×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

24-Year-Old Asks Facebook For His Data, Gets 1,200 PDFs

Soulskill posted more than 2 years ago | from the ask-and-ye-shall-receive dept.

Facebook 291

chicksdaddy writes "Be careful of what you ask for. That's a lesson Max Schrems of Vienna, Austria learned the hard way when he sent a formal request to Facebook for a copy of every piece of personal information that the social network had collected on him, as required under European law. After a wait, the 24-year-old law student got what he was seeking: a CD with all his data stored on it — 1,222 files in all. The collection of PDFs was roughly the length of Leo Tolstoy's War and Peace, but told a more mundane story: a record of Schrems' years-long relationship with the world's largest social network, including reams of data he had deleted. Now Schrems is pushing Facebook to disclose even more of what it knows."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

291 comments

It should be illegal..... (5, Insightful)

ThisIsNotMyHandel (1013943) | more than 2 years ago | (#38364102)

It should be illegal for these companies to keep user generated content once the user deletes it.

Re:It should be illegal..... (5, Insightful)

earls (1367951) | more than 2 years ago | (#38364134)

What if I want them to? Version control, anyone?

Re:It should be illegal..... (2, Funny)

Anonymous Coward | more than 2 years ago | (#38364166)

You might be legally retarded.

Re:It should be illegal..... (5, Insightful)

dougmc (70836) | more than 2 years ago | (#38364276)

You might be legally retarded.

Huh?

His point is perfectly valid. Wikipedia is, for example, all about version control. Somebody defaces a page? Revert.

Re:It should be illegal..... (1)

bennomatic (691188) | more than 2 years ago | (#38364324)

The AC's post wasn't necessarily wrong; think of it as a non-sequitor. Don't get me wrong: I have nothing against EARLS and I don't believe that user is legally retarded by any stretch of the imagination. However, I do find it more comforting to look at venomous AC posts as something other than related commentary.

Re:It should be illegal..... (3, Insightful)

JAlexoi (1085785) | more than 2 years ago | (#38364600)

If you remove YOUr own content, there should be no going back. Wikipedia is a different beast - it's about facts being collected into a single place.

Re:It should be illegal..... (0)

Anonymous Coward | more than 2 years ago | (#38364880)

No, it's about facts being collected all over the internet and linked in one place.

Re:It should be illegal..... (4, Insightful)

hawguy (1600213) | more than 2 years ago | (#38364562)

What if I want them to? Version control, anyone?

You haven't deleted it if you expect it to be recoverable from a version control system.

But when I have a reasonable expectation for something to be deleted forever (like when I empty my Gmail trash folder), then the carrier should take reasonable steps to make said item unrecoverable within a reasonable timeframe.

Re:It should be illegal..... (0)

Anonymous Coward | more than 2 years ago | (#38364684)

"backups"

Re:It should be illegal..... (5, Insightful)

hawguy (1600213) | more than 2 years ago | (#38364860)

"backups"

That's why I said "reasonable timeframe". I don't expect them to delete the data immediately, maybe provide for 90 - 180 days to allow off-site tapes to be recycled. I'm not even asking for a secure delete, I'm ok with the data being technically recoverable from a disk or tape using forensic analysis.

Maximum retention times are nothing new in the corporate world.

Re:It should be illegal..... (-1)

Anonymous Coward | more than 2 years ago | (#38364802)

p4 sync mylife.cc#12

Re:It should be illegal..... (2, Insightful)

Anonymous Coward | more than 2 years ago | (#38364146)

Should it also be illegal for me to keep a record of your appearance in my mind once you leave the room as well?

>Making up arbitrary emotionally motivated "this should be illegal" arguments on the fly.

Re:It should be illegal..... (4, Funny)

CannonballHead (842625) | more than 2 years ago | (#38364258)

"Making up arbitrary emotionally motivated "this should be illegal" arguments on the fly."
That should be illegal.

Re:It should be illegal..... (5, Insightful)

Oxford_Comma_Lover (1679530) | more than 2 years ago | (#38364264)

Your personal knowledge of a prior event concerning me does not raise privacy concerns. Your automatic and routine compilation of all prior events concerning me and sharing of that information with intelligence agencies, law enforcement, and commercial partners does.

Re:It should be illegal..... (3, Insightful)

tgd (2822) | more than 2 years ago | (#38364414)

Your personal knowledge of a prior event concerning me does not raise privacy concerns. Your automatic and routine compilation of all prior events concerning me and sharing of that information with intelligence agencies, law enforcement, and commercial partners does.

Your life isn't nearly as interesting as you think. Your mundanity is your privacy. Your value to Facebook is your eyeballs and the ads they can serve.

And if your life was any interest to anyone, there'd be people working a lot harder to penetrate your privacy.

Re:It should be illegal..... (2, Insightful)

Anonymous Coward | more than 2 years ago | (#38364484)

Someone's looking for you. Thanks to information on the internet, they find you. Then they murder you.

Okay, that probably won't happen to me personally. But guess what? It (not necessarily that extreme example) has to happen to someone. And that someone could be me (not that I don't care if it happens to others).

Someone will inevitably be interested in someone else's life. Pretending that because it doesn't happen to you, it doesn't happen to anyone, is foolish.

Re:It should be illegal..... (0)

JonySuede (1908576) | more than 2 years ago | (#38364554)

do you propose to ban phone book ?

Re:It should be illegal..... (2)

hedwards (940851) | more than 2 years ago | (#38364910)

That would be a step in the right direction.It's been ages since I've gotten a new line, but I seem to remember having to opt out of being listed.

Re:It should be illegal..... (1)

Anonymous Coward | more than 2 years ago | (#38365012)

I didn't propose anything. I just find the arguments of "your life isn't interesting" to be completely idiotic. Someone, somewhere is looking for someone (and intending to do them harm). So, yes, obviously it does happen to certain people. If it happens to other people, there's a chance that it could be you. A small chance, maybe, but it's there.

And you don't have to ban the phone book. Technically, you'd just have to make them remove your information from it (like people are asking Facebook to do).

Re:It should be illegal..... (0)

Anonymous Coward | more than 2 years ago | (#38364816)

Tell that to the marketing departments of the world. Tell that to the IRS.

Re:It should be illegal..... (0)

Anonymous Coward | more than 2 years ago | (#38364872)

Then why do they retain the deleted data at all? If it wasn't worth keeping they wouldn't keep it.

Re:It should be illegal..... (5, Insightful)

Capt. Skinny (969540) | more than 2 years ago | (#38365006)

Your mundanity is your privacy

Perhaps, as long as you remain obscure. But once you become a research target -- being suspected of a crime, mentioned in a news story, or applying for a security clearance, for example -- then all that data can provide seeds for speculation about your motives, integrity, or personality.

The public IP addresses of my servers are buried in relative obscurity, just another 32-bit number among millions. But if I post a log file to a support forum then you can bet that I'll strip that IP address out.

Re:It should be illegal..... (3, Insightful)

Anonymous Coward | more than 2 years ago | (#38365182)

Your life isn't nearly as interesting as you think. Your mundanity is your privacy. Your value to Facebook is your eyeballs and the ads they can serve.

And if your life was any interest to anyone, there'd be people working a lot harder to penetrate your privacy.

In other words, if you behave yourself, act like a good little citizen, pay your taxes, and don't complain you have nothing to fear, right? And of course, if you don't, you have no rights, and you shouldn't, either, because you are a Bad Person.

Re:It should be illegal..... (2)

yahwotqa (817672) | more than 2 years ago | (#38365226)

> Your life isn't nearly as interesting as you think. Your mundanity is your privacy.

But but but... I thought I'm special and unique, like a snowflake?!

Re:It should be illegal..... (2)

DogDude (805747) | more than 2 years ago | (#38364532)

It's public information. Anybody can and many organizations do archive online information. The millisecond information is posted online, it's forever public. I don't understand why people find this concept so hard to grasp.

Re:It should be illegal..... (2)

hedwards (940851) | more than 2 years ago | (#38364918)

Because it's not always posted by the person to whom it applies. Personally I don't care about what other people post about themselves. I do however care very much about the things that they post about me. That and the crackers that trojaned TD Ameritrade and released my contact information to the net at large.

Re:It should be illegal..... (3, Insightful)

swalve (1980968) | more than 2 years ago | (#38364218)

So they should have an army tasked with sanitizing all the backup tapes whenever I delete a photo?

Re:It should be illegal..... (4, Insightful)

PopeRatzo (965947) | more than 2 years ago | (#38364380)

So they should have an army tasked with sanitizing all the backup tapes whenever I delete a photo?

What is this, 1985? You think it takes an "army" of people to go back and delete data?

Tell you what, if Facebook was ever charged with some legal wrongdoing and expected subpoenas, I bet they'd be able to "sanitize" their data post haste without an "army" of people, and without deleting anything critical to their operations. Funny how that works, no?

Re:It should be illegal..... (4, Interesting)

blueg3 (192743) | more than 2 years ago | (#38365224)

Reliably? Yes. Sure, it's easy to delete the copy in the production database. It's harder to prove that if the disks backing the production database were stolen and analyzed, it would be impossible to recover the data. It's harder still to locate and redact every backup of the database that contains the data. (It's even harder still to prove that a copy of the data doesn't persist on another user's hard drive as a result of having viewed the data in a web browser.)

This is the Cloud Era; you can't reliably delete data any more.

Re:It should be illegal..... (4, Insightful)

Stormthirst (66538) | more than 2 years ago | (#38364388)

If they are like any organisation I've worked for, they over write the tapes. So no, they don't.

All they have to do is actually delete stuff when a user asks them to, instead of telling the user they have, and then snickering behind their hands like naughty school kids. The buttons on the webpages are marked "delete", and any user should have an expectation that the button would do what it says it does.

Re:It should be illegal..... (4, Insightful)

mcavic (2007672) | more than 2 years ago | (#38364724)

So they should have an army tasked with sanitizing all the backup tapes whenever I delete a photo?

No, backups are fine. But if I tell Facebook to delete something, they should delete it so that it fades out of the backups. Not keep it in their working data, but marked as deleted.

This goes 10 times as much for email providers, as well as credit card numbers, SSN's, etc, once the legitimate need for that information is finished.

Yes, someone may have already copied (or stolen) the data. But this is just about a service provider acting like we expect them to act, not secretly collecting personal information for their own purposes.

Re:It should be illegal..... (3, Insightful)

Algae_94 (2017070) | more than 2 years ago | (#38364798)

No, backups will eventually get overwritten. Deleting a photo should actually delete it in the live system, not just tag it with some metadata that marks it as deleted so no one sees it. I'm not exactly sure how Facebook marks things deleted, but I am sure they don't delete it.

A simple confirmation prompt for a delete would be enough to prevent most unwanted deletions. If you happen to delete a photo you want back, you should have done your own local backup of that file to re-post.

This really comes down to an issue of data trust with organizations you give your data to. Facebook has shown little reason to trust them with personal data, yet people keep sending it to them. Facebook's entire company value is based on how much information they amass on people. It is therefore not surprising in the least that they don't let people arbitrarily delete data and thus reduce their value.

Re:It should be illegal..... (1)

wanzeo (1800058) | more than 2 years ago | (#38365026)

I highly doubt any large website uses backup tapes. They just keep 3 or 4 copies of everything, in different physical locations. So yes, if I want something deleted, it should be just as easy to delete four copies as it is to delete one.

Re:It should be illegal..... (2, Informative)

A. B3ttik (1344591) | more than 2 years ago | (#38364220)

I find this attitude so ignorant. How does a company instantly delete backups on redundant servers? How do they delete redundant hard copies kept in closets separated by meatspace? Furthermore, if you upload something to Facebook, and someone ELSE downloads it and saves it to a CD, and you delete it off facebook, should THEY be forced to magically know you deleted it, and delete their copy as well? Does Google have to delete their caches of your facebook page? Or maybe you are saying that Facebook, Google, etc should never make backups?

The truth is that once you upload something to a site like Facebook, it becomes publicly viewable and accessible and ANYONE can download it. The unfortunate truth is that you can never really UNDO that action, and no matter what arbitrary laws or draconian regulations you force companies to abide by, you can never truly take it back, even if you hit the delete key.

The paradigm shift needs to be in how people view sites like Facebook, Photobucket, etc: Don't upload anything you want to keep private. If you want to keep it private, upload it to a company that guarantees your privacy... NOT Facebook.

Re:It should be illegal..... (5, Funny)

bill_mcgonigle (4333) | more than 2 years ago | (#38364302)

and no matter what arbitrary laws or draconian regulations you force companies to abide by,

We're going to mandate that they both delete data instantly to protect privacy and that they implement mandatory data retention periods so that data can be subpoenaed in the event of a crime.

Re:It should be illegal..... (0)

Anonymous Coward | more than 2 years ago | (#38364760)

It could works as long as nobody observe that it works... then it would collapse to instant deletion or more probably (because of the matter-antimatter imbalance) to mandatory data retention periods !

Re:It should be illegal..... (5, Insightful)

Oxford_Comma_Lover (1679530) | more than 2 years ago | (#38364308)

It might be that the problems suggest, not that the proposed solution should be discarded, but that an alternative solution incorporating both the motivation for that solution and the problems inherent in executing it should be proposed.

For example, perhaps all non-archival copies of the information could be deleted. Furthermore, if the backup system is constructed with the privacy goal in mind, it is possible to give the user control over the ability of the corporation to restore that user's information--a user, for example, might be permitted to order the company to destroy a key that allows decryption of backed up data entered by the user.

Re:It should be illegal..... (4, Insightful)

KhabaLox (1906148) | more than 2 years ago | (#38364830)

-a user, for example, might be permitted to order the company to destroy a key that allows decryption of backed up data entered by the user.

+1 insightful.

GP deserves his Informatives too, but P makes a very good point as well.

Rather than pick positions (e.g. delete it instantly vs. it will be around forever) and evaluate the relative merits or possibilities, it is perhaps more fruitful to understand the motivations for a user to want FB to delete his data, and for FB to keep redundant backups for long periods of time. Once we understand the motivations behind the positions, we can come to a better negotiated outcome (such as the examples P gives) that satisfy both parties. This is the essence of Principled Negotiation [colorado.edu].

(My boss made me read "Getting to Yes.")

Re:It should be illegal..... (4, Insightful)

bennomatic (691188) | more than 2 years ago | (#38364330)

It's the flip side of the Vegas coin. "What goes on the Internet stays on the Internet."

Re:It should be illegal..... (3, Insightful)

PopeRatzo (965947) | more than 2 years ago | (#38364488)

How does a company instantly delete backups on redundant servers?

Who said anything about "instantly"?

And as far as deleting backups on redundant servers, it sounds like it could be done with a few lines of code.

Furthermore, if you upload something to Facebook, and someone ELSE downloads it and saves it to a CD, and you delete it off facebook, should THEY be forced to magically know you deleted it, and delete their copy as well?

Now that's kind of a dumb question. This isn't about what some individual does while data is available online. It's about what a company whose business model depends on collecting and monetizing such data does with it. And what they should be allowed to do with it.

But then, I think that anybody who uses facebook has to know that facebook is all about collecting data on people and monetizing it any way they can. Which is why I will not use facebook. I once created an account there because I needed to do something that required a facebook account, but never really posted anything personal, or real for that matter. I don't have any use for what facebook does and if I did, there are better ways to get it done. I'm just not willing to pimp out my privacy that way.

Re:It should be illegal..... (2)

Ly4 (2353328) | more than 2 years ago | (#38364788)

> And as far as deleting backups on redundant servers, it sounds like it could be done with a few lines of code.

You have obviously never done anything at this scale. Deleting all copies of information on a significant system is a very hard problem to solve. Demonstrating to an auditor that you've deleted everything makes it even harder.

There's actually an entire Defense Department specification/procedure that attempts to describe how to do it: http://www.google.com/?q=DOD+5015 [google.com]

Price Social Networking (2)

tylerv86 (2525310) | more than 2 years ago | (#38364502)

If so many people are concerned with their privacy, yet still want a Social Network; why not create your own website. Using HTML5 or whatever other fad code of today, creating your own fully linked website with interactive media is almost as easy as creating a facebook profile. With the searching power of google finding all your friends is just as easy. Chatting, use irc. facebook as brought nothing new to the area of personal web presence, except it's almost idiot-proof, and, oh yeah. FREE! Now that the dust has settled on this fashionable form of web presence, it's not so amazing to those who don't want everyone in the world with a PC or smartphone to have a direct portal to their info. Kids are killing themselves over this info, crimes are being committed. People, it's time to take responsibility for your own actions and get a clue. If you don't know how the internet works, GET OFF-LINE! Anyone can do anything with a computer. Until there is some kind of world internet police, it's free game. This is what makes it so special. Stop whining and get informed. Don't tell others what to do with their companies, your not paying for anything. On the web, all you have to do and compete. Make something better. Then watch as the users tell you what to do.Best part is, you can ignore them too. You have the power to control your "on-line avatar", whatever, but you cant sit on your hands and let others do it. Get coding!

Re:Price Social Networking (2)

amRadioHed (463061) | more than 2 years ago | (#38364732)

Do you use Facebook? Because it should be obvious how your homemade solution would not do what people use Facebook for.

Re:It should be illegal..... (1)

martin-boundary (547041) | more than 2 years ago | (#38364608)

I find this attitude so ignorant. How does a company instantly delete backups on redundant servers? How do they delete redundant hard copies kept in closets separated by meatspace? Furthermore, if you upload something to Facebook, and someone ELSE downloads it and saves it to a CD, and you delete it off facebook, should THEY be forced to magically know you deleted it, and delete their copy as well? Does Google have to delete their caches of your facebook page? Or maybe you are saying that Facebook, Google, etc should never make backups?

I find that comment very naive. All you're saying is that the existing average backup procedures at most companies are extremely basic, all or nothing, with no organization of the data to speak of. So what? Privacy is an important problem, and deserves the development of more sophisticated backup systems. Especially in the case of a company like Facebook or Google.

What the OP is objviously suggesting is that companies should design more intelligent backup systems that take into account the current status of their customers at all times. If a customer leaves, then this should trigger an immediate clearout order of all their information from the backup system as well as the main system. Obviously, that means backups should be organized so that all the data for a customer is easily grouped and removed at a moment's notice. It's not rocket science, just database theory.

Re:It should be illegal..... (1)

JAlexoi (1085785) | more than 2 years ago | (#38364650)

Then Facebook should remove all privacy ensuring features and make everything public. Otherwise, they shouldn't collect and store any personal data.
In short, what they have to do is remove all data that can be removed. Obviously that would exclude backups written to CDs, but not backups on easily modifiable systems. Otherwise, they are in breach of many countries privacy laws.

Re:It should be illegal..... (4, Insightful)

hawguy (1600213) | more than 2 years ago | (#38364752)

I find this attitude so ignorant. How does a company instantly delete backups on redundant servers? How do they delete redundant hard copies kept in closets separated by meatspace? Furthermore, if you upload something to Facebook, and someone ELSE downloads it and saves it to a CD, and you delete it off facebook, should THEY be forced to magically know you deleted it, and delete their copy as well? Does Google have to delete their caches of your facebook page? Or maybe you are saying that Facebook, Google, etc should never make backups?

Few large companies are using tape when they already have redundant disk storage in redundant datacenters, so typically deletes happen at the speed of replication.

But if there was interest in enforcing a non-retention policy, regulators could say that no user deleted data can be retained longer than XXX days (maybe 90 or 180 days). This gives time for off-site tape backups to be rotated back and recycled. And plenty of time for remote disk replication to occur. A smart company could think of even more clever ways to quickly and securely delete data. Maybe instead of deleting the data itself, the pointer to the data is deleted (which also holds the decryption key to decrypt that piece of data). Then once that pointer is deleted (along with any backups), the data is unrecoverable even if it's on a WORM drive.

The truth is that once you upload something to a site like Facebook, it becomes publicly viewable and accessible and ANYONE can download it. The unfortunate truth is that you can never really UNDO that action, and no matter what arbitrary laws or draconian regulations you force companies to abide by, you can never truly take it back, even if you hit the delete key.

That depends on where I upload it. If I upload an photo where the visibility is set to only allow my girlfriend to see it, then I delete it 2 days later, why should it be recoverable at all? I understand that she may have downloaded it and emailed it to her mother, but I trust her not to do that. So why can't I trust Facebook to not allow it to reappear later in a legal subpoena? Or to resurface 2 years later in a new "undelete" feature that makes all of my deleted content visible?

The paradigm shift needs to be in how people view sites like Facebook, Photobucket, etc: Don't upload anything you want to keep private. If you want to keep it private, upload it to a company that guarantees your privacy... NOT Facebook.

Why not a paradigm shift for companies that acquire personal data that requires them to protect that data.

Re:It should be illegal..... (3, Insightful)

VortexCortex (1117377) | more than 2 years ago | (#38364840)

I find this attitude so ignorant.

I find you so ignorant...

How does a company instantly delete backups on redundant servers? How do they delete redundant hard copies kept in closets separated by meatspace?

By deleting the fucking encryption key. This shit isn't rocket surgery folks.

Oh, it's not encrypted? WHY THE FUCK NOT? Seriously, Best Security Practices Rule #1: Don't Be Sony
Even my Media Library's SQL metadata is encrypted. I keep that database backed up, but if I want to INSTANTLY DELETE BACKUPS THE WORLD OVER ON REDUNDANT SERVERS, I simply wipe the decryption keys. Now, if I can do this, there's really no reason for them to not be able to. If you're concerned about scaling, that's not an issue, (additionally, scalability isn't my problem). They could store the decryption key in a separate table in the same DB, or right in with the other row data, I DON'T CARE, SO LONG AS YOU DON'T SAVE THE DECRYPTION KEY IN THE BACKUP ARCHIVE. That's data that's small enough to have it's own separate archive that's easy to delete on demand. If they can track all that crap they're tracking, they could take the (CPU) time to do it securely... of course they're not required to by law, yet.

Furthermore, if you upload something to Facebook, and someone ELSE downloads it and saves it to a CD, and you delete it off facebook, should THEY be forced to magically know you deleted it, and delete their copy as well?

Of course not you TWIT. That's not remotely as feasible as wiping out a few bytes of key-data; Besides, I don't have a 1st party relationship with them. I DO HAVE a 1st party relationship with Facebook, and in their TOS it says they'll delete shit that I tell them to, but that it may not happen "immediately", and that it may temporarily enter a refuse bin like system. Do you empty your recyling bin once every quarter decade? Do you flush your toilet once a century? WHAT'S A REASONABLE LENGTH OF TIME TO NOT DELETE AN ENCRYPTINON KEY?!

Does Google have to delete their caches of your facebook page? Or maybe you are saying that Facebook, Google, etc should never make backups?

Once again 1st & 3rd parties. Since Facebook says they WILL DELETE your content once you've deleted your profile (unless it's been shared on another's wall, etc), THEY SHOULD BE ABLE TO DELETE IT. Now, they haven't done so in what I'd consider a reasonable amount of time... indeed, they show the opposite effect. This is my opinion. Perhaps you're more unreasonable than I.

Re:It should be illegal..... (5, Insightful)

drcheap (1897540) | more than 2 years ago | (#38364224)

It should be illegal for these companies to keep user generated content once the user deletes it.

It's legal because the user agreed to let them keep it. I'm sure it's somewhere in those 6000 words nobody reads...probably something along the lines of "content uploaded by the user of the system becomes the sole property of the system" only more legalese sounding.

Re:It should be illegal..... (1)

xaxa (988988) | more than 2 years ago | (#38364404)

It should be illegal for these companies to keep user generated content once the user deletes it.

It's legal because the user agreed to let them keep it..

No. No matter what Facebook say, they can't override European/Irish (in their case) law.

I don't know the specifics of Irish law, but for example, personal data must be deleted once it is no longer needed.

Re:It should be illegal..... (2)

Georules (655379) | more than 2 years ago | (#38364522)

personal data must be deleted once it is no longer needed.

Once it is no longer needed by whom? I think it's amusing that people think they own the data they post to facebook.

Re:It should be illegal..... (4, Informative)

Mashiki (184564) | more than 2 years ago | (#38364524)

Indeed. In europe and canada an individual has final say on their personal information. And if it's deleted the company must delete any backup or cached data relating to that person too.

Re:It should be illegal..... (-1)

Anonymous Coward | more than 2 years ago | (#38364848)

Yeah, good luck with that. The law is irrelevant, because it's not enforceable. Is the government going to have inspectors going around digging through exabytes of backup tapes at every web company looking for backups that contain info about users who have closed their accounts? No. These laws sound about as effective as drug prohibition laws, or laws prohibiting certain sex acts. If the law can't be enforced, it shouldn't be a law.

Re:It should be illegal..... (2, Insightful)

Anonymous Coward | more than 2 years ago | (#38364240)

If a user shares content, it belongs to everyone who it was shared with.
Removing it because someone deleted it isn't a clear cut as people here make it seem.

Re:It should be illegal..... (1)

Anonymous Coward | more than 2 years ago | (#38364286)

Are you retarded? This is unfeasible, plus what stops your friends from automatically downloading and resharing all of your user generated content? Nothing. Should 'these companies' stop your friends too?

YOU put it out there (1)

ArchieBunker (132337) | more than 2 years ago | (#38364384)

Why, you yourself made this data available to another person the moment it was uploaded to a service you do not control.

Re:It should be illegal..... (0)

Anonymous Coward | more than 2 years ago | (#38364718)

All your data are belong to us?

Re:It should be illegal..... (0)

Anonymous Coward | more than 2 years ago | (#38364814)

It should be illegal for these companies to keep user generated content once the user deletes it.

Them's the Terms. Don't like it? Create your own site and implement your own delete content policies. Call it something other than AssFace though, because I'm gonna make an AF blog of your site. :P

Your content becomes shared content (1)

EmotionToilet (1083453) | more than 2 years ago | (#38364898)

When you post links and images and status updates, it isn't just your information, it's broadcasted information. If a bunch of people are tagged in a photo you posted, it isn't really your photo anymore. This is kind of the nature of the internet. If someone really doesn't want something shared, they can e-mail it or throw it on a file server and give someone a link to it.

Re:It should be illegal..... (1)

MightyYar (622222) | more than 2 years ago | (#38365142)

It should be illegal for these companies to keep user generated content once the user deletes it.

That's my gut reaction, too. But..

What if I walked over to a public bulletin board every day and took a picture of all the stuff people had posted. That's probably OK, right? (Creepy, but OK.)

What if I crawled Facebook every day and archived all of the publicly accessible stuff? That's probably OK, right?

So at the least, Facebook should be able to archive all of the publicly accessible stuff on their site. Otherwise, you are limiting what they can do with their own data in a way that their potential competitors are not limited.

The private data might be different...

Pushing for more of what it knows... (0, Troll)

Twigmon (1095941) | more than 2 years ago | (#38364126)

Because if at first you don't succeed, ask for even more pdfs O.O

Sounds like he's doing this for attention...

Re:Pushing for more of what it knows... (1)

sdnoob (917382) | more than 2 years ago | (#38364298)

no.... not for attention to himself but for attention to the huge problem at hand... the old ''i have nothing to hide'' excuse for ignorance won't fly here.. everybody should be worried, and not just facebook users.

i wonder.... can he also do the same with google?

Re:Pushing for more of what it knows... (3, Insightful)

PopeRatzo (965947) | more than 2 years ago | (#38364564)

Sounds like he's doing this for attention...

And if the "attention" he gets convinces some people to stop using facebook or not to start using it in the first place, then he has done something worthwhile.

Re:Pushing for more of what it knows... (1)

wvmarle (1070040) | more than 2 years ago | (#38365050)

And rightfully so: getting attention for the huge amount of personal data Facebook gathers of every single user of their site. It is something too many people do not realise: whatever you put on Facebook is there, out in the open (don't worry about "privacy settings", they have little to no meaning), and is there forever (don't worry about "delete" because it doesn't do what it says).

Clicked on this, clicked on that (4, Insightful)

ackthpt (218170) | more than 2 years ago | (#38364142)

Sure, a flood of data looks mundane, but combing it with the right filters probably tells lots of interesting stuff, like the DNA of relationships and interests. I can only hope mine is utterly meaningless. I've tried very hard to ensure that eventuality.

WTF was he expecting? (0)

Anonymous Coward | more than 2 years ago | (#38364154)

A database dump?

Old stuff (0)

Anonymous Coward | more than 2 years ago | (#38364172)

This popped up in European news 4 months ago. Facebook meanwhile no longer answers such requests in time. Just search Google News for his name, and you will find plenty of information about the case.

Tor OPSEC (-1, Offtopic)

Anonymous Coward | more than 2 years ago | (#38364206)

Origin of discussion:
http://ubuntuforums.org/showthread.php?&t=1890619 [ubuntuforums.org]

@querent:

"First, I want to use TOR to download .pdf files"

First, how have you setup Tor? (it's not TOR btw, it's Tor)

Have you installed the Tor Browser Bundle? (TBB) It contains a (limited) preconfigured Tor environment (you need to reconfigure the included Noscript properly as by default it is set to allow everything, which is bad) and includes Vidalia, a Tor GUI front-end. If you have, you can right click on most .PDF file download links and select your local destination for the PDF to download to and it runs through Tor without leaping outside of the Tor client. Some PDF file downloads are caught by Tor button for unknown reasons, it thinks you're trying to load it directly and not download it when you're trying to download it. This may be a bug which appears at random. TBB's preconfigued Tor environment does not modify files like wgetrc (more on this later) or other application's files outside of the applications it provides.

My preferred method of handing PDF files when using Tor is to load them remotely via this free web service:
http://view.samurajdata.se/ [samurajdata.se]

I don't see that website as having any ads, but I block ads anyway, nor are there any posts begging for money, nor do they push an application to download in order to view the PDFs. It's the most simplistic layout I've seen for loading PDFs remotely and safely so they don't touch your system (your web cache should be disabled and is disabled if you use TBB, your swap and home partitions, if not your whole system should be encrypted). But does the admin track PDFs and IPs? Simple, always use Tor with that site with nothing personal.

It should be noted the moment you begin using your real name and playing about on Facebook with your friends or acquaintances via Tor, you've lost the plot. Do not mingle your personal Internet use with your Tor Internet use. Do not use Tor while at the same time accessing your personal e-mail outside of Tor (you shouldn't load it inside Tor, for that matter, either). Don't boast through Tor to one of your chums that you're using Tor.

The PDF files (at view.samurajdata.se) are transformed into single paged graphics which you may navigate through easily. 99% of the time it works, some PDFs it chooses not to load and spits out an error. It doesn't
require Flash and works without cookies or javascript enabled. I don't know who runs the site or their privacy and data retention habits, but I recommend it above all other sites offering to convert PDFs on-line. I have not tested uploading local PDF files to that service so I cannot suggest others do so, I don't know whether or not there would be any privacy leaks in doing so, so just copy/paste urls into that service.

In using that free PDF converter website, I can preview the document to determine beforehand whether it is worth the time, space, and effort in manually downloading the PDF and storing it for future access. Should you access PDF files on your system, I would recommend burning them to a CD or DVD, a read only medium, and accessing them from a non-networked environment such as a Linux LiveCD with the network cable unplugged, using an open source PDF reader, never use the proprietary PDF reader from Adobe, unless you're reading off-line from read only media, in addition to pulling the network cable prior to booting from a fresh and verified LiveCD and pulling the cable and power plugs from any hard drives (before you turn your system ON), to eliminate any possible contamination. Remember, you're downloading PDF files through Tor, and unless you verify each file through checksum verification (like MD5 or GPG) there's a chance they could've been trojaned by a rogue exit node, or contain phoning home instructions or any other type of malicious "feature". No amount of open or closed source virus/trojan scanners can convince me a file is entirely free of malware.

If you're booting from a LiveCD to use Tor, I heavily recommend pulling the plug/power cord from any hard drives just in case, before you start your LiveCD session and before you've powered the system ON, so no data is transferred/shared through the use of the LiveCD sessions. I strongly recommend against using a preconfigured Tor LiveCD, not limited to but including the recent, "Tails LiveCD". You have no method
to inform you on whether or not the binaries have been modified to whatever end. While not pointing
the finger at any one such project, I can imagine the temptation would be great for a malicious user or project team to poison the well, so to speak, with compromised binaries naive users would trust their security/privacy to.

If you're running a system with sufficient memory, you should be able to download a Linux LiveCD of your choosing, verify it with MD5 or GPG, verify it with the bootable option to, "Verify This CD", extract the
previously downloaded TBB into the home directory, disable all extra network services, configure
a few files like hosts.deny and others as well as changing the password on the LiveCD user account.
Since the LiveCD user runs with elevated privileges, you should consider creating your own LiveCD
for TBB use, stripping it down to only the basics to minimize bugs in some packages in the repositories
which could compromise your Tor operational security/privacy.

There are free tools like remastersys which allow you to put together a LiveCD with packages of your choosing. You may configure a proper limited user account beforehand and use this with TBB from your customized LiveCD. I'm not recommending remastersys or any other LiveCD creation tool as I have not audited their source
code nor do I blindly trust binaries, but it's an option.

It would be wise to consider all binary transfers via Tor as potentially trojaned by a rogue exit node,
modifications to data by a rogue exit node AND sniffing of plain text traffic occurs and is well
documented. Some good preventative methods for browsing in Tor:

1. https://www.ixquick.com/ [ixquick.com] offers encrypted searches AND proxying of web content, you may surf in Tor
through Ixquick's web proxy for excellent SSL protection.
2. https://ssl.scroogle.org/ [scroogle.org] offers encrypted searches but offers no secure web proxy. Using Scroogle
or Ixquick over Google or Yahoo among others is encouraged as you don't hit a brick wall with an
error message (Yahoo) or a message saying you have to verify you're a human (Google). By default
Torbutton will redirect you to one of a few alternative search engines. Ixquick may require javascript
to yield more search results than the first page presented to you, so I suggest Scroogle for
web searches and Ixquick's free SSL web proxy for browsing. Do not, under any circumstances,
enable the use of Javascript without Noscript loaded and configured properly. There are many
ways to decloak and otherwise poison Tor traffic with javascript enabled and no Noscript plugin.

Flash: Don't install the plugin, don't try alternatives, they won't be torrified.
Some have claimed, on Tor's or-talk mailing list discussions, to have enabled YouTube's HTML5
option and, without the use of a Flash plugin, enabling the content to be shot through Tor
but I haven't tried it. There are methods of downloading flash videos through Tor, such as
through a third party website or by using clive or youtube-dl, both are listed in the
Ubuntu repositories but each must be configured to use a proxy with Tor like Polipo
or Privoxy.

Second, if you haven't installed Tor via the TBB, you've opted to install and configure Tor with a proxy like Polipo or Privoxy. If this is so, it's easier to download PDFs as you don't need to accomplish this through the browser, instead you modify your /etc/wgetrc file with a proxy configuration matching the proxy port you're using with Tor.

$cat /etc/wgetrc | grep proxy

(default wgetrc displays as follows):
#https_proxy = http://proxy.yoyodyne.com:18023/ [yoyodyne.com]
#http_proxy = http://proxy.yoyodyne.com:18023/ [yoyodyne.com]
#ftp_proxy = http://proxy.yoyodyne.com:18023/ [yoyodyne.com]
# If you do not want to use proxy at all, set this to off.
#use_proxy = on

sudo nano /etc/wgetrc

or

gksudo gedit /etc/wgetrc

You would specify the proxy as http://127.0.0.1proxy/ [0.0.1proxy] port number here
If you're using a proxy port of 12345, for example, it would be http://127.0.0.1:12345/ [127.0.0.1]
I don't know what port Polipo and Privoxy use, but use whatever value they specify.

With wgetrc configured properly and proxy lines uncommented, you can test it by using
wget in a Terminal to manually download the PDF files, copy/paste the url into the
Terminal following the wget command, and I recommend using the -c option in case the
download fails somewhere during your download:

wget -c https://www.torproject.org/dist/torbrowser/linux/tor-browser-gnu-linux-i686-2.2.34-3-dev-en-US.tar.gz [torproject.org]

This would download the TBB for Linux (current as of 12/12/2011). While on the subject, please
verify every Tor package you download using GPG, instructions are on their site, as well
as instructions to torrify your gpg key fetching if you don't wish to grab gpg keys in the
clear.

I haven't tested wget while using the TBB, I don't know what would be required here, installing
Polipo or Privoxy and appending the proper local address with port within Vidalia and giving
it a go or by some other method. All this rests on the belief you're downloading legal PDFs.

"or .torrent files"

I can't help you with that and it's considered bad etiquette to run torrent traffic
through Tor.

"An external application is needed to handle:
file.pdf
NOTE: External applications are NOT Tor safe by default and can unmask you!
If this file is untrusted, you should either save it to view while offline or in a VM,
or consider using a transparent Tor proxy like Tails LiveCD or torsocks.

"Am I OK? Can I proceed safely and anonymously?"

No, not when it pops up with that warning. Don't click on the PDF url, right click on
the url and save it locally and the transfer will traverse through the Tor network.
As above, I mentioned Tor button randomly pops up with this warning even though I've
right clicked on the PDF url, probably a bug but it thinks you're trying to view it
directly. You should see that Tor button warning most of the time for when you're
trying to access non-torrifyed content directly. Always click CANCEL when this
warning appears.

My best suggestion would be to use wget with a properly modified wgetrc file, this
likely means you'll have to download and configure Polipo or Privoxy. If you're
using the TBB, you're on your own, I haven't explored it.

"Also, I want to use a web-based email service via TOR so as to have anonymous email capabilities. Gmail worked for a while, but just asked me what city I usually log in from, cause it thought my account was hijacked. Know any web-based email providers that will work with TOR?"

There are several options, you may google for a result or post to Tor's or-talk mailing list, see the Documentation page on Tor's official website for instructions on signing up and posting to the public
list, which consists of Tor developers and users. I cannot advise you here as some TOS for free web-mail
may stipulate you may not mask your origin of transit with their services, which is just what one
would be doing by using their service. G-mail is not recommended, you want to look for a web service
which maintains a constant SSL connection from the beginning to the end of your session. In addition,
one which does not require the use of javascript, cookies, or any other of the privacy busting
potentials.

@Dangertux:
"Hushmail might work with Tor pretty well"

Does Hushmail not require Java installed to function? Java is a big no no when using Tor, for
many reasons not limited to rogue exit nodes manipulating your traffic to unmask or otherwise
poison your Tor session and possibly exploit the java user's system. In the ideal Tor setup,
no plugins should be installed, this is where the TBB for Linux works well, it has no
plugins by default, it does have some extensions, such as Tor button, Noscript, and eff.org's
HTTP-Everywhere, but no plugins. Hushmail also has a checkered history, in my opinion,
concerning privacy and I don't approve of their methods of encryption or use of Java.
Wait a second... Well l00ky what we have here:

"Hushmail Turns Data Over to Government"
http://www.schneier.com/blog/archives/2007/11/hushmail_turns.html [schneier.com]

Furthermore, you shouldn't install other extensions unless
you are certain they work well with Tor, they could leak, Tor's website offers a page suggesting
which plugins work well. I would stick with the three TBB contains, and configure them correctly
as I mentioned earlier, Noscript is setup by default to allow everything by default which is bad.
To verify no plugins (don't confuse with extensions) are installed, type about:plugins in your
browser's address bar. No plugins should be listed. I find TBB useful as I can use it for
Tor only, and use another browser outside of the TBB directory, installed from Ubuntu's repositories,
for non-Tor use, why mix the two in one browser? It's complicated and messy. And, unless I'm
mistaken, TBB's version of Firefox (Aurora) has been tweaked by the Tor developers to address
certain issues vanilla Firefox would otherwise contain.

The preferred method of removing the possibility of any Tor leakage is to change my network
settings during Tor use to list no DNS servers. If, by error, you launch an application
outside of Tor, there are no DNS servers to catch the application's requests, they are
stonewalled and will turn up an error. Despite what some may tell you, Tor functions
well with no DNS servers listed. After you modify your network settings with DNS servers
removed, check your resolv.conf file, it should look like this:

$cat /etc/resolv.conf
#Generated by NetworkManager

With no DNS servers listed.

You may also opt to block DNS during your Tor session with ufw by blocking all communication
with port 53. You may also choose to, as in my thread within the Security section here details,
block all ports except those you need and configure Vidalia or your torrc file if not using Vidalia,
to use only port 80 and 443 for its operation.

Lastly, get to know and love using Tor bridges:
https://bridges.torproject.org/ [torproject.org]

Why tell everyone on your network you're using Tor? Tor use may stand out in other ways,
but by using bridges, you're obscuring your use of Tor, instead of telling everyone on
your network you're connecting to known Tor nodes. It's simple to determine you're using
bridges, but it's more difficult than using the standard method of Tor connectivity.

Has your network provider setup a honey-pot virtual Tor network and you're connecting
to it rather than the genuine Tor network? How would you know? Again, this is where
using bridges is the preferred method for Tor access. Clear documentation of using
bridges is on Tor's official site, but made easier by using Vidalia and accessing
the Tor bridges page, and copy/pasting the Tor bridges into Vidalia's GUI section
under Vidalia's Settings, Network, and box tic for "My ISP blocks connections to
the Tor network". If you have a legit connection to the Tor network without
using bridges, how may you know whether or not your network provider is limiting
the nodes you're able to access and hasn't blacklisted many in order to better
monitor your Tor usage?

The subject of a network provider setting up a fake Tor network has been documented
and if memory serves me has appeared in at least one White-paper.

If in doubt during any Tor use, Wireshark may be used to verify traffic is
contained within the Tor network, it's in the Ubuntu repositories.

I've waddled outside your request with more information than the OP
requested, but it's useful information for all. (and to all a good night!)

Bonus material: from a verified trusted and true LiveCD, run rkhunter and
chkrootkit against your hard disk drives, extra points for using a tool
such as hexdump or objdump to check binaries and space on the hard drive
for any potential virus or trojaned software/sectors. Trojans targeting
the system's BIOS are becoming more common, standard practice for any
new system you obtain is to set the BIOS write protect within the
BIOS options and question whether bundled system update programs
which may want to update your BIOS is really required, and source
verified (has your DNS been poisoned? A new project called DNSCrypt
has been floating around in recent tech news as a potential solution to
these attacks).

Extra credit: Employ TEMPEST shielding techniques, never use a program
which claims to keep your computer passwords safe or simply holding them
for you, they are vulnerable to TEMPEST based attacks (and keeping them
on any r/w medium is stupid on so many levels). Use a Frequency Counter
and test for through-the-air leakage. Never use Tor on a Windows based
system! Not even within a VM. If you trust it, it's closed source:
install Wine and run a freeware program called, "Zero Emission Pad"
to modify/read your text documents in, as it claims (strong emphasis
on claims) to prevent TEMPEST attacks. It's a Windows only freeware
program which I haven't vetted for possible leaks but it is interesting,
google for it and you'll eventually find it. At least one software
vendor in the U.S. offers a proprietary and commercial application
which does the same job, but I have no trust in commercially
developed, closed source software, which is a reason why trusting
GPG over PGP is a great idea.

Related OPSEC reading:

TEMPEST (or, "Hey! Who owns that van/RV/delivery truck outside? It never moves!"):
- http://www.eskimo.com/~joelm/tempest.html [eskimo.com]
- http://en.wikipedia.org/wiki/TEMPEST [wikipedia.org]
- http://cryptome.org/tempest-law.htm [cryptome.org]
- http://en.wikipedia.org/wiki/Van_Eck_phreaking [wikipedia.org]
- http://packetstormsecurity.org/files/13982/tempest.txt [packetstormsecurity.org]
- [PDF] http://packetstormsecurity.org/files/65944/tempest.pdf [packetstormsecurity.org]
- http://slashdot.org/article.pl?sid=99/10/25/2039238 [slashdot.org]
- http://it.slashdot.org/story/02/03/09/199242/crt-eavesdropping-optical-tempest [slashdot.org]
- http://yro.slashdot.org/story/99/11/08/093250/coming-to-a-desktop-near-you-tempest-capabilities [slashdot.org]
- http://slashdot.org/story/01/01/16/139244/NSA-Reveals-Some-Tempest-Information [slashdot.org]
- http://it.slashdot.org/story/09/03/12/2038213/researchers-sniff-keystrokes-from-thin-air-wires [slashdot.org]
- http://tech.slashdot.org/story/99/07/19/1324207/super-shielded-pc-cases [slashdot.org]
- http://www.cl.cam.ac.uk/~mgk25/emsec/optical-faq.html [cam.ac.uk]

TEMPEST ; Stealing Data Via Electrical Outlet
- http://it.slashdot.org/story/09/07/12/0259246/stealing-data-via-electrical-outlet [slashdot.org]

TEMPEST ; Compromising Wired Keyboards:
- http://hardware.slashdot.org/story/08/10/20/1248234/compromising-wired-keyboards [slashdot.org]

TEMPEST-for-eliza - demonstrate electromagnetic emissions from computer systems
(it's in the Ubuntu repositories, verify the tech threat for yourself)
- http://www.erikyyy.de/tempest/ [erikyyy.de]
- http://cryptome.org/nsa-vaneck.htm [cryptome.org]

Frequency counter devices:
- https://en.wikipedia.org/wiki/Frequency_counter [wikipedia.org]

DNS:
- http://en.wikipedia.org/wiki/DNS_cache_poisoning [wikipedia.org]

DNSCrypt (not usable at this time AFAIK):
- https://www.opendns.com/technology/dnscrypt/ [opendns.com]

ARP:
- http://en.wikipedia.org/wiki/ARP_spoofing [wikipedia.org]

RF:
- http://www.amazon.com/Radio-Frequency-Interference-Amateurs-Publication/dp/0872593754/ref=sr_1_1?ie=UTF8&qid=1323721603&sr=8-1 [amazon.com]
- http://www.radioreference.com/ [radioreference.com]
- http://forums.radioreference.com/ [radioreference.com]
- http://www.ac6v.com/frequencies.htm [ac6v.com]

AX25 (is someone being sneaky and controlling your computer remotely through the air?)
(the dirty hidden secret of AX25 and packet radio, or how your computer is capable of much
more than you think, are we all rooted remotely?) (note: has nothing to do with Wifi)
- http://tldp.org/HOWTO/AX25-HOWTO/index.html [tldp.org]

Packet Radio:
- http://en.wikipedia.org/wiki/Packet_radio [wikipedia.org]

Anti-malware:
- http://rkhunter.sourceforge.net/ [sourceforge.net]
- http://www.chkrootkit.org/ [chkrootkit.org]

Apt:
- http://wiki.debian.org/SecureApt [debian.org]

Package Manager Security:
- http://www.cs.arizona.edu/stork/packagemanagersecurity/faq.html [arizona.edu]

Packet Filtering Firewalls:
- http://www.kuro5hin.org/story/2002/11/23/14927/477 [kuro5hin.org]

Detecting Packet Injection:
- https://www.eff.org/wp/detecting-packet-injection [eff.org]

Encryption: (TBB from within an encrypted Truecrypt container within an encrypted Ubuntu install? woot!)
- http://www.truecrypt.org/ [truecrypt.org]

DHCP OPSEC:
- http://en.wikipedia.org/wiki/Rogue_DHCP [wikipedia.org]
- http://trac.secdev.org/scapy/wiki/IdentifyingRogueDHCPServers [secdev.org]

EMF:
- https://secure.wikimedia.org/wikipedia/en/wiki/EMF_Meter [wikimedia.org]

Tor:
- https://www.torproject.org/ [torproject.org]
- https://weather.torproject.org/ [torproject.org]
- https://www.torproject.org/vidalia/ [torproject.org]
- https://www.torproject.org/torbutton/ [torproject.org]
- http://metrics.torproject.org/ [torproject.org]
- https://bridges.torproject.org/ [torproject.org]
- http://torstatus.blutmagie.de/ [blutmagie.de]
- https://check.torproject.org/ [torproject.org]
- https://www.torproject.org/docs/tor-doc-unix.html.en [torproject.org]
- https://www.torproject.org/docs/faq.html.en [torproject.org]
- https://blog.torproject.org/blog/ [torproject.org]
- https://www.torproject.org/docs/documentation.html.en [torproject.org]
- https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk/ [torproject.org]
- https://trac.torproject.org/projects/tor/wiki/ [torproject.org]
- https://trac.torproject.org/projects/tor/wiki/doc/SupportPrograms [torproject.org]
- http://freehaven.net/anonbib/topic.html#Anonymous_20communication [freehaven.net]
- https://www.torproject.org/projects/torbrowser.html.en [torproject.org]
- https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO [torproject.org]
- https://www.torproject.org/docs/proxychain.html.en [torproject.org]
- https://www.torproject.org/download/download-easy.html.en#warning [torproject.org]

Tor OPSEC And General Articles:
- http://www.schneier.com/blog/archives/2011/09/tor_arms_race.html [schneier.com]
- http://www.schneier.com/blog/archives/2011/03/identifying_tor.html [schneier.com]
- http://www.schneier.com/blog/archives/2010/12/tor_routers.html [schneier.com]
- http://www.schneier.com/blog/archives/2007/09/anonymity_and_t_1.html [schneier.com]
- http://www.schneier.com/blog/archives/2007/12/maninthemiddle.html [schneier.com]
- http://www.schneier.com/essay-182.html [schneier.com]
- http://www.schneier.com/blog/archives/2010/01/web_security.html [schneier.com]
- http://www.schneier.com/blog/archives/2010/05/detecting_brows.html [schneier.com]
- http://www.schneier.com/blog/archives/2011/03/detecting_words.html [schneier.com]
- http://www.schneier.com/essay-262.html [schneier.com]
- http://www.schneier.com/blog/archives/2009/04/identifying_peo.html [schneier.com]
- http://www.schneier.com/blog/archives/2010/09/real-time_nsa_e.html [schneier.com]
- http://www.schneier.com/blog/archives/2011/09/identifying_spe.html [schneier.com]
- [PDF] http://packetstormsecurity.nl/filedesc/Practical_Onion_Hacking.pdf.html [packetstormsecurity.nl]

IMPORTANT, ALWAYS VERIFY SIGNATURES!:
- https://www.torproject.org/docs/verifying-signatures.html.en [torproject.org]

Firefox addons:
- https://eff.org/https-everywhere [eff.org]
- https://addons.mozilla.org/en-US/firefox/addon/noscript/ [mozilla.org]
- https://www.torproject.org/torbutton/ [torproject.org]

Acoustics:
- http://seclab.uiuc.edu/pubs/LeMayT06.pdf [uiuc.edu]
- http://people.csail.mit.edu/tromer/acoustic/ [mit.edu]
- http://en.wikipedia.org/wiki/Acoustic_fingerprint [wikipedia.org]

Writeprint (thought your words were anonymous via Tor, right? WRONG!):
- http://www.schneier.com/essay-182.html [schneier.com]
- http://www.schneier.com/blog/archives/2007/09/anonymity_and_t_1.html [schneier.com]
- http://www.schneier.com/blog/archives/2011/08/identifying_peo_2.html [schneier.com]
- http://en.wikipedia.org/wiki/Writeprint [wikipedia.org]

ELF:
- http://www.linuxforums.org/articles/understanding-elf-using-readelf-and-objdump_125.html [linuxforums.org]
- http://en.wikipedia.org/wiki/Executable_and_Linkable_Format [wikipedia.org]

Reverse Engineering:
- http://www.securityfocus.com/infocus/1637 [securityfocus.com]
- http://www.securityfocus.com/infocus/1641 [securityfocus.com]
- http://www.openrce.org/articles/ [openrce.org]

Why, what a BEAUTIFUL scarf I received for the Holidays! Wait, what!?
- http://en.wikipedia.org/wiki/subvocal_recognition [wikipedia.org]
- http://en.wikipedia.org/wiki/Stenomask [wikipedia.org]

Why are my windows constantly vibrating? What the... !!! "You'll shoot your eye out, kid!"
- http://www.williamson-labs.com/laser-mic.htm [williamson-labs.com]

StegFS:
- [PDF} http://www.cl.cam.ac.uk/~mgk25/ih99-stegfs.pdf [cam.ac.uk]

DBAN:
- http://dban.sourceforge.net/ [sourceforge.net]

ENF:
- http://sourceforge.net/projects/nfienfcollector [sourceforge.net]

Tinfoil hat reading / remote system compromise through the air on a grand scale! (omg CONSPIRACY?
Or, I forgot to take my pills?)
- https://tagmeme.com/subhack/ [tagmeme.com]

To conclude, Google for:

- powerline vulns (or, "Hey, my key-presses can be picked up via powerline!")
- additional through-the-air attacks
(or, "What!? Someone in the other room or building can pick up my key presses?)
- temperature vulns (or, "Hey, my cpu can be compromised by temperature attacks?
Wait a minute, why WAS that cute red head spending so much time looking inside my
computer when I had it open and asked me to go into the kitchen to make an elaborate
meal? How miniature modifications to hardware can escape your sight!) Don't forget
Timing and Side Channel attacks!

Walking in a winter wonderland....
"Behold, I give unto you power to tread on serpents and scorpions,
and over all the power of the enemy" - Luke 10:19

I forgot to add:

uget easy-to-use download manager written in GTK+2
- http://urlget.sourceforge.net/ [sourceforge.net]
- http://uget.visuex.com/ [visuex.com]

uget is in the Ubuntu repositories and claims to support proxies, via:

man uget-gtk

from the man file:

--proxy-type=N set proxy type to N. (0=Don't use)
--proxy-host=HOST set proxy host to HOST.
--proxy-port=PORT set proxy port to PORT.
--proxy-user=USER set USER as proxy username.
--proxy-password=PASS set PASS as proxy password.

I haven't tried uget's proxy support, try it and tell us if it worked for you.

Uh, what? (5, Insightful)

twotacocombo (1529393) | more than 2 years ago | (#38364274)

This article's summary is rather baited. I fail to see how see how this guy "learned the hard way". It's not like they rolled up with a truck and dumped reams of paper in the middle of his living room. He received a CD with files in an easily searchable format. I'm sure he knew going into it he wasn't going to read through it all in a night, and probably doesn't contain any surprises. If anything, Facebook "learned the hard way", now that they have to divulge the massive amount of data that they store, upon request, which means they must employ people to do this. Are the costs incurred outweighed by any profit produced by hoarding this particular information?

Re:Uh, what? (3, Informative)

oodaloop (1229816) | more than 2 years ago | (#38364320)

Yeah, after the first few sentences I was expecting he received several boxes of printed out code. Oh, he got one CD? That sounds...anticlimactic.

Re:Uh, what? (1)

wvmarle (1070040) | more than 2 years ago | (#38365068)

It contained one big surprise to him: everything that he thought was "deleted" was still there.

LOL (2)

kheldan (1460303) | more than 2 years ago | (#38364292)

..and this is why I don't use my real name anywhere online that I can possibly get away with it, or use any personally-identifiable information about me on any social networking. Enjoy your false, worthless data, Facebook.

Re:LOL (1)

Anonymous Coward | more than 2 years ago | (#38364372)

Good luck with that:
http://www.nytimes.com/2011/07/24/opinion/sunday/24gray.html?_r=1

Algorithms to identify users based on their writing style are getting better all the time. The more posts you make here, the easier it is to track you down to another identity on the web and, ultimately, to something in your real name. The only safe bet is to assume that eventually everything you write on the Internet will be traced back to you. Don't want it public, don't write it.

Re:LOL (3, Interesting)

Anonymous Coward | more than 2 years ago | (#38364876)

Yes, they're getting better, but there are inherent problems in the methodologies of stylistic analysis that make any claims of being able to identify authors based on style alone open to extreme skepticism. To put it another way, the only people claiming they can ID you based on how you write are marketing droids or snake-oil salesmen.

I did some work in a highly related field, stylochronometry. That's the measurement of change over time in a single author's style. The classic problem set for this kind of work is the Platonic corpus: people try to write algorithms to order Plato's writings chronologically. Philosophers want this information so they can trace the development of Plato's thought over time, so they give the problem to computational linguists, who try to measure things like the frequency of certain kinds of sentences or phrases or particles (hard to define words that show the relationship between sentences or, even more vaguely, give phrases "flavor") in various texts and then compare those frequencies to generate trends. There's generally an assumption that at least some of these variables will have a linear increase or decrease over time. More problematic, though, is that Plato may have gone back and edited parts of texts or entire texts, and there's some evidence (from outside these methodologies) that indicates this is the case. These problems have caused some (very rightly) to call into question the validity of stylochronometry, and the fact of the matter is that each study that's been done comes up with a different sequence in which the texts were written. It's a lot of effort being thrown at a problem in vain.

The same problems plague the study of authorship of anonymous internet posts through stylistic analysis. On Slashdot, you can't edit, but you can on blog posts, and you can have multiple authors collaborating without attribution. There's also plagiarism to complicate the number of authors: you don't know if person X's post is entirely his own or if parts were snagged from elsewhere, which would throw an algorithm off track. Most importantly, the basic assumption of stylochronometry, that style changes with time, causes a problem for algorithms that seek to find correlation among posts that were written at different times. Worse, people change their style from day to day or hour to hour (maybe I'm babbling now because I've had a lot of rum; maybe I'm usually more concise) and from context to context (maybe I write one way when responding to some articles, but I cite more sources on others, or I troll in other environments like ZeroHedge, or I use lots of abbreviations when discussing my furry anime fetishes -- rhetoric depends on context).

Things on the internet won't be traced back to you unless you're a bot that always writes in the same style. And, you'll never discover the order in which Plato wrote his dialogues.

Re:LOL (1)

Requiem18th (742389) | more than 2 years ago | (#38365086)

Bullshit, there will always be plausible denial. Further more while it's prudent to assume that any safeguards to your identity can potentially be breached, it's absurd to just give up on them altogether.

That's like saying "locks can be broken so never use them".

This is exactly the kind of bullshit that facebook wants you to think. Unfortunately I don't think you are a paid shill.

Re:LOL (0)

Anonymous Coward | more than 2 years ago | (#38364500)

The data might be false, but I'm sure it is not worthless. USER (real or false) = AD MONEY

Re:LOL (1)

wvmarle (1070040) | more than 2 years ago | (#38365122)

They don't care about your real name, or which individual body it refers to.

They care about you the user, with your user account, because they know that behind one user account is one individual user, and no matter what name they put on the account it is still one user. That user has interests, has friends, connections, posts photos and messages, replies, likes, pokes: that is the information they need to create a profile of you, the user. And with that profile they can figure out your likes and dislikes, and target advertising to you. Even if you don't put your name/location/etc in it, they will have a very very good guess based on your relations with other people, not to forget the geocoding of the IP you use to log in to their system.

Your Facebook data is as valuable to Facebook as anyone else who uses their real name, because a name is just that: a name. Have you ever asked any of your real-life friends whether the name they introduce themselves with to you is the same as the name that appears on their ID card? And does it really matter?

You may make it a little harder for external parties that have an interest in you the person to find your real world identity out of your Facebook data, but it won't be too hard either. The other way around is even easier: someone just has to poke around on your computer and they will very soon find your Facebook name somewhere.

Not sure what he was expecting to find. (0)

Anonymous Coward | more than 2 years ago | (#38364318)

News Flash. Facebook has a record of all the information you willingly give to Facebook.

Reasonable expectation of privacy... (1)

Anonymous Coward | more than 2 years ago | (#38364360)

I find it rather funny, that people get all worked up because facebook has all of the data that people happily give them.

Why is any of this a surprise? People happily hop on facebook and narrate their lives, a treasure trove of marketing data volentarily handed over, and you expect somehow that it's private or safe?

The problem isn't facebook, or the other social networks. PEBKAC.

No delete (2)

Bucky24 (1943328) | more than 2 years ago | (#38364390)

"Facebook, it seems, doesn't think much of the Delete key and continued to hold copies of the data on its servers."

This really shouldn't come as a surprise for anyone here.

Not that uncommon (5, Interesting)

james_van (2241758) | more than 2 years ago | (#38364448)

I've worked for a number of tech companies that dont actually delete anything, the simply mark the record "deleted" in the database. It's a pretty common practice that didn't really ever get talked about until it came to light that Facebook did it. Let's face it, once something is out there, it never ever really goes away, whether it be on Facebook or somewhere else,

Re:Not that uncommon (5, Insightful)

Trepidity (597) | more than 2 years ago | (#38364690)

Except for the company's own data, of course: then they manage to remember how to really delete data, e.g. old emails after N days, so that no future nosey prosecutor can dig it out of the database.

Re:Not that uncommon (0)

Anonymous Coward | more than 2 years ago | (#38365038)

True, but do you think anyone that chooses to delete that info actually believes that this is an okay practice?

Ethically, an entire generation of computer scientists are failing us because marketing people are writing the checks.

Re:Not that uncommon (1)

VortexCortex (1117377) | more than 2 years ago | (#38365078)

My database has a "not deleted" field instead. And when I mark it "deleted" I set it to zero. It's called the profile_enc_key field. Furthermore, I don't back up this key along with the other records. It's kept in a separate database that's still retrievable and redundant, yet easy to zero out when it comes time to do so.

There are two types of companies in this world: Those that learned from Sony's mistakes, and those that will make the same ones themselves.

Gentlemen, We have the technology... The data is not yet our masters, we can still wrangle it; Or, are you merely a stone-age hold over pretending to belong in our Age of Information?

Re:Not that uncommon (0)

Anonymous Coward | more than 2 years ago | (#38365186)

That seems stupid. Why keep the encrypted data if you're wiping the keys? Seems like a waste of space.

And if eventually you can easily crack the encryption then you might as well have just saved it unencrypted and set a 'deleted' flag as it's just the same as facebook.

Try to write down everything (1)

Pf0tzenpfritz (1402005) | more than 2 years ago | (#38364570)

  • Try to write down everything you know about yourself.
  • How many pages did you fill
  • less then 1200?
  • repeat

Now ask yourself one question: might 1.2k pages not be a little bit excessive after all?

Re:Try to write down everything (0)

Anonymous Coward | more than 2 years ago | (#38364780)

Dude, most people can't even remember what they ate for dinner 7 days ago...so no, that's not saying much.

Only a year (1)

netdigger (847764) | more than 2 years ago | (#38364676)

Everyone that Facebook keeps data. Its obvious that they do. The thing that astonishes me is the amount of data collected from one person over one year.

Now Ive had my account with Facebook for several years. How much data do they have on me. Im actually interested in finding out.

Is this guy's data really 1200 pages (1)

Algae_94 (2017070) | more than 2 years ago | (#38364850)

1200 PDF pages does not necessarily mean 1200 pages of useful data. What kind of format is it in? One line for every thing he liked? Are there lines of XML tags around everything? Are his friends posts to him part of 'his' personal data in these files?

Not that I expect Facebook to make it nice and presentable to this guy. He got his data dump and Facebook is now putting the onus on him to sort through it and raise any further requests.

Re:Is this guy's data really 1200 pages (1)

Anonymous Coward | more than 2 years ago | (#38364954)

They printed it out, put the printouts on a wooden table, photographed the pages, then pasted the photos into PDFs

Not surprising (2)

Cherubim1 (2501030) | more than 2 years ago | (#38364916)

Social networking sites and search engines are used for data collection and data mining. I've been telling people for years that their activity will be monitored, captured and tracked yet people sre still willing to tradeoff their privacy for convenience. Ignorance knows no bounds.

For the feature (0)

Anonymous Coward | more than 2 years ago | (#38364928)

Has anyone seen the feature, "One year ago you posted" on Facebook. Maybe that's what the data is used for. But I'm glad I don't post anything too private on Facebook.

their own fault (0)

anonymous9991 (1582431) | more than 2 years ago | (#38365176)

no one makes you use facebook, if you are dumb enough to just give your information to strangers maybe you deserve it
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...