun intended.

OK, so https is not secure (2)

poppopret (1740742) | more than 3 years ago | (#34843978)

Most countries more-or-less run a certificate authority that every browser is willing to trust. Look at the list some time, bearing in mind that businesses and universities often do government work. Worse yet, some that you see in the list have delegated their authority. China has at least **two** that they can use. (see previous Slashdot story, including comments)

Re:https://www.facebook.com (1)

ToasterMonkey (467067) | more than 3 years ago | (#34844500)

Not true. HTTPS works quite well against a rouge ISP. Where it fails is with a rogue Certificate Authority willing to sign bogus certificates. If you can get a CA to sign your bogus certificate, then you can execute a main-in-the-middle attack against HTTPS.

So the problem is software/hardware vendors not vetting out which CA's they make their wares trust.
Or you for trusting the list of CAs some software vendor gives away for free.

Re:https://www.facebook.com (0)

Anonymous Coward | more than 3 years ago | (#34844692)

Not quite, it works against a good number of problems, but any time that they can replace the initial session with their session and forward that to the site, they can get your information. It's one of the shortcomings of HSTS [wikipedia.org] at the moment.

Re:https://www.facebook.com (1)

Burdell (228580) | more than 3 years ago | (#34843844)

Your ISP can't interfere with SSL connections without causing browser errors (because the cert won't match). They might have been able to back in the days when many users used a CD from their ISP to set up their computer; the ISP could slip an extra CA cert into the browser config. A government may be able to strong-arm a recognized certificate authority to sign a fake cert, which would allow them to pretend to be www.facebook.com (and they could distribute that cert to participating ISPs).

Re:https://www.facebook.com (2)

TheLink (130905) | more than 3 years ago | (#34844332)

Strong arm? Why? Just $$$ will do: http://groups.google.com/group/mozilla.dev.security.policy/browse_thread/thread/7ba51ca49de0f6cf/82ae68bc8d4292f8

Re:https://www.facebook.com (2)

v1 (525388) | more than 3 years ago | (#34843872)

I don't think so. ...
When you can't trust your ISP and that the site you are connecting to is genuine, I don't think HTTPS works that well.

HTTPS sessions are verified by their SSL certificate, issued by a certificate authority. An ISP cannot tamper with traffic sent via HTTPS, and as long as its also encrypted (almost always) it can't read the traffic. (it CAN however see who you are talking with)

This here is a case of the ISP directing users to a different IP address (via faked DNS responses pointing to their spoofing server) and spoofing the login screen, and skimming the passwords. This would not be possible if the user was using HTTPS to connect to the server. Almost all HTTPS-capable web sites automatically forward HTTP requests to their HTTPS url immediately. Facebook does not. This places their users at risk.

Of course the auto forward itself is a weakness, if the user is used to using the non HTTPS url, they may type it in that way, in which case no HTTPS is ever started, and the skim can take place. Arguably the best thing for an HTTPS-capable site to do when someone tries an HTTP url is to pop up a page saying "type THIS instead" and do NOT offer an easy click-to-go-there. Make the user type it themselves. Make them get used to typing H-T-T-P-S. Make sure the only bookmarks they make that will ever work are HTTPS URLs. If you let the user be lazy, they'll get used to it and won't behave securely by default, and that can get them phished or skimmed. Too many users think that if the icon to the left of the url is a gold padlock they're secure, you need to train them to do things the right way, and not accept insecure initiations of traffic.

Re:https://www.facebook.com (1)

hedwards (940851) | more than 3 years ago | (#34844700)

Indeed, and worse is that at this time HSTS doesn't solve that problem as you have to visit the site in order to have the request made. I'd expect MS, Firefox et al., to be including a list at some point in the foreseeable future of at least the most common HSTS sites.

echelon (5, Insightful)

cluthu (470987) | more than 3 years ago | (#34843670)

It should be assumed that any information you post on a system that doesn't belong to you (and even some that do...) is being peered at by someone that wants to put their nose where it doesn't belong.

We used to live in a society where a comment like 'Oh, but why would they look at you if you're unimportant?' would have been valid, but with the ever-encroaching nemesis of data mining and algorithmic analysis making itself part of our daily lives you have to assume that, at any moment, every transaction you make is being scrutinized.

Re:echelon (-1)

Anonymous Coward | more than 3 years ago | (#34843728)

If you are not committing crimes or trying to overthrow the government, this should not matter to you.

And if you are committing crimes and/or trying to overthrow the government, you shouldn't be advertising it on Facebook.

Re:echelon (2)

cluthu (470987) | more than 3 years ago | (#34843836)

I'm not committing a crime at the moment, but who knows what will *become* a crime in the future? And at that point, just think about how useful all this logged data will be.

The best part is that in our media-washed modern society, you wouldn't even need to be accused of a crime. Some bit of data you once thought private can be aired and you'll face the prison of public opinion and hearsay.

Re:echelon (2)

gordguide (307383) | more than 3 years ago | (#34843802)

Absolutely correct. The thing is we now collect and store far more information than any human powered system can possibly use, so it's not perfectly correct to say every transaction is being scrutinized, but when said human decides to look for an individual's internet-derived data ... there it is.

implying (0)

Anonymous Coward | more than 3 years ago | (#34843680)

>implying they don't already have a RAT on your computer.

Intercepts at Telcos (0)

Anonymous Coward | more than 3 years ago | (#34843690)

What do you think the warrentless NSA spying is for?

It captures all traffic that flows to facebook's servers...and more.

Heh, (4, Insightful)

Ethanol-fueled (1125189) | more than 3 years ago | (#34843696)

The Headline:

Your Rights Online: Tunisian Gov't Spies On Facebook; Does the US?

Silly submitter, the government doesn't spy on Facebook, the government uses Facebook to spy on you. Now that the typical Slashdot pedantry is outta the way, isn't the whole point of Facebook to spy on people anyway?

Re:Heh, (1)

Anonymous Coward | more than 3 years ago | (#34843784)

the government doesn't spy on Facebook, the government uses Facebook to spy on you.

I thought that was only in Soviet Russia...?

Does it matter? (3, Insightful)

gordguide (307383) | more than 3 years ago | (#34843734)

I'm not sure whether any Government, or perhaps every Government, is monitoring or "spying", if you will, on citizens and non-citizens alike. But I am sure that you are a fool if you think they cannot, or if not them, then someone. Aggregation of personal information is the real purpose of the internet, just because it took 20 years for everyone to figure that out doesn't make it any less real, or inevitable. Take care of what you post, and where, and assume it can all be on CNN tomorrow morning. it's that simple.

Re:Does it matter? (2)

Elbereth (58257) | more than 3 years ago | (#34843856)

Well, if you wanted to, you could set up a social networking site for paranoid conspiracy theorists, which encrypts all information entered. Then, even the site itself would be incapable of spying or harvesting your information. Of course, that would necessitate some onerous passphrase being passed around to every single person on your white list. But for the privacy conscious out there, I'm sure they'd put up with it. If you trust the site itself, then I suppose you could get rid of the passphrase. Of course, there are probably better ways of doing this sort of thing, but I'm not terribly interested in cryptography (too much math for my lazy brain). Hmm. There's also browser add-ons and/or extensions that you could make use of, which could be an interesting way to involve an already existent PGP public and private key.

Too bad there's no real market for an idea like this, because I bet privacy advocates would pay a subscription fee.

Probably (1)

gamrillen (1972402) | more than 3 years ago | (#34843770)

They probably are, however, I doubt it's as invasive as we think it is. The amount of staff that would be needed to sift through the volumes of data collected by traffic monitoring is massive. They probably look for certain keywords or phrases and follow the patterns of "hits" generated by those phrases to see what kinds of things are trending. Sort of like listening to radio chatter. Does it suck? Yes. Is there anything we can reasonably do about it? No. Does it bother me? Yes. Am I going to stop using the Internet? Fat chance.

Really? (1)

poorbot (1569987) | more than 3 years ago | (#34843774)

Should we really be surprised? I think its better to just consider everything on facebook public from the get-go.

Re:Really? (2)

jc42 (318812) | more than 3 years ago | (#34843930)

Or more generally, anything you send to anyone on the Internet that isn't encrypted should be considered public. Your ISP is almost certainly mining it for commercial (e.g., advertising) purposes, and is probably also looking for keywords that your government is interested in. Anyone along the route that the packets take is capable of intercepting your packets and doing whatever they like with them.

One of the long-standing bits of advice from the security people is that nothing except end-to-end encryption is secure. The Internet (actually its predecessor the ARPAnet) was designed with this in mind. The low-level networking stuff doesn't much do "security", because they knew back in the 1960s that this was pointless. You can't ever trust any of the owners of the "tubes". Your only defense, if you don't want your packets forwarded to your worst enemies, has always been end-to end encryption. Everything else should always be considered public.

FUD for pageviews (2)

WiglyWorm (1139035) | more than 3 years ago | (#34843788)

And slashdot bought it, hook, line, and sinker.

Re:FUD for pageviews (1)

Elbereth (58257) | more than 3 years ago | (#34843898)

You mean that my children might still live, even if I don't watch the special newscast tonight?

Re:FUD for pageviews (1)

black3d (1648913) | more than 3 years ago | (#34844176)

Heh.. I saw an ad for a TV program on last week, and part of the description was "and the tips you literally cannot live without!"

I missed the show, yet am still alive. I think the presenter may have been slightly over-zealous with his usage of the term "literally".

On Topic: Indeed, it is FUD as it's a non-issue in the first place, even if the government does "spy" on Facebook, it's not spying as you've given the information to a third party - namely, a third party with one of the most awful privacy records around. Once that information is freely given to a third party, it's no longer "private". Labels such as "private" on the website are simply to indicate the status of access to that information by other USERS, not any indication of what the company themselves, or anyone they choose to share the information with, does with that information.

I propose that as part of the widely-geek-proposed "internet drivers license", one of the questions should be:
Q. What does "private" mean in relation to data posted to a third-party website?
1. Private! Only myself and whomever I choose to share the information with can see it.
2. Mostly private. Only myself and the company owning the service can see the information.
3. Private, subject to subpoena. Only myself, the company, and any legal subpoenas submitted by courts to access my information can see it.
4. Public. Anyone whom the website wishes to share it with can see my data. Frequently, other users can manipulate the address line to view my "private" data.

The correct answer is 4.

Re:FUD for pageviews (0)

Anonymous Coward | more than 3 years ago | (#34844542)

The tits "I literally cannot live without" is upstairs on the phone with her Mom again. Looks like several more hours of /.ing for me..

Big Files (2)

b4upoo (166390) | more than 3 years ago | (#34843808)

I had a position that may have involved technology that was a little sensitive for several years. At one point a disgruntled employee burglarized the personnel files and spread information around about various people. As it turned out the investigation of employees went back quite a few years and some of the compiled information had to be garnered from neighbors long since passed away. I know that postal employees are sometimes asked about people on their route but apparently at least in some cases there are very large sums of data that go back for several decades kept and available. I can only imagine our government having the time or interest to do such a search of people's backgrounds. I have never had even a misdemeanor and can not fathom why such files were kept on me. I was not in the military at any time. Apparently some employers must feed the government information about their employees or perhaps even their customers.
            As I had nothing in particular to hide I found the incident upsetting but not to the degree that I sought to file suit against the firm involved. But I'm not so sure how free people are when the government can compile information to that degree upon its citizens. I am also assuming it was the government that did the leg work. It is quite possible that other entities do the compilations. In some areas the police kept or keep "yellow sheets". They do it indirectly through a benevolent fund or some other straw man so that they can deny in court that they have such information. Often when a crime takes place they seem to know exactly where to go to snag the culprits. They also really do know about certain machinists that would have special abilities useful in committing certain crimes such as machining a weapon from scratch or the ability to cut through safes due to work in armaments. These days certain areas of electronics might draw a great deal of governmental attention.

Here's your answer (5, Funny)

sajuuk (1371145) | more than 3 years ago | (#34843870)

Do mammals of the family Ursidae deposit fecal matter in areas of arboreal vegitation?

Re:Here's your answer (1)

Anonymous Coward | more than 3 years ago | (#34844054)

Too much Latin - I think he meant to say "Does the Pope shit in the woods? And if he did, would anyone hear it?"

Re:Here's your answer (1)

blind monkey 3 (773904) | more than 3 years ago | (#34844544)

Do mammals of the family Ursidae deposit fecal matter in areas of arboreal vegitation?
Too much Latin - I think he meant to say "Does the Pope shit in the woods? And if he did, would anyone hear it?"
I didn't know the pope was a bear - I'll have to keep an eye out for him at the next gay pride march.....

So turn javascript off (4, Informative)

jc42 (318812) | more than 3 years ago | (#34843874)

There's a reason that almost all browsers have controls to enable/disable java and/or javascript. Programmers who have used these languages normally understand why you don't want your browser to automatically execute code downloaded from strangers, and browse with "scripting" disabled. Maybe we can teach others to do the same. If you tell us here which browser(s) you use, we can probably tell you where the controls are to turn off the execution of outside code. If you browser doesn't allow this, you should probably use a different browser.

Some browsers, such as firefox, have the ability to enable/disable scripting selectively for specific sites. Those browsers are much safer than the others.

(And to the geeks here: Yes, I know you know all that. I'm talking to the large part of the population who don't seem to know it. This obviously includes whoever wrote TFA. ;-)

Re:So turn javascript off (1)

SanityInAnarchy (655584) | more than 3 years ago | (#34844282)

Programmers who have used these languages normally understand why you don't want your browser to automatically execute code downloaded from strangers,

Actually, I understand why I not only want to do so, but I would much rather do so in a browser than in a plugin, or manually in a native executable. I also want to tell others to do so, so that when I design something which requires it, I know it'll work.

Very rarely do we see a true design flaw in JavaScript. Much more often are security holes, but these can also affect pure HTML, CSS, external plugins, etc.

Re:So turn javascript off (2)

cortesoft (1150075) | more than 3 years ago | (#34844576)

Facebook won't even let you view their site with javascript off (you can try for yourself if you like). They will tell you to enable javascript, or you can use their mobile site (which does not have the same functionality).

You aren't going to get Facebook users to turn off javascript.

In this case, what the actual problem is is that the users weren't using SSL. The ISP was injecting javascript directly into the HTTP response.... this can't happen if you are using SSL (properly).

Facebook doesn't default to https; you have to explicitly decide to use SSL. Most users don't know enough to know to use SSL, so a better campaign than trying to get people to turn off javascript (which will hinder the user experience) is to get them to only use sites that are https (which will have no negative effect for the user).

In fact, your solution to only allow javascript for certain sites would NOT fix this problem.... users would naturally turn on javascript for facebook, and since the ISPs were directly injecting the javascript into the HTTP response, the javascript was running under the facebook domain.

Come on.... (3, Insightful)

santax (1541065) | more than 3 years ago | (#34843888)

the US is the biggest spy in this age and has been for since wo2. Off course they fuck us. This question is truly naive. Hell, this one would be the one question that proofs that: 'there are no dumb questions' is just wrong. There are dumb questions. This is one.

Re:Come on.... (0)

Anonymous Coward | more than 3 years ago | (#34844320)

lol yeah sure, the US is the big bad guy, we're out to get all you benevolent savages. get a fucking clue tool.

Re:Come on.... (1)

phantomfive (622387) | more than 3 years ago | (#34844346)

the US is the biggest spy in this age and has been for since wo2.

Only the biggest because they have the most resources. And even that, certainly not the best. (of course we are talking about western governments here; not the communists who had a rather amazing spy program).

Re:Come on.... (1)

AHuxley (892839) | more than 3 years ago | (#34844710)

The communists who had a rather amazing spy program, but it did not save them.
After a while people wake up and just dont care. They understand they are on file, know the person next to them at a protest is an informant.
They can see the cameras at a funeral of a loved one who died in police custody/prison.
They turn out to protest, side by side, face the uniforms in public and the plain clothes in the shadows of their doorway.
Where the US wins at this point is the herd is kept so happy, distracted, poor, rich, safe, dumb ect. that they have no urge to become political.
But splits are forming. GCHQ kept itself well hidden, out of courts (some spy trials over the decades) and mostly out of books.
The NSA was very effective and did the same. The change is the NSA is now very public ie with google, the massive new Utah Data Center, the fusion centers in most states. Great PR boondoggle for the NSA or someone wanted a massive new effort for internal issues.

Re:Come on.... (0)

Anonymous Coward | more than 3 years ago | (#34844352)

Normally I am not a grammar nazi, but DAMN dude...

Re:Come on.... (0)

Anonymous Coward | more than 3 years ago | (#34844484)

you know, you keep spouting this anti-us rhetoric. all that you are accomplishing is to torn the moderates into anti-every one else.

My two tinfoil cents. (2)

segagman (1234136) | more than 3 years ago | (#34843988)

Ok just google "facebook intelQ" or "google intelQ" for that matter and be prepared to concider moving to Montana to can your own food. If you think you have anonimity on the dubsubsub your a fool. And if you think you have it on facebook you were droped on you head... twice.

Re:My two tinfoil cents. (0)

Anonymous Coward | more than 3 years ago | (#34844378)

You were OBVIOUSLY dropped on your head... twice. Learn to spell.

They would be stupid not to (0)

Anonymous Coward | more than 3 years ago | (#34844002)

Both sides (intelligence community and big technology companies) have too much to gain from one another that they would be stupid not to. Considering that both sectors employee some of the more intelligent people in the country I would say: "Hells yeah, they do".

Don't Care (1)

Goboxer (1821502) | more than 3 years ago | (#34844006)

If I didn't want the government to know it, I sure as hell would not post it on facebook. It would probably be more secure if I posted a notice on my front door with the information.

Re:Don't Care (0)

Anonymous Coward | more than 3 years ago | (#34844366)

If I didn't want the government to know it, I sure as hell would not post it on facebook. It would probably be more secure if I posted a notice on my front door with the information.

It's not just about what you post; it is the network of relationships that is useful to modern intel, likely more so than one person's postings. Somebody you want goes underground before you can get to him/her? A good starting point is a list of friends, knowledge of web surfing habits, and/or an address book from a cell phone (since activity is datable via phone co. records).

No. (0)

ewhenn (647989) | more than 3 years ago | (#34844066)

No, they don't, because I don't use that steaming pile of shit facebook, or any other social media sites. I'm not that narcissistic.

OF course they do, silly (1)

smylingsam (312959) | more than 3 years ago | (#34844070)

um, like, duh. Or said another way, the various covert agencies would be criminally negligent not to be indexing and using social media as resources. The only real question is weather or not they can non public face book data and being a tad paranoid I assume they can.

My thoughts on anonymity (2)

yuhong (1378501) | more than 3 years ago | (#34844084)

I try to post non-anonymously using my real name whatever possible, partly because ultimately I want the problems fixed. (Look at the polls I submitted for example) But I know in the real world that isn't always possible.

Supposedly Private? (4, Informative)

Wrath0fb0b (302444) | more than 3 years ago | (#34844144)

We're talking monitoring your supposedly private information behind the scenes

Well, here's the thing about US law (for better or worse, I'm just explaining it as I understand how it actually operates) is that there is no constitutional reasonable expectation of privacy in Facebook stuff, since my assumption you have already shared it with others (if only Facebook Inc). This is called "the third party doctrine", since it covers only information that an individual has voluntarily disclosed some third (non-government) entity. See, e.g. United States v. Miller (1976):

The Fourth Amendment does not prohibit the obtaining of information
revealed to a third party and conveyed by him to Government authorities,
even if the information is revealed on the assumption that it will be used
only for a limited purpose and the confidence placed in the third party will
not be betrayed.

The long and short of this is that the act of transmitting to Facebook establishes that you have no REP in whatever you transmit. A lot of ink has been spilled in debating the doctrine, both legally and normatively but that's past the scope of this post so I'll just point you to an article criticizing [lexisnexis.com] the doctrine and one defending [michiganlawreview.org] it. Both contain excellent overviews of the law and the surrounding doctrinal argument.

More interestingly, however, Congress stepped in to provide even more protection than the Court when it passed the Stored Communications Act [wikipedia.org] that provides an intermediate level of scrutiny past the normal scrutiny that attaches to any criminal subpoena[1]. In the SCA, Congress requires the government to prove "specific and articulable facts" that the information is relevant and material to a criminal investigation. That would be the standard applicable to a subpoena to Facebook.

Of course, if Facebook wanted to disclose information voluntarily, that would be well covered by the Third Party Doctrine (as it exists) except to the extent prohibited by the Facebook TOS.

[1] That would be, approximately, 'reasonable possibility that the materials sought will produce information relevant to the investigation'. See, e.g. United States v. R. Enterprises (1991) and FRCP 17.

[2] 18 U.S.C. 2703(d) [cornell.edu] .

do you dress up in drag and play the skin flute? (0)

Anonymous Coward | more than 3 years ago | (#34844324)

my javascript penis fits nicely in the java vagina

Does the US? (0)

Anonymous Coward | more than 3 years ago | (#34844362)

Why is the question specifically "Does the US?" instead of, do other governments?

How to block spying... (1)

incubbus13 (1631009) | more than 3 years ago | (#34844452)

I hear if you put tin foil over the top of your monitor, they can't spy on you any more...the intertoobs come through there and the spy satelites can't see through the tin foil.

K.

Private? (0)

ugen (93902) | more than 3 years ago | (#34844468)

I didn't know the definition of "private" has changed to "something you posted on a remote web site you do not control that exists for the specific purpose of sharing information with friends and strangers". That's some wicked "private".
In other news - slashdot trolling hits a new low.

The same thing? (4, Insightful)

russotto (537200) | more than 3 years ago | (#34844608)

Of course not. The US government isn't going to go through the trouble of having ISPs insert malicious Javascript, when they can just send a few agents over to Facebook (and/or the ISPs) and set up a tap sending all data directly to the NSA instead. A lot more reliable and less detectable by the victim.

Yakima data center (5, Interesting)

Anonymous Coward | more than 3 years ago | (#34844678)

The Yakima NSA listening post has been under expansion for years. Google hid work on the center by removing the huge dirt piles from their history in ~2005 A fire inspector leaked that the center was over 40 stories underground, this is before the expansion. The complaint from the Yakima tribe about dirt dumped on their land has also been deleted,
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...