Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Is Algeria Deleting Facebook Accounts?

timothy posted more than 3 years ago | from the yo-mark-got-a-minute? dept.

Facebook 217

belmolis writes "Algeria is reported to be shutting down ISPs and deleting Facebook accounts in an effort to prevent anti-government protests from escalating as they did in Egypt. Is it likely that they are deleting FB accounts? Unless Facebook is cooperating, this would either require hacking FB to obtain administrator privileges or cracking the password of each account they wish to delete."

cancel ×

217 comments

Sorry! There are no comments related to the filter you selected.

Unencrypted cookie auths (4, Interesting)

jroysdon (201893) | more than 3 years ago | (#35190288)

The problem is that you may send your username and password over HTTPS, each page after that you send your auth cookie over plain ol' unencrypted HTTP. Someone is capturing those auth cookies and using them to send delete commands to Facebook (no doubt after capturing all of the info and friends).

Use HTTPS Everywhere [eff.org] and force all your traffic that can be to be using HTTPS.

Re:Unencrypted cookie auths (3, Insightful)

icebike (68054) | more than 3 years ago | (#35190310)

That cookie is renegotiated after each https login, and it is specific to one session. You can't clone it from another station.
Even if you do manage to intercept it, Man in The Middle attacks are notoriously hard to execute, (you have to actually BE in the middle) especially for a bunch of thugs in jack boots.

Still, you can just look at press photos to see that the Algerian uprising will fail.
In a Muslim country, you can simply count the number of women in the photos. If its not at least 10 percent, the police will use all force necessary, and will ultimately crush the protest.

Re:Unencrypted cookie auths (1)

Anonymous Coward | more than 3 years ago | (#35190328)

Are you familiar with Firesheep? It'd be very easy to intercept sessions in a similar manner if someone isn't using SSL/HTTPS for everything.

Re:Unencrypted cookie auths (1)

Anonymous Coward | more than 3 years ago | (#35190396)

Facebook requires HTTPS to access account settings. Nothing else to say.

Re:Unencrypted cookie auths (1)

Anonymous Coward | more than 3 years ago | (#35190414)

Login over SSL, switch back to unencrypted, cookie is stolen, and cookie is then inserted into another connection which then switches to SSL to make changes. Unless Facebook requires you to re-authenticate to make setting changes, just being over SSL at that point does nothing.

Re:Unencrypted cookie auths (1)

Firehed (942385) | more than 3 years ago | (#35190858)

Most (if not all) of Facebook's account settings pages go over an HTTPS connection. I'd be astonished if there isn't one for auth that's secure-only, since it's effectively pointless if you're trusting cookies that could have been exposed over an http request for requests that require decent authentication.

Of course, Facebook is hardly known for its security. I turned on the HTTPS-everywhere setting the moment it was available on my account. I did spot a "c_user" secure-only cookie that contained only my user ID... god help us if that's what they authenticate against.

Re:Unencrypted cookie auths (1)

jamesh (87723) | more than 3 years ago | (#35190452)

Facebook requires HTTPS to access account settings. Nothing else to say.

Plenty more to say. As long as users go to 'facebook.com', and as long as the browser interprets that as "oh you mean http://facebook.com/ [facebook.com] " then all bets are off. Facebook may force the URL to account settings to https, but if there is a 'man in the middle', they connect to facebook via https for you, but rewrite all the url's you get sent as http, and most users won't notice.

You have to use https _everywhere_ or else you've given a MitM a chance to proxy your connection, and DNS spoofing is all that's required to do this.

Re:Unencrypted cookie auths (1)

jappleng (1805148) | more than 3 years ago | (#35190656)

So basically what you're saying is that the user goes to facebook but before the end up on facebook, the ISP creates a fake facebook page that resembles that of facebook and when the user enters their credentials the ISP logs it and submits it to facebook? I'm probably misunderstanding completely =/

Re:Unencrypted cookie auths (1)

jonwil (467024) | more than 3 years ago | (#35190664)

No, what happens is that you go to facebook.com which resolves to a machine run by the ISP or government (due to DNS hijacking). This machine goes to the real facebook.com over https, retrieves the page and sends it to you as http. You log in on this page which sends your details to the fake ISP server who sends them on to Facebook.

Re:Unencrypted cookie auths (0)

Anonymous Coward | more than 3 years ago | (#35190682)

If you think there's nothing more to say because Facebook requires HTTPS to *ONE* part of the site, then you sir, are the epitome of stupid. The encrypted account settings are not a Facebook user's default page. The default page (the standard news feed), and most other pages, are not at all encrypted, and cookies are passed on these connections just as well as on HTTPS.

Re:Unencrypted cookie auths (4, Informative)

Anonymous Coward | more than 3 years ago | (#35190342)

That cookie is renegotiated after each https login, and it is specific to one session. You can't clone it from another station.
Even if you do manage to intercept it, Man in The Middle attacks are notoriously hard to execute

Quick, someone tell these guys [wikipedia.org] that hijacking FB sessions should be difficult.

Re:Unencrypted cookie auths (1)

sortius_nod (1080919) | more than 3 years ago | (#35190578)

Indeed, I mean, I didn't hijack my fiance's Facebook to show her how vulnerable it is the other day. She totally didn't freak out.

Re:Unencrypted cookie auths (0)

Anonymous Coward | more than 3 years ago | (#35190372)

Let's see -- you are in the government, facebook is outside your country, and it's _hard_ to ensure that all facebook connections get routed through your MitM box?

Re:Unencrypted cookie auths (2)

icebike (68054) | more than 3 years ago | (#35190420)

Let's see -- you are in the government, facebook is outside your country, and it's _hard_ to ensure that all facebook connections get routed through your MitM box?

Well in some governments, that would be far more likely than anyone using firesheep. But other posters insist that you are still asked for your password over a SSL connection when deleting accounts.

I don't know about Algeria's internet structure, but something like this would be pretty hard to set up quickly if there were more than a few backbones. The traffic load would be enormous, you would have to filter every FB access and selectively delete the accounts, AFTER successfully pulling off your MitM.

I seriously doubt there is enough in-country expertise to do this on any grand scale. (I don't discount that France might be helping them).

In short, I suspect its far more likely they are simply blocking specific people, or routing certain internal IPs to a honeypot and some users are too dim witted to determine the difference, and obligingly key in their passwords.

I also don't discount the whole story is apocryphal.

Re:Unencrypted cookie auths (3, Insightful)

SlappyBastard (961143) | more than 3 years ago | (#35190478)

Somehow I suspect that controlling the ISPs makes a man in the middle exploit a tiny bit easier.

Re:Unencrypted cookie auths (1)

mr100percent (57156) | more than 3 years ago | (#35190568)

"In a Muslim country, you can simply count the number of women in the photos. If its not at least 10 percent, the police will use all force necessary, and will ultimately crush the protest."

Um, have you noticed that these aren't particularly religious people who led the protests in Egypt and Tunisia? They're not even using Islamic words in their protests eg they're talking about the Watan and not the Ummah.

Re:Unencrypted cookie auths (1)

icebike (68054) | more than 3 years ago | (#35190602)

No clue what they are talking about.

But I notice a lot of signs in English, and a lot of women in the streets. The mere fact that women are allowed to participate without a brother or husband present is refreshing.

I'm not sure this means they are less religious. Maybe just differently religious.

Re:Unencrypted cookie auths (4, Interesting)

mr100percent (57156) | more than 3 years ago | (#35190698)

People over and over again seem to fall for this mistake. Saudi Arabia is the only country that requires women to be escorted with a "mahram." No other Muslim country makes this claim that it's a requirement, and Muslims worldwide have condemned Saudi Arabia for being too chauvinist. Muslim scholars and shaykhs far and wide have said that Saudi is taking things way too far and that the Quran doesn't call for such things (and it doesn't if you read the text). The Muslim world at large has no desire to oppress women the way Saudi does; more women than men work in Morocco, for example, and Pakistan and Bangladesh had women Prime Ministers, and even Iran has more women in parliament than the US does in Congress.

If the protestors in Egypt were 100% Muslim only (and they weren't given than Egypt is 10-20% Christian), you'd still see women in the streets walking around uncovered. Cairo is the Hollywood of the middle east, home to a large music and film industry and even scantily dressed women.

Re:Unencrypted cookie auths (1)

Ethanol-fueled (1125189) | more than 3 years ago | (#35190720)

Sorry, bro, gotta throw a little salt on your game:

The Muslim world at large has no desire to oppress women the way Saudi does; more women than men work in Morocco...

Like Ruby? [dailymail.co.uk]

for example, and Pakistan and Bangladesh had women Prime Ministers

Well, Benazir Bhutto [wikipedia.org] is a rather bad example. Things didn't work out so well for her.

Cairo is the Hollywood of the middle east, home to a large music and film industry and even scantily dressed women.

But all of the closeted gay royal Saudis go to Bahrain for their DTF("down-to-fuck") restroom encounters.

Re:Unencrypted cookie auths (1)

Anonymous Coward | more than 3 years ago | (#35190844)

Can we stop judging all Muslims by what one in a billion does? Yes, Bhutto got assassinated by someone whose motivations we still don't know. Was it a disgruntled PML-Q or PML-N member, or an MQM stooge, or was it an Al Qaeda grunt? The fact remains that over half of the country voted for her, that's a Muslim country of 130 million people. I'd say their opinion matters more than a lone terrorist. The US can't even elect a woman president yet, so maybe it shouldn't be one to judge.

And the Saudis go to Bahrain for partying because it's driving distance, unlike Egypt which you'd need to fly to visit.

As the above post was saying, can we judge Muslims by what their majority does, rather than its minority? (Saudi is less than 5% of the Muslim world, there are 2x as many Muslims in China)

Re:Unencrypted cookie auths (0)

Anonymous Coward | more than 3 years ago | (#35190744)

Cairo is the Hollywood of the middle east, home to a large music and film industry and even scantily dressed women.

So you're saying that Egypt is one of the more liberal Muslim countries?

And still the Christians are persecuted / slain [bbc.co.uk] ?

Re:Unencrypted cookie auths (3, Informative)

mr100percent (57156) | more than 3 years ago | (#35190814)

Muslims inside Egypt and out condemned that attack. Fortunately, such attacks are few and far between. Look at the aftermath, when terrorists attacked a church around Christmas, thousands of Muslim Egyptians attended church services [huffingtonpost.com] in Egyptian churches, in order to serve as human shields in case of another attack. They held candlelight vigils outside and put crosses on their facebook pages as well.

Let's look to the last 2 weeks. A photo has been spreading all over Twitter of Egyptian Christians making a human chain to protect Muslims from police attack as they were praying in Tahrir square [myweku.com] on Friday. On Sunday, Egyptian Muslims returned the favor [nydailynews.com] , protecting them while they had prayer services. This is a great moment for Muslim-Christian unity in Egypt.

Re:Unencrypted cookie auths (1)

Z00L00K (682162) | more than 3 years ago | (#35190828)

It's no problem being in the middle if you control the network - like if you are a government.

Re:Unencrypted cookie auths (1)

iammani (1392285) | more than 3 years ago | (#35190322)

Auth cookies cannot help you delete accounts (or even change password) in well-designed site. The website prompts for the password to make sure its you.

Re:Unencrypted cookie auths (0)

Anonymous Coward | more than 3 years ago | (#35190506)

Ok... for those of us who don't use Facebook,.. IS it well designed?

Re:Unencrypted cookie auths (1)

/dev/trash (182850) | more than 3 years ago | (#35190336)

HTTPS Everywhere is great if you have 3 minutes for every minute to do something. I used it while on vacation and I was forced to use Barnes and Noble. Slow Slow slow slow.

Re:Unencrypted cookie auths (1)

epine (68316) | more than 3 years ago | (#35190556)

HTTPS Everywhere is great if you have 3 minutes for every minute to do something. I used it while on vacation and I was forced to use Barnes and Noble.

The bar to resist dictatorship keeps going up. First you have to learn HTTPS Everywhere, then you have to learn tabbed browsing, cyclic tasking, and delayed gratification.

https should have become the default long ago. As it stands, I'm sure the Algerian santa is keeping a list. One shouldn't have to stand out by defending oneself against man-in-the-middle.

On the other hand, the portion of the rebel alliance with "allahakbar" as their FB password were unlikely to put up stiff resistance against sand-troopers with scimitars. Hmmm, I should watch my language.

From Three Kings [imdb.com] :

Chief Elgin: I don't care if he's from Johannesburg. I don't want to hear "dune coon" or "sand nigger" from him or anybody else.
Conrad Vig: Captain uses those terms.
Sgt. Troy Barlow: That's not the point, Conrad. The point is that "towelhead" and "camel jockey" are perfectly good substitutes.

Barnes and Noble? Damn! That's rough.

Re:Unencrypted cookie auths (1)

mallyn (136041) | more than 3 years ago | (#35190626)

Is it as slow as asking the concierge in your hotel to go to the local Barns and Noble and get the book for you?

Re:Unencrypted cookie auths (4, Insightful)

Frosty Piss (770223) | more than 3 years ago | (#35190380)

The problem is that you may send your username and password over HTTPS, each page after that you send your auth cookie over plain ol' unencrypted HTTP

No.

This is *NOT* the problem at all.

The problem is that ridiculously entrenched tin-pot dictators continue to believe that they can control to populous like they did in the pre-Internet days when all you had to do was shut down a few newspapers and "disappear" their enemies.

Sure, there's obviously a technical process going on, but the root of the problem has nothing at all to do with computers or networks, it has to do with a fundamental change in the dynamics of how populations are controlled by despots.

Why shouldn't they believe? (1)

SuperKendall (25149) | more than 3 years ago | (#35190468)

The problem is that ridiculously entrenched tin-pot dictators continue to believe that they can control to populous like they did in the pre-Internet days when all you had to do was shut down a few newspapers and "disappear" their enemies.

Worked for Iran.

The internet means nothing if the despot is determined.

Re:Why shouldn't they believe? (1)

Frosty Piss (770223) | more than 3 years ago | (#35190834)

Worked for Iran.

Things are a changin'

Re:Unencrypted cookie auths (1)

awestruk (1667899) | more than 3 years ago | (#35190888)

This guy was NOT debating they evilness of dick-taters.

He was saying that it would be trivial for a government to do this on their own and therefore the line "Unless Facebook is cooperating, this would either require hacking FB to obtain administrator privileges or cracking the password of each account they wish to delete." is misleading because it suggests Facebook might have a hand in this. They don't; if the government wanted to do it, they would have done it on their own with ease.

Thanks for the red herring rant though : )

Re:Unencrypted cookie auths (1)

hishamaus (1991142) | more than 3 years ago | (#35190406)

But you still need a password to delete an account, this just gives you the ability to post and add friends etc

Re:Unencrypted cookie auths (1)

outsider007 (115534) | more than 3 years ago | (#35190436)

HTTPS isn't cool. You know what's cool? A billion dollars.

Re:Unencrypted cookie auths (1)

hishamaus (1991142) | more than 3 years ago | (#35190500)

that's just lame

Re:Unencrypted cookie auths (0)

Anonymous Coward | more than 3 years ago | (#35190892)

You win an Internet! [you-win-the-internet.com]

Re:Unencrypted cookie auths (1)

MattW (97290) | more than 3 years ago | (#35190768)

I have no idea how fb works because it's an abomination and I avoid it as much as possible, but - having coded sites and auth schemes from scratch (after 5 years in network security), I can say: it's a poor site that allows an http:/// [http] cookie to perform a delete when they use https:/// [https] for a login.

Generally, if there's a need to have some high-security functions but some low security interactions, you take the login over https:/// [https] then set TWO cookies; one of them with the "ssl-only" flag set; browsers will only send that when returning to the site over an SSL connection. Then you restrict certain types of page views (which would include modifying your account) to https:/// [https] pages. (And I don't tend to look too closely, but I assume this is what other sites are doing when they are saying, "Welcome back Matt...", and then asking for me to confirm my password anyhow and sending me back to SSL for things like a password change.

Barak-O in Big Trouble O (-1)

Anonymous Coward | more than 3 years ago | (#35190298)

Algeria is another CIA rendition and torture Banana Republic of Barak-O, Terrorist-n-Chief of the USA.

In the next few hours, our tax dollars will be laundered by Treasury into Barak-O's Banana Republic Governor/s Swiss Bank Account.

The laughs just keep comming, LOL.

-308

Users (5, Funny)

Anonymous Coward | more than 3 years ago | (#35190312)

It would also require that 'users' have delete priviliges regarding their own account.

Re:Users (1)

Aerynvala (1109505) | more than 3 years ago | (#35190346)

LMAO and me without Mod Points

Re:Users (1)

msauve (701917) | more than 3 years ago | (#35190472)

You say that as if Facebook is the poster child ("think of the children") for security.

Re:Users (1)

guttentag (313541) | more than 3 years ago | (#35190716)

To clarify for anyone who doesn't get the joke, you can't "delete" a facebook account. You can "disable" your account, but facebook still keeps all your data forever. So centuries from now archaeologists can dig up their data center, excavate the hard drive platters and find out who was friends with who and what kind of music they liked. If only we could see Moses's facebook tablet... we'd know so much more about ancient Egypt! Then again, if Pharaoh had seen Jochebed's [wikipedia.org] facebook tablet, he would have seen an entry like this and history would have unfolded very differently:

Put my baby in a basket and floated him down the Nile to escape Pharaoh's decree. Miriam says she saw Pharaoh's daughter pick him up and call him her own. I miss him already!
6,382 people like this

My first thought when I saw this story's headline was, "Who in Algeria can I contact to get my facebook account deleted? Better yet, could take this technology and turn it into a business, with people paying me to delete their accounts?"

Re:Users (1)

hashp (68887) | more than 3 years ago | (#35190870)

To clarify for anyone who doesn't get the joke, you can't "delete" a facebook account. You can "disable" your account, but facebook still keeps all your data forever.

"You can check out any time but you can never leave". But I thought I did see an option to permanently delete your account in there somewhere. Didn't try it though.

Algeria Internet NOT shut down (yet) (3, Interesting)

mbone (558574) | more than 3 years ago | (#35190314)

The consensus in the networking community is that the Internet to / from Algeria has not been shut down. See the Renesys [renesys.com] blog for more details.

The situation with regards to social media is more uncertain, with reports of both blockage and routine service.

Re:Algeria Internet NOT shut down (yet) (1)

pgn674 (995941) | more than 3 years ago | (#35190552)

Yeah, I saw that too. So, if this Telegraph article's summary text "Internet providers were shut down ... across Algeria" is shown to be completely incorrect, then the accuracy of the of text in the summary, "Facebook accounts deleted across Algeria," can be taken into question, assuming both statements were investigated the same amount by the summary writer.

Impossible? (3, Informative)

Shuntros (1059306) | more than 3 years ago | (#35190316)

I thought it was impossible to actually delete a Facebook account? Sure, you can deactivate it, but not delete as far as I can remember.

Re:Impossible? (0)

Anonymous Coward | more than 3 years ago | (#35190518)

You can. E-mail to their customer support and ask them to permanently delete the account and they will happily(?) do so.

Re:Impossible? (0)

Anonymous Coward | more than 3 years ago | (#35190636)

No, it's possible, but it's fairly well hidden.

Once you opt to delete your account, you have to stay signed out for 14 days for the deletion to be final. Otherwise, the delete request is cancelled.

Re:Impossible? (0)

Anonymous Coward | more than 3 years ago | (#35190640)

It has been possible to delete Facebook accounts for some time now.

No password encryption (2)

neo00 (1667377) | more than 3 years ago | (#35190318)

Last time I checked, by default login credentials are sent without encryption over http. Stealing the password is very easy in this case. Everyone should make sure to use https instead. There's an option in the user account to enable https all the time.

Re:No password encryption (1)

blincoln (592401) | more than 3 years ago | (#35190360)

HTTPS doesn't do much good if the country in question implements transparent proxies at the borders of their national network infrastructure that decrypt SSL traffic, inspect the contents, then re-encrypt it with an SSL certificate issued by one of the authorities registered for that country (which is certainly within the realm of possibility for most governments). Have you ever looked at (let alone modified) the list of SSL authorities that your web browser trusts by default?

Re:No password encryption (1)

fuzzyfuzzyfungus (1223518) | more than 3 years ago | (#35190442)

https://www.eff.org/observatory [eff.org]

The punchline: Unless you are using an atypically paranoid browser config, there are a Lot of CAs and subordinate CAs(some of them known-slimy, others known-incompetent), whose certs your browser will silently trust.

What would be nice would be a mechanism for tracking the cert-chain of websites of interest over time and from various endpoints on the internet. Companies do, legitimately, get tired of getting shafted by Verisign, er, um. switch certificate providers; but sudden shifts, not corresponding with certificate expirations, or shifts visible only from a subset of IPs would raise a red flag...

Re:No password encryption (0)

Anonymous Coward | more than 3 years ago | (#35190598)

Certificate Patrol - http://patrol.psyced.org/

Re:No password encryption (1)

emt377 (610337) | more than 3 years ago | (#35190642)

The punchline: Unless you are using an atypically paranoid browser config, there are a Lot of CAs and subordinate CAs(some of them known-slimy, others known-incompetent), whose certs your browser will silently trust.

Yeah, this just illustrates how worthless web certs are. Any government with a CA within its borders can get a cert to impersonate anyone or anything. So can any criminal organization in the same country as long as their government is sufficiently corrupt. The way it SHOULD work is that another party proves knowledge of a secret I gave them when I registered, so I can know when I contact them that it's the same organization I registered with and not an impostor. Plaintext can be avoided without certs; just a plain diffie-hellman handshake and a stream cipher works as well for that. (And in fact is how SSL works, other than the cert exchange. So just remove the latter.) But of course, then we wouldn't need an entire industry built around selling certs. We'd just need a few simple protocol changes...

Re:No password encryption (1)

devman (1163205) | more than 3 years ago | (#35190676)

Except you have no way to know you who you were talking to you when you registered in the situation you described above. I think CA's and SSL is fine, but I think the browser should flag EVERY cert the first time you've seen that particular fingerprint, so that the motived among us could scrutinize the CA chain every time it changes.

Re:No password encryption (1)

icebike (68054) | more than 3 years ago | (#35190456)

A pretty wide range of Algerian providers (Telecom Algeria, Wataniya Telecom Algeria, SPA Anwarnet, Smart Link, Orascom/Djezzy, etc.) have direct international connectivity, as seen in the BGP routing table. See here [renesys.com] .

That makes it pretty hard for a tin-horn dictator to proxy all of these. (Algeria is not known as a great source of networking expertise).

I suspect it would be much easier to put up a dummy facebook server (honypot) and simply have it deny all log in attempts. A few dns entries at each ISP suckers in a lot of people.

Re:No password encryption (5, Interesting)

emt377 (610337) | more than 3 years ago | (#35190620)

HTTPS doesn't do much good if the country in question implements transparent proxies at the borders of their national network infrastructure that decrypt SSL traffic, inspect the contents, then re-encrypt it with an SSL certificate issued by one of the authorities registered for that country (which is certainly within the realm of possibility for most governments). Have you ever looked at (let alone modified) the list of SSL authorities that your web browser trusts by default?

When I was in Vietnam recently, which blocks Facebook, they operated by intercepting DNS. They'd either make lookups fail or make them resolve to their own proxy. Before we realized this my wife uploaded a bunch of photos which then mysteriously disappeared overnight. We got around this by me firing up squid on my linode and using this as our web proxy, by IP address. (Authenticated obviously.) This way names are resolved in the good ole USA, geolocation says we're there (so get stuff in English), etc - AND the local government doesn't get to stick its grimy paws in my DNS lookups. To stops us they'd have to identify me personally, and spend resources on a single individual - and given we were foreign tourists they probably couldn't care less. After all, we'd leave in a few weeks and then we'd still post and say all the same things regardless. If we were locals we'd probably get on a watch list... They DID spend extra time on my exit processing at the airport, where the official wandered off with my passport and was gone 5-10 min.

A third option... (2)

Dhalka226 (559740) | more than 3 years ago | (#35190330)

Facebook must be cooperating or they're hacking each individual account? I think you're missing a third option [xkcd.com] .

HTTPS (0)

Anonymous Coward | more than 3 years ago | (#35190332)

Facebook really needs to just force all content to go over HTTPS. Using unencrypted HTTP is just asking for trouble.

Sounds like a great way to... (1)

physicsphairy (720718) | more than 3 years ago | (#35190334)

1) Alert people their communication is insecure
2) Let them know the government is concerned about their ability to organize
3) Piss them off

All without actually causing them much inconvenience. Last I checked, Facebook made it easy to restore an account, and even if they've changed that, Facebook almost certainly has retained the data and made it clear in Tunisia they were willing to fix the problem for those affected by sabotage.

Re:Sounds like a great way to... (2)

fuzzyfuzzyfungus (1223518) | more than 3 years ago | (#35190386)

I can only assume that the Algerian government is minimally concerned with the fact that Facebook can restore profiles from the bowels of their titanic data mines and maximally concerned with disrupting efficient organization among dissidents and potential dissidents.

The jackboots start at a numerical disadvantage; but they start organized and comparatively well equipped. The dissidents enjoy potential numerical superiority and a PR advantage; but they start poorly organized and only partially mobilized.

If communication is functioning at or above a certain level of efficiency(and people are, in fact, just that pissed off) the dissidents will make up the lost ground in organization and mobilization and move a serious volume of newsworthy photos and such. If, however, communication is disrupted beyond a certain point, odds are that the jackboots will be able to contain the ill-organized initial activity, "disappear" a few of the key figures as the situation permits, and retard the recruitment of potential dissidents into an active revolt.

HTTP Authentification is what most people use (1)

aysa (452184) | more than 3 years ago | (#35190338)

There is absolute no technical challenge in hacking those accounts.

If it's even slightly true, Algeria is "next". (2, Interesting)

Anonymous Coward | more than 3 years ago | (#35190348)

Dunno anything about facebook - who really gives a shit anyway, right? - but if Algeria really is trying to mess with its people's Internet activities, it all but guarantees they are the next regime to face the revolutionary wrath. So to speak.

It's the Streisand Effect to the nth degree.

Re:If it's even slightly true, Algeria is "next". (1)

countertrolling (1585477) | more than 3 years ago | (#35190462)

...but if Algeria really is trying to mess with its people's Internet activities, it all but guarantees they are the next regime to face the revolutionary wrath. So to speak....

Ol' Comcast better watch out next time they start throttling my torrents..

North Africa is "next" (1)

Anonymous Coward | more than 3 years ago | (#35190534)

Haven't you people been reading all those "North Africa will produce all the electricity Europe needs by 2050"?
Look it up and check the maps. Almost every country that power-lines are supposed to go through is in the process of changing government/revolting or is "next".
And the plan is to have the electricity start flowing to Europe by 2020. And by god, all those countries will be capitalist democracies by then.

At least this time it is in the interest of both big business, European countries AND the United States to keep that region as stable and as peaceful as possible.
Cause for the first time, it is not the old "get in, grab their resources and run before they learn to use guns" game any more.
You can't store electricity or fill up a tanker with it. Nor can you park your civilization by the side of the road until it starts to flow again if interrupted.

Alternative would be, I guess, to have every man, woman and child in the region issued a gun an ordered to protect the solar arrays and power-lines from terrorists, copper thieves and possibly sandworm-riding Fremen.
Cause when it comes to "must flow", spice has nothing on electricity.

Barak-O in Deep Shit-O (-1)

Anonymous Coward | more than 3 years ago | (#35190352)

Our Terrorist-n-Cheif is having a bad day.

Algeria, ah, a rendition and torture state, i.e. Banana Republic, and things are getting iffy for Barak-O/s vision of "Terror in the USA."

-308

Tell me more... (1)

HBD (450014) | more than 3 years ago | (#35190376)

...seriously, I've been trying to delete my Facebook account for a year now and it keeps coming back...

Elections (1)

Anonymous Coward | more than 3 years ago | (#35190384)

Doesn't Algeria already have open elections?

Re:Elections (4, Interesting)

fuzzyfuzzyfungus (1223518) | more than 3 years ago | (#35190498)

They do have elections, though I'm not sure how hiqh-quality they are thought to be. The fact that said democracy has been continually operating under emergency powers since the end of the Algerian Civil War probably doesn't make people entirely cheerful.

Ultimately, though, I suspect that they are hitting the same demographic/economic crunch that has caused trouble for other states recently: Fairly high unemployment(particularly among the large portion of the population that is fairly young), rising costs of staple commodities, and the perception(generally accurate) that the state is corrupt and exploitative in favor of some well-connected elite. Even in well-functioning democracies, that demographic circumstance will produce substantial volatility. If the state is having any legitimacy issues: boom. (On the other side of the coin, as our dear friend Putin can attest, if you preside over a period of improved wellbeing for the population, people will eagerly forgive egregious corruption and repression...)

Hacking individual Facebook accounts won't work (1)

dido (9125) | more than 3 years ago | (#35190402)

Given how Facebook's infamously buried 'delete my account [facebook.com] ' feature works, hacking individual accounts won't in general be sufficient to delete them. Well, with access to the account they could change the password to a random one to prevent the legitimate owner from logging in and preventing the deletion, but the account simply appears deactivated to others until that happens. Facebook cookies on the owner's computer could also conceivably cause any efforts at account deletion to be frustrated. If they "deactivate" peoples' accounts the legitimate owner still gets Facebook spam and invitations from friends so unless every account in the victim's network is also similarly compromised that only causes Facebook's power as an organizing tool to diminish only slightly. The article has almost no detail on what 'deleting Facebook accounts' means, so it's hard to say exactly what this entails.

If Algeria can really make people's accounts disappear from Facebook completely, then either Facebook is helping them do so or they've hacked into Facebook. Hacking individual accounts won't cut it.

Probably "brute forcing" the facebook accounts (2)

DustoneGT (969310) | more than 3 years ago | (#35190412)

Algerian .gov is probably just hitting them with wrenches [xkcd.com] until they give up the passwords.

Re:Probably "brute forcing" the facebook accounts (1)

Troll-Under-D'Bridge (1782952) | more than 3 years ago | (#35190526)

I don't know whether to mod you funny or insightful. I just hope these "brute force" attacks aren't true, and that worst thing the authorities there are doing is short-term detention (which is not to say that's the right thing to do with unarmed protesters).

Re:Probably "brute forcing" the facebook accounts (0)

Anonymous Coward | more than 3 years ago | (#35190752)

nah, they're probably trying something more sophisticated like sleep deprivation and having some agent screaming like crazy next door pretending she or he is being tortured. remember these are kids who break easy, not some hardened islamic fundie who believes god will pay them back with 40 virgins when they go byebye this world.

ps the world "ruthless" is my capcha

Re:Probably "brute forcing" the facebook accounts (2)

jmcvetta (153563) | more than 3 years ago | (#35190758)

God I'm sick of that cartoon.

Yes, it's fucking obvious that a government can send thugs to beat the crap out of a person until he divulges a password. However, this is expensive (wrench wielding henchman isn't exactly a career that makes mama proud, so you need to pay them a lot); intrusive (you need to bust into someone's house to do it, and you might just get shot in the process); and likely to provoke violent backlash from the beaten person's family & friends. Probably works great under normal conditions, when there are just a handful of activists to crush. In revolutionary times there are tens of thousands of dissidents active at the same time, and government simply doesn't have enough thugs to go wrench them all.

Maybe Algerian's are smarter than the rest? (1)

EricX2 (670266) | more than 3 years ago | (#35190428)

They know that Facebook is on the down hill of popularity and want their info gone before it is purchased by a big American corporation like Kraft, Ford, or the Democratic Party.

Belonggz (1)

hishamaus (1991142) | more than 3 years ago | (#35190430)

ALL Your Face Are Belong To Us!

Not deleting accounts, but hijacking groups (0)

ub3r n3u7r4l1st (1388939) | more than 3 years ago | (#35190432)

The Mossad did that with many pro-Palestinian groups on facebook.

Re:Not deleting accounts, but hijacking groups (2)

belmolis (702863) | more than 3 years ago | (#35190460)

What's the evidence for this?

Re:Not deleting accounts, but hijacking groups (1)

Anonymous Coward | more than 3 years ago | (#35190562)

None, ub3r dumbass is just your standard below average intelligence anti-semite... not worth the oxygen it consumes.

Re:Not deleting accounts, but hijacking groups (0)

Anonymous Coward | more than 3 years ago | (#35190560)

It wasn't Mossad. It was thousands of middle class Americans who have been brought up identifying with Israel in quasi-ethnic terms, who've never seriously studied the issues involved, and who have all day to troll since high school is a fucking joke.

It is difficult, but they can be reasoned with. Poignantly absent from the rest of American culture, a kind of respect for reason is part of Jewish culture.

Re:Not deleting accounts, but hijacking groups (1)

G3ckoG33k (647276) | more than 3 years ago | (#35190824)

How do you hijack a group?

More likely explanation (3, Insightful)

M. Baranczak (726671) | more than 3 years ago | (#35190434)

Some of FB's servers went down. Some paranoid Algerian guy, who may or may not have good reason to be paranoid, noticed this, and assumed that it was targeted at him personally. And a rumor got started.

Duh (-1)

Anonymous Coward | more than 3 years ago | (#35190446)

All the sand monkeys are overthrowing their governments. And you post about facebook? Get a grip. Much worse is coming nerds.

who said "deleting"? (0)

Anonymous Coward | more than 3 years ago | (#35190458)

The body of TFA doesn't actually say anything about "deleting Facebook accounts"; that only appears in the little teaser under the headline, which was probably written by someone other than the person who wrote the article itself. Far more likely that they're blocking access to Facebook in general (along with Twitter and other easily-subversive sites). It's what I'd do if I were the despot in charge there.

Barak-O-Vision, the Movie (-1)

Anonymous Coward | more than 3 years ago | (#35190486)

Barak-O-Vision, the former human half-breed who used the symbol "Barry" is in deep shit.

Algeria, the Banana Republic of the USA for decades. Used most recently by GWB and Barak-O-Vision for rendition and torture.

The US DT (Department of Treasury), now a money laudering mechanism for Barak-O-Vision.

-308

Well (2)

jav1231 (539129) | more than 3 years ago | (#35190528)

Anyone who would setup that hideous new photo viewer is capable of most any evil.

Does Anyone really care? (1)

zoomshorts (137587) | more than 3 years ago | (#35190548)

North Africa is full of script kiddies and trojan dumping douchebags.
Why even allow these people any Internet access? Are you all just
a bunch of liberal Nigerian wannabe's? North Africa has nothing the world wants.
Do you want depleted oil reserves, or sand? Have any of you ever been there?
I have, and they are unimpressive as a culture or a people. Morocco? Tunisia?
Algeria? Egypt? Lybia? (I have not been to Libya) I totally useless region of the world.

Whining apologists always feel certain countries need Internet. They need food, jobs
and anything BUT the Internet. You liberal asses need to spend money and actually
visit those places before you open your collective mouths!

Unstable (1)

jason18 (1973154) | more than 3 years ago | (#35190554)

There's been some form of rioting going on for awhile now in Algeria, so I'm surprised this hasn't happened already, with Tunisia on their border and Egypt only a country away. One would think that the Algerian leaders would realize that killing Facebook won't help, but they're probably so paranoid that the African leaders aren't thinking right (shocker). The Wikipedia article does a nice job of telling how nuts it is over there right now, with a summary of all the self-immolations happening not so much from "I hate the country" but from "family altercations and love disappointments". Whatever the case, Algeria is next in line.

More likely (0)

Anonymous Coward | more than 3 years ago | (#35190564)

More likely they're doing what Tunisia did. Snooping the non-HTTPS traffic and gleaning the passwords, then logging in and deleting the account.

Revelation (1)

theorem4 (1101729) | more than 3 years ago | (#35190608)

Wait, they are actually able to delete Facebook accounts? Here, take mine!

Password stealing is easy when you hold it's owner (1)

tehaynes (853811) | more than 3 years ago | (#35190614)

It is easy enough to acquire the password when you hold it's owner captive. I am a US citizen and I gave my government my password to my laptop at the Canadian border just so they would let me go to the bathroom. Giving up your facebook credentials would be trivial unless you were very dedicated.

Did the same thing in Tunisia (1)

kabloom (755503) | more than 3 years ago | (#35190646)

Tunisia also tried packet sniffing to steal the Facebook passwords of everyone in the country, so they could delete the pages that were being used to coordinate protests. I'm sure it's only a matter of hours before someone at Facebook employs the same solution for Algeria [theatlantic.com] , forcing everyone in Algeria to connect by SSL and turning on face-based identity verification, a feature whose introduction has already been discussed here on Slashdot [slashdot.org]

Re:Did the same thing in Tunisia (0)

Anonymous Coward | more than 3 years ago | (#35190660)

In Tunisia didn't they insert code into the Facebook website through the Tunisian central servers to capture passwords? That was my understanding of what they were doing.

Re:Did the same thing in Tunisia (1)

mr100percent (57156) | more than 3 years ago | (#35190708)

I think it was more the Tunisian ISPs capturing the page and inserting their own javascript code before sending it to the client.

In Egypt... (1)

Anonymous Coward | more than 3 years ago | (#35190648)

The government used DPI to both analyze traffic and inject additional code into the Facebook login page when accessed via HTTP. The additional code was used by governement officials to steal login details of protestors, obtain access to their accounts, track the owners of the accounts down and delete the profiles. That is until The usage of anonymisation services sucha as the i2p darknet and TOR started become more widespread. As always there is no magic bullet or 'perfect' security but personal scrutiny of what you do and how do it can change the world.

Not that you can delete accounts... (0)

Anonymous Coward | more than 3 years ago | (#35190746)

Facebook wants your information. You can deactivate your account, but it's not really deleted. At any time in the future, if you log back into your account, it's reactivated.

why give the benefit of the doubt? (1)

jmcvetta (153563) | more than 3 years ago | (#35190776)

Do we have any reason at all to suspect that Facebook is not cooperating with the Algerian regime? So far FB has never done anything that would make me afford them the benefit of the doubt. I would be shocked - nay, it would strain my belief - if they didn't willingly cooperate with the government.

I always hated Algebra! (0)

erroneus (253617) | more than 3 years ago | (#35190786)

I saw that headline and thought "Really? Is there like a bug that can be traced back to an algebraic expression resulting in accounts being deleted?" It's 2am; what can be expected?

FWIW, I didn't hate algebra... kinda liked it when I was in school ...not sure I like it now but back then it was pretty easy and no one else around me thought it was easy.

If Algeria is next, we can hope for Libya too (1, Interesting)

G3ckoG33k (647276) | more than 3 years ago | (#35190816)

If Algeria is next, we can hope for Libya too. Unfortunately, Libya's Khaddaffi known for his sex orgies has a likeminded friend in the senile Italian clown Berlusconi.

North African girls?! Who supply them? Are they traded goods?!

Yahoo writes [yahoo.com] : "Silvio Berlusconi, the long-serving prime minister of Italy, is facing multiple scandals that are entertaining and deadly serious. Italian prosecutors are seeking a fast track trial for Berlusconi on a number of charges. The charges include abuse of power and having sex with an under aged prostitute. On the first charge, Berlusconi is accused of bribing a British lawyer named David Mills to provide favorable testimony in court cases. The more entertaining charge concerns an alleged sexual encounter between the 74-year-old Berlusconi and a 17-year-old night club dancer named Karima El Mahrough, possibly an Egyptian national, and paying for the privilege. Berlusconi and El Mahrough have denied having sex. Berlusconi appears to be trapped in a curious contradiction in Italian law. The age of consent in Italy is 14 and paying for sex is not illegal. But paying for sex with someone under 18 is a crime punishable by three years in jail."

Times of India wrote [indiatimes.com] : "An influential Italian Catholic newspaper said on Tuesday that the prostitution probe into Premier Silvio Berlusconi's encounters with a Moroccan teenager is like a 'devastating tornado' damaging the country's image"

Sorry Italy, the damage is done, years ago by not kicking out that turd.

Let us hope that at least some EU politician have b0ll0cks and can take that little fu**er in his b**** and tell the Algerian leaders and the Libyan Khadaffi pack to take their bags and go to Saudi Arabia for retirement. William Bush Jr is probably already there waiting for them, similing and waiving.

An unsubstantiated claim? (2)

benfell (212266) | more than 3 years ago | (#35190862)

I notice that the story linked above [telegraph.co.uk] doesn't substantiate the claim. The only reference appears in a teaser (above the byline) which I'm guessing might have been written by an editor rather than by the reporter. It's a helluva rumor to start--I've been seeing all over the place all day.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?