Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Moglen: Facebook Is a Man-In-The-Middle Attack

Soulskill posted more than 2 years ago | from the can-we-blame-alice-and-bob-for-this dept.

Facebook 376

jfruh writes "In an email exchange with privacy blogger Dan Tynan, Columbia law professor Eben Moglen referred to Facebook as a 'man in the middle attack' — that is, a service that intercepts communication between two parties and uses it for its own nefarious purposes. He said, 'The point is that by sharing with our actual friends through a web intermediary who can store and mine everything, we harm people by destroying their privacy for them. It's not the sharing that's bad, it's the technological design of giving it all to someone in the middle. That is at once outstandingly stupid and overwhelmingly dangerous.' Tynan is a critic of Facebook, but he thinks Moglen is overstating the case."

Sorry! There are no comments related to the filter you selected.

So is every ISP (0)

elrous0 (869638) | more than 2 years ago | (#38944489)

You can be paranoid about it. But the fact is that we all depend on companies every day and trust them with our personal info. There really isn't an alternative.

Re:So is every ISP (5, Insightful)

hobarrera (2008506) | more than 2 years ago | (#38944549)

Your ISP does not see the information you transmit if it's encrypted, or email, chat, etc.
Facebook CAN see the messages you send, even if your communication to and from facebook is encrypted.

Re:So is every ISP (4, Informative)

gringer (252588) | more than 2 years ago | (#38944959)

Your ISP does not see the information you transmit if it's encrypted, or email, chat, etc.

If you're taking a paranoid view, a slight clarification is needed here. Your ISP does not see the unencrypted information you transmit if it's encrypted, or email, chat, etc., as long as they do not have the means to decrypt that data.

Re:So is every ISP (3, Insightful)

DustPuppySnr (899790) | more than 2 years ago | (#38945139)

Your ISP can see which websites you visit, how long you spend there, how often you visit the site and what time of day you go there. It will be easy enough to build a profile on a user with just this information.

Re:So is every ISP (5, Insightful)

formfeed (703859) | more than 2 years ago | (#38945283)

Your ISP can see which websites you visit, how long you spend there, how often ....

Yes, but it is not part of their business model to do that.

People would be quite out-raged to receive an email from their ISP, that reads:
Based on the web-sites you visited, we recommend following companies to you. ... P.S.: Has your daughter looked at planned parenthood?

Re:So is every ISP (4, Interesting)

ArsonSmith (13997) | more than 2 years ago | (#38945163)

I wonder if you could make a firefox plugin that encrypts all posts to facebook, also detects other peoples encrypted posts and if you have their pub key decrypts them to view. Could also have something similar that encrypts images to a valid jpg/gif/png what ever but only decrypts again if you have the key.

Re:So is every ISP (1)

neonKow (1239288) | more than 2 years ago | (#38945203)

So basically PGP for facebook?

Re:So is every ISP (1)

Apothem (1921856) | more than 2 years ago | (#38945247)

Personally, I would figure a more Peer 2 Peer method for social networking would be more effective. Essentially take the mining out of the picture by literally not knowing/seeing anyone else unless you actually met them and shared credentials.

Re:So is every ISP (5, Informative)

FatdogHaiku (978357) | more than 2 years ago | (#38945305)

fB is also worming their way into other sites via scripting. I play some games at an EA owned site and suddenly you can not select a game room, or even see a game room list, unless you allow scripting by facebook.net. In the interests of allowing fB members more interaction EA has in fact forced everyone using the game to send data to faceBook. Anyone not blocking scripts is totally unaware of the issue, but most of them probably think fB is a good thing anyway.

Re:So is every ISP (5, Informative)

Trepidity (597) | more than 2 years ago | (#38944601)

I do think it's a widespread ethical view that these utility-like services shouldn't use the information for their own gain. In the phone era, that was formalized with fairly detailed rules; AT&T couldn't just randomly listen in on your phone calls and use it to sell advertising profiles to mail-order catalogues. In the internet era technology is moving faster than people/law can keep up with.

Re:So is every ISP (5, Insightful)

X0563511 (793323) | more than 2 years ago | (#38944673)

Rather it seems we have to have special whole new laws because "via the internet" or "with a computer" needs to be tacked on. I'd say this is the larger problem.

Re:So is every ISP (2)

ElmoGonzo (627753) | more than 2 years ago | (#38944919)

In the internet era there are businesses built around things that would not be permitted using other communication channels.

Gosh, you must be brain dead (2, Insightful)

SmallFurryCreature (593017) | more than 2 years ago | (#38945281)

Utility services? I PAY for my utilities, and the phone companies especially charged through the nose. You PAY, you are the customer. You get it for free, you are the product.

So unless you propose paying a monthly fee and a usage fee and a signup fee and a rental fee for your facebook usage, shut the fuck up with your idiotic notion that you companies got to provide you with free services and not make a single penny of you.

And if you don't like facebook, DON'T use it. It is not hard, I am not using it right now and still have time to insult your feeble self-entitled mind.

Not the same thing (4, Insightful)

dwheeler (321049) | more than 2 years ago | (#38944611)

It's not the same. Obviously, we have to depend on companies every day. But if we don't like a car company, or a traditional ISP, we can switch to another car or ISP. Facebook is different. If you leave, you leave the ability to connect to many of the people that you connected to via Facebook.

I own my own domain name, and use email and blogs to communicate from a site whose name I own. I do depend on companies to support my DNS and webservice. But if I don't like what those companies do, I can switch or do it myself. I have a Facebook account, but I don't normally use it; it just creates too many problems.

We all need suppliers; that's not the problem. The problem is dependency, that is, being (practically) unable to switch. Being dependent on an external company really is a risk.

Re:Not the same thing (1)

Anonymous Coward | more than 2 years ago | (#38944915)

THe problem is not exactly the switch and that there isn't "another option," it is that Facebook is compiling data on users and non-users based on the input and "donation of information" from its userbase. It records, saves, documents, and then shares every single thing it knows with its advertisers, governments, and whomever else they so desire.

Sure, a car company might do just that but does a car company record the conversations you have in your car, save the data of your every location, or document every activity occurring in and around the vehicle and then shares it with their advertisers, various government agencies, and again, whomever they so desire? The car's black box and Onstar do not count as these, or so they say, are accessed only when needed while Facebook is more-like an "always-on technology."

Re:Not the same thing (1)

DragonWriter (970822) | more than 2 years ago | (#38944987)

It's not the same. Obviously, we have to depend on companies every day. But if we don't like a car company, or a traditional ISP, we can switch to another car or ISP. Facebook is different. If you leave, you leave the ability to connect to many of the people that you connected to via Facebook.

Its quite possible to use Facebook to exchange information which allows an exchange of contact information through any of a variety of mechanisms external to Facebook, including face-to-face contact, that can then be used to continue communication after one or both parties abandons the use of Facebook.

Re:Not the same thing (3, Insightful)

neonKow (1239288) | more than 2 years ago | (#38945241)

Facebook is still not compatible with anything else online, and it's huge, so in many ways it is a monopoly. Otherwise, you might as well say nothing is a monopoly as long as you still have smoke signals and the pony express.

Re:Not the same thing (1)

DragonWriter (970822) | more than 2 years ago | (#38945347)

Facebook is still not compatible with anything else online, and it's huge, so in many ways it is a monopoly.

There might be a meaningful market in which it is a monopoly, but it certainly is not, as suggested in GGP, a system which inherently presents insurmountable barriers to communicating with the people with which you have used it to communicate if you leave it.

My rejection of the latter contention was not a argument of any kind related to the former (which hadn't even been made in the subthread I was responding to until after that response.)

no (0)

Anonymous Coward | more than 2 years ago | (#38945061)

But if we don't like a car company, or a traditional ISP, we can switch to another car or ISP.

Many ISPs have local monopolies - legislated monopolies by state law - in the US

Re:So is every ISP (5, Insightful)

Anonymous Coward | more than 2 years ago | (#38944649)

Sigh - straw man arguments are so tiresome.

These social sites are not your ISP.

These social sites are like inviting a business into your living room to eavesdrop on conversations with your acquaintances.

And for those who say "Who cares of I publicly post all my thoughts and relationships?" I have one question:

What would McCarthyism look like with the data available today?

Re:So is every ISP (-1)

Anonymous Coward | more than 2 years ago | (#38944841)

Sigh - straw man arguments are so tiresome.

These social sites are not your ISP.

These social sites are like inviting a business into your living room to eavesdrop on conversations with your acquaintances.

And for those who say "Who cares of I publicly post all my thoughts and relationships?" I have one question:

What would McCarthyism look like with the data available today?

We probably would not have problems we have today with commies coming out of the woodwork in this country...

Re:So is every ISP (-1, Troll)

mspohr (589790) | more than 2 years ago | (#38945359)

OMG!! We have to worry about "commies" again!!!
Please, how can I subscribe to your newsletter?

Re:So is every ISP (0)

Anonymous Coward | more than 2 years ago | (#38944885)

I have one question:

What would McCarthyism look like with the data available today?

I think it would look like "Little Brother" which is to say, how things are currently progressing...

Re:So is every ISP (5, Insightful)

CharlyFoxtrot (1607527) | more than 2 years ago | (#38945331)

What would McCarthyism look like with the data available today?

You remember when your president had to publicly reaffirm he wasn't a muslim but a good god-fearing christian with good wholesome christian values ? McCarthyism never left.

You americans and your battles over symbols. You raise a big stink over irrelevancies like ID-cards and Facebook and meanwhile you've got the TSA, warrantless wiretaps, draconian copyright lawsuits, etc.

Re:So is every ISP (1)

Anonymous Coward | more than 2 years ago | (#38944691)

You can be paranoid about it. But the fact is that we all depend on companies every day and trust them with our personal info. There really isn't an alternative.

Most communications companies' revenue streams are not based on data mining. Telcos, mobilecos, etc., make money from charging you money not from selling information about you. Any data they collect would generally only be used internally for service quality monitoring.

Re:So is every ISP (0)

Anonymous Coward | more than 2 years ago | (#38945027)

Telcos don't make money that way because telcos don't make money that way? If telcos started making money that way, they would probably make money that way. The only thing that keeps companies that dominant in their field from making money on every possible asset is the law.

Re:So is every ISP (4, Interesting)

MLCT (1148749) | more than 2 years ago | (#38944709)

On the very few (read one in the UK) occasion your analogy is correct there has been a massive public outrage:

http://en.wikipedia.org/wiki/Phorm#BT_trials [wikipedia.org]

So people generally don't accept it when it is your ISP. They shouldn't (but ATM seem to) accept it with fb. How long that will last only time will tell - MZ will be happy once he has his billions - most things he has been saying of late in a "tech visionary" context are just complete nonsense, so I suspect he isn't in it for the long term.

Re:So is every ISP (0)

Anonymous Coward | more than 2 years ago | (#38944783)

What happened to the mentality of only providing the information thats needed to provide the service? Anything more is quite frankly intrusive, although I do like the freedom of a Google account ;-)

Re:So is every ISP (5, Interesting)

csubi (950112) | more than 2 years ago | (#38944843)

... we all depend on companies every day and trust them with our personal info. There really isn't an alternative.

I wonder why?

When I arrived to the US and received my SSN, I tried to take the message that was next to it seriously : "Keep this number safe and secret" / not word by word citation/.

Then I went to get bank account, set up account for gas / electricity, driver's licence, cell phone contract, everywhere I was asked for my SSN. Seriously, why can PEPCO, GEICO, WASHGAS, AT&T oblige me to reveal this information?

My guess is that people in the US have been slowly but surely trained to surrender sensitive personal information to third parties.

Re:So is every ISP (1)

AtomicJake (795218) | more than 2 years ago | (#38944871)

You can be paranoid about it. But the fact is that we all depend on companies every day and trust them with our personal info. There really isn't an alternative.

Why is there no alternative? FB is not really a required service you depend on.
Email and Internet access probably is a required service, but email is not centralized and monopolized, but using an open standardized protocol, Internet access at the other side is a classical man-in-the-middle problem - that's why ISPs are regulated (and at least in most countries forbidden to do man-in-the-middle actions) - and you can always use SSL and HTTPS to exclude your ISP from overhearing and profiting from your conversations.

Re:So is every ISP (1)

mspohr (589790) | more than 2 years ago | (#38944943)

So you take the view of Sun's Scott McNeally:

"You have zero privacy anyway," Scott McNealy told a group of reporters and analysts ...

"Get over it."

Re:So is every ISP (1)

CharlyFoxtrot (1607527) | more than 2 years ago | (#38945099)

You have all the privacy you want, but you can't have your pie and eat it too.

Re:So is every ISP (1)

mspohr (589790) | more than 2 years ago | (#38945325)

I think the only way to maintain my privacy is to completely withdraw from society (like Ted Kaczynski). I would need to get paid only in cash and to buy things only with cash in stores without a surveillance system and not have any bank accounts. I couldn't own any property or cars, boats, etc. I couldn't use the Internet (except possibly through some paranoid onion router arrangement but never enter any personal information anywhere).
I don't know about you but this is just not feasible. I don't use Facebook but I am sure they are tracking me anyway. I know Google tracks me everywhere and probably knows more about me than anyone.
I'm not sure what "pie" I want (other than to have a job, buy food, etc and relax in my spare time) but I don't think anyone can protect their privacy in this world. We could hope that government will try to protect us from abuse of our private information but since (at least in the US) the government is controlled by corporations, this is not likely.

There is an alternative (0)

Kludge (13653) | more than 2 years ago | (#38945009)

All the data that is placed on facebook could be placed on servers in peoples own homes. You could regulate who could view your web pages using OpenID or equivalent. People could have web apps that would go out to their friends servers, and get their latest posts and info and put them together into a single page.
Facebook does not do anything that people could not do on their own, if they were smart enough.

Re:So is every ISP (0)

Anonymous Coward | more than 2 years ago | (#38945067)

You can be paranoid about it. But the fact is that we all depend on companies every day and trust them with our personal info.

The problem is that you don't just trust them with your personal info, but with other people's personal info.

There really isn't an alternative.

Sure there are. "Don't do it" is a good alternative. It worked fine until Facebook came, and works fine now too.

Personal problem (0)

Anonymous Coward | more than 2 years ago | (#38945151)

When all your friends are companies, you have either a personal problem or are surrounded by gold diggers.

Re:So is every ISP (0)

Anonymous Coward | more than 2 years ago | (#38945251)

Not entirely true. Yes, we deal with many different companies. No, we do not have to share much personal information with them at all.

The problem with facebook is that it entices people to make personal/private information available with the premise that you are sharing it with your friend when in fact you are sharing it with third party (facebook in this case) who has a known history of using your personal/private information for its own gain.

When you send a letter through the US Post, you can assume that the post office is not opening your letters and looking at them. In fact, it is illegal for them to do so. When you send an email to a friend through facebook, they most assuredly *are* looking at it and using it as they see fit. That is the difference.

Re:So is every ISP (2)

ah.clem (147626) | more than 2 years ago | (#38945277)

I must respectfully disagree with your statement. It's not being paranoid; it's looking realistically at what you give up to maintain "vanity" sites. As far as alternatives go, everything available to you prior to selling out to Facebook, Twitter, Google+ and the rest of the services people find so "convenient" in their lives are still there. Telephone (excluding texting), e-mail to individuals or groups of friends, real mail (cards, notes, etc. - I know, "how 20th century" (eyeroll)), actual face to face lunches, beers, whatever, maintaining a few real close friends instead of hundreds of "acquaintances", etc.

I am always surprised that people hand over the keys to their life so cheaply.

As always, this is just my opinion.

Slashdot is a man in the middle attack (0)

Anonymous Coward | more than 2 years ago | (#38944491)

It takes retarded exaggerations and steals our comments.

Re:Slashdot is a man in the middle attack (1)

icebike (68054) | more than 2 years ago | (#38944675)

It takes retarded exaggerations and steals our comments.

It only steals them if you post as AC. Otherwise the remain your comments, freely posted, and ultimately your own responsibility, and they appear here because you GAVE them to Slashdot [geek.net] , not because they stole them.
Step away from the keyboard and nobody gets hurt.

But I do understand your example of "retarded exaggerations". *cough*.

Re:Slashdot is a man in the middle attack (0)

Anonymous Coward | more than 2 years ago | (#38944939)

Waiiiiittt a minute... I thought JonKatz stole our posts, and slashdot was just an intermediary in the dire deed? /oldslashfag

Email? (1, Insightful)

Anonymous Coward | more than 2 years ago | (#38944493)

Then in his opinion, wouldn't email be the same? It's stored on some 3rd party mail server somewhere... and for that matter, wouldn't all form of electronic communication that gets copied/stored somewhere not under your personal control also be classified as a "man in the middle attack"?

Re:Email? (0)

hobarrera (2008506) | more than 2 years ago | (#38944571)

Your point is only valid if you use a third-party email provider. You can avoid this if you don't trust any in particular with your email, and use GPG for encryption if you email someone that uses an untrusted provider.

Re:Email? (2)

Barbara, not Barbie (721478) | more than 2 years ago | (#38944619)

There's also the additional fact that your local email provider isn't going around data-mining your emails to serve you ads, unlike facebook and google. And that if they tried, there'd be heck to pay, lawsuits, and $$$.

Re:Email? (2)

AtomicJake (795218) | more than 2 years ago | (#38944767)

Then in his opinion, wouldn't email be the same? It's stored on some 3rd party mail server somewhere... and for that matter, wouldn't all form of electronic communication that gets copied/stored somewhere not under your personal control also be classified as a "man in the middle attack"?

No, email is not centralized (unless you refer to gmail and other BIG email providers). You know that you can run your own email server? - It's easy.

Re:Email? (1)

spire3661 (1038968) | more than 2 years ago | (#38944901)

"You know that you can run your own email server? - It's easy."

Yes, setting up your own mail server is easy. Operating it is a completely different story.

Re:Email? (1)

icebike (68054) | more than 2 years ago | (#38944973)

Then in his opinion, wouldn't email be the same? It's stored on some 3rd party mail server somewhere... and for that matter, wouldn't all form of electronic communication that gets copied/stored somewhere not under your personal control also be classified as a "man in the middle attack"?

The difference is, as I'm sure you are aware, that Email isn't shared with everyone. Even Google will only mine your Gmail to select which ads it will foist on your screen. It won't publish them or let some third (fourth?) party publish them.

That it might be possible to see an email flowing thru an ISP's mail server or that your ISP might be served a warrant to deliver your email to the authorities does not come near to what happens on Facebook. Facebook it by its very nature a public posting, from which you have no recourse [itworld.com] , even if you never sign up for facebook you can be damaged by its mere existence.

Imagine if you will, a web based email service where only you could send from your account, (as usual) but everyone could browse your email, both outgoing, and incoming (even from normal private email accounts), and you could never delete anything, even years after requesting to opt out [cnn.com] .

Do you think it would sell?

Sadly, I suspect there are a large number of people who would be all in on such a scheme. I should patent it. But then I'd have to deal with the Winklevoss twins.

Re:Email? (3, Interesting)

CharlyFoxtrot (1607527) | more than 2 years ago | (#38945135)

Then in his opinion, wouldn't email be the same? It's stored on some 3rd party mail server somewhere... and for that matter, wouldn't all form of electronic communication that gets copied/stored somewhere not under your personal control also be classified as a "man in the middle attack"?

Gmail certainly is, its whole point is targeted advertising. Wonder how many of the Facebook tinfoil hat crowd has got a gmail address.

they just figured this out? this is a revelation? (4, Insightful)

iggymanz (596061) | more than 2 years ago | (#38944505)

as with most social sites, search engines, free email services, you are not customer, you and your relationships are product

Re:they just figured this out? this is a revelatio (3, Insightful)

poity (465672) | more than 2 years ago | (#38944569)

More like it's payment for services. Did anyone sign up to facebook thinking it was a charity to help people make friends?

Re:they just figured this out? this is a revelatio (5, Interesting)

wbav (223901) | more than 2 years ago | (#38944577)

Or better said, if you're not the farmer, you're the pig.

Free food, water and a place to live?!? What could possibly go wrong?

Open door (5, Insightful)

santax (1541065) | more than 2 years ago | (#38944515)

It amazes me that people think Moglen is overstating the case. He is not. Let's forget the datamining for commerce. Let's just think about what a simple post on a social network can do with ones life. People have been murdered over a post on social networks by goverments. People have been held in custody (hi USA) over posting a qoute from family guy... Moglen is right. Everything you post on facebook, twitter, hell any service that has an office in the USA will get into the FBI, CIA an SS databanks and you will get in trouble if you post something those warmongers don't like. Moglen is right. Using centralized, datamined networks is stupid and even more dangerous. It takes a lot of effort not to see that.

Re:Open door (0)

Anonymous Coward | more than 2 years ago | (#38944599)

None of your points are unique to social networks. Every point in your post is a consequence of any sort of sharing you do with people around you, regardless of technology.

Some technologies just make it easier to come back and bite you later.

Re:Open door (1)

santax (1541065) | more than 2 years ago | (#38944623)

I agree with you, social networks aren't they only danger... but given their size and the amount of data available in one place makes them target numero uno.

Re:Open door (1)

santax (1541065) | more than 2 years ago | (#38944635)

they* = the

Re:Open door (1)

Anonymous Coward | more than 2 years ago | (#38944983)

I'm pretty sure the US government isn't reading my encrypted IMs. I'm certain they are reading everything I post to Facebook and I censor myself accordingly.

On the other hand, if I were using a decentralized social network like Diaspora [wikipedia.org] , then the government would have to separately setup to read each server. Of course, you would likely get the GMail/GTalk situation where while technically the government does not have access to most e-mail/IM servers, a very large portion of all e-mails/IMs go through Google's servers.

A better setup would be some kind of friend-to-friend network where my messages only ever appear decrypted on my friends' computers (and those of whomever they choose to forward them to). Obviously perfect privacy is impossible, but dumping nearly every electronic communication on servers controlled by just a few entities like Facebook and Google is not even trying.

Re:Open door (2)

HBI (604924) | more than 2 years ago | (#38944629)

They like the service and it's too much work to set one up for yourself. That's basically how all web businesses continue to exist. So people use meaningless arguments like "you are overstating the case". That concedes the point while trying to minimize its impact.

Re:Open door (2)

AtomicJake (795218) | more than 2 years ago | (#38944735)

It amazes me that people think Moglen is overstating the case. He is not. Let's forget the datamining for commerce. Let's just think about what a simple post on a social network can do with ones life. People have been murdered over a post on social networks by goverments. People have been held in custody (hi USA) over posting a qoute from family guy... Moglen is right. Everything you post on facebook, twitter, hell any service that has an office in the USA will get into the FBI, CIA an SS databanks and you will get in trouble if you post something those warmongers don't like. Moglen is right. Using centralized, datamined networks is stupid and even more dangerous. It takes a lot of effort not to see that.

Actually, it is very easy to overlook this or ignore it (since it is so convenient). And unfortunately, it takes a lot of effort to open people's eyes so that they can see it.

Re:Open door (0)

Anonymous Coward | more than 2 years ago | (#38944807)

Pardon me while I share this comment on Facebook....

Re:Open door (0)

Anonymous Coward | more than 2 years ago | (#38944879)

The fact that facebook is going to sell info they have on you is a given, it's your payment for using their "free" service. All the points you listed aren't what's wrong with social sites, it's what's wrong with the rules that exist today and people being just plain crazy. The fact that a joke can get you detained or posting the wrong thing can cause a government agency to tear your life apart isn't the fault of the social site, it's the fault of poor laws preventing this. If you don't want the world to see it don't put in on social media. No matter your security settings assume whatever you put on a social site will be visible to the world. No one is forcing you to use a social media site. If you don't like what they do, don't use them.

Re:Open door (1)

joe_frisch (1366229) | more than 2 years ago | (#38944921)

As long as people are really aware of the issue, I'm not bothered. I consider everything posted on facebook to be completely public - the equivalent of making a statement to the news media. I then only provide information that I do not mind being associated with my identity by any organization. I apply the same thinking to posting on slashdot.

Re:Open door (0)

Anonymous Coward | more than 2 years ago | (#38945059)

It's not centralized, datamined networks that are dangerous. It's centralized, datamined networks that require your real life identity. It's one thing to connect to a social network as FunnyGuy82 who "likes ski bunnies", and a completley different thing to use your real name, job, address, friends, family etc.

Facebook, unlike all other social networks is dangerous, BECAUSE it requires your real data. They don't force you to write the real thing, but if you want to interact with friends and acquaintances you NEED to fill in the real data.

A bit too dramatic (3, Insightful)

martas (1439879) | more than 2 years ago | (#38944527)

Besides the term doesn't apply -- in a man in the middle attack, the man in the middle needs to be invisible. Though I suppose you could argue that the vast majority of people using FB don't understand how the Internet works enough to know that they are really sharing information through a third party that holds on to everything, instead thinking of their communication as analogous to sending a paper letter...

Re:A bit too dramatic (2)

AtomicJake (795218) | more than 2 years ago | (#38944677)

Besides the term doesn't apply -- in a man in the middle attack, the man in the middle needs to be invisible.

To the contrary: the term applies absolutely. You just need to apply it on the social level instead on the technical level. Who is aware about FB (and its use of the information), while using FB? While it is visible, it is not perceived by the users as being the man-in-the-middle.

Re:A bit too dramatic (0)

Anonymous Coward | more than 2 years ago | (#38944773)

Right... I think the issue is people don't understand the possible uses of the data. Or worse, they don't care.

The pervasive attitude of "I have nothing to hide" in our society will be our downfall. If we don't protect our privacy we will lose our rights completely. These sorts of communication mediums are a slippery slope just like cameras in public places, the occasional presence of military personnel etc etc. Before you know it, it is everywhere and there is nothing that can be done.

Scary stuff. Forget what companies can do with the data, consider what governments can do. Search warrants are now free for all. How many ways can your government track your precise location today ? Email, Facebook, twatter, iphone, bank/credit card. In Canada some of our RCMP now have plate scanners in their cars collecting thousands of plates and location everyday for every camera.

We're fucked.

Re:A bit too dramatic (1)

berashith (222128) | more than 2 years ago | (#38944989)

I saw an update to facebook today that showed a pair of articles that a friend and I both read. I think the only reason it was in my feed was that my friend was also included. I was not logged in to facebook at the time, and followed a link from an independent site. Why did this information get broadcast to everyone I know ? I now have to go find the app that provided facebook the ability to do that, and eliminate it from my profile. There was no indication at the time I was reading that this was going to have anything to do with any social network. There are several parties here that could be considered a MitM, but either way, it is wrong. Thankfully, my panties dont get bunched and I can live without the services that these social sites bring, so I just remove permissions, take care moving forward, and go on. These things arent a big surprise, just annoying.

Thankfully this was just a newspaper article, and nothing that I wouldnt want my family to know I was reading about.

Re:A bit too dramatic (2)

martas (1439879) | more than 2 years ago | (#38945171)

It's probably the cookies left by the Like button that's all over the Internet now, that works even if you're not logged on (even if you don't have an account). That's why I blocked all facebook cookies on my browser along time ago.

Re:A bit too dramatic (1)

Pope (17780) | more than 2 years ago | (#38945267)

Those are from the Facebook Social Plug-ins that sites can choose to run. If you're logged out of FB and go to the site, it won't show you anyone on your Friends list. It's not an App on FB at all. http://developers.facebook.com/docs/plugins/ [facebook.com]

Re:A bit too dramatic (1)

mspohr (589790) | more than 2 years ago | (#38944999)

I think that Facebook is invisible some of the time. I know that it tracks you when you leave Facebook and visit other sites and a lot of web sites use a Facebook commenting system which is not labeled Facebook but the information ends up with Facebook.

Overstating? (1)

janeuner (815461) | more than 2 years ago | (#38944533)

If it looks like an apple, and it tastes like and apple, and if it turns into an apple tree after you bury it, it is an apple.

Language isn't that hard.

How did someone intercept this email exchange? (1)

Rejemy (78237) | more than 2 years ago | (#38944551)

Some kind of man in the middle attack?

I enjoyed reading your post (4, Funny)

Osgeld (1900440) | more than 2 years ago | (#38944565)

where is your like button?

Hyperbole Wars (0)

Anonymous Coward | more than 2 years ago | (#38944581)

Yeah, we totally shouldn't use POP3 or SMTP servers because god knows what those people could be doing with our private correspondence!!!!@$!!one

Seriously: There's a case to be made that Facebook is pure evil incarnate (and likewise Google+), but this isn't a rational basis for that. We use middlemen ALL THE FUCKING TIME. For all you know your ISP is sniffing your packets right now -- quick, everyone invest in carrier pigeons!

This is a farce.

Re:Hyperbole Wars (1)

Miseph (979059) | more than 2 years ago | (#38945201)

Carrier pigeons are susceptible to attack via bird feeders. They simply harvest the information when the pigeons stop to eat.

You just can't win.

Utterly stupid (0, Flamebait)

Pharmboy (216950) | more than 2 years ago | (#38944605)

Utterly and completely stupid way to compare. You share things on Facebook that you don't care that other people know. As a matter of fact, the only reason someone posts the stupid "I can haz cheezeburger?" cat picture is so they can TELL EVERYONE THAT THEY LOVE CATS. There was no expectation of privacy in the statement, so no privacy is lost.

If you use Facebook for anything that even approaches the requirement of "privacy", then you are a complete idiot.

Nothing to see here, move along....

Re:Utterly stupid (4, Insightful)

joocemann (1273720) | more than 2 years ago | (#38944753)

Most facebook users have no idea how deep the analysis of their data/relationships goes or the true privacy implications related. Don't assume too much about average joe.... average joe and janette are strapped with bills, jobs, kids, housework, overtime, stress, and american media psychosis... if understanding privacy and internet data mining isn't part of their occupation, there's a slim chance they know about it.

Re:Utterly stupid (0)

Anonymous Coward | more than 2 years ago | (#38944863)

If you use FB, you know that your friends and family will post personal information about you as well.

Re:Utterly stupid (4, Informative)

AtomicJake (795218) | more than 2 years ago | (#38945063)

If you use FB, you know that your friends and family will post personal information about you as well.

Worse: If you do not use FB, you know that your friends and family will post personal information about you as well.

Moglen put it into the best elevator pitch (4, Interesting)

AtomicJake (795218) | more than 2 years ago | (#38944637)

Moglen is absolutely correct and I am very impressed by this great analogy: Facebook (and some other "social" media) is a man-in-the-middle attack; it's just not a technical hack but a social hack. Best 20 second explanation ever.
Google might very well join them soon - if they use profiling on gmail conversations.

I would pay $2/month... (1)

joocemann (1273720) | more than 2 years ago | (#38944695)

.... for a social networking platform that does not track/store/analyze/use my personal data or relationship information.

Any takers?

Something tells me that the 'free' fee for facebook has everything to do with its popularity. Some of us would pay, but many people have culturally come to understand that so long as something is 'free', anything can be given up for it.

Re:I would pay $2/month... (1)

Anonymous Coward | more than 2 years ago | (#38944859)

No need to pay, just start using something that is technically incapable of tracking you. The Sone plugin for Freenet is looking like a promising start.

Re:I would pay $2/month... (3, Insightful)

unity100 (970058) | more than 2 years ago | (#38945069)

they would take your money AND track you.

Re:I would pay $2/month... (0)

Anonymous Coward | more than 2 years ago | (#38945091)

The question becomes how to set it up, and then sell it to a company that'll keep taking your $2/month and mine your data.

Re:I would pay $2/month... (2)

amRadioHed (463061) | more than 2 years ago | (#38945161)

You want a "social networking" platform that doesn't track or use any relationship or other personal data? What exactly would it do then? That seems counter to the very idea of a social network.

Isn't that what internet messaging has always been (0)

Anonymous Coward | more than 2 years ago | (#38944777)

MSN, ICQ, yahoo messenger, etc, etc.. all of these were central control communication that could be datamined, weren't they?

Moglen? (1)

Goaway (82658) | more than 2 years ago | (#38944793)

This is the guy who also said that clang was built "entirely to undermine freedom".

Why does anybody listen to this nutter?

Stupid much? (1)

XiaoMing (1574363) | more than 2 years ago | (#38944891)

How shortsightedly-inane-for-the-sake-of-a-headline can you get? At least making a facebook account and having your data shared is an option.

According to the author's logic, the United States Postal Service, for the service of getting our mail delivered, has EVERY SINGLE ONE OF OUR PHYSICAL ADDRESSES, regardless of whether we opted in to begin with! Holy shit.

Re:Stupid much? (1)

AtomicJake (795218) | more than 2 years ago | (#38945115)

How shortsightedly-inane-for-the-sake-of-a-headline can you get? At least making a facebook account and having your data shared is an option.

According to the author's logic, the United States Postal Service, for the service of getting our mail delivered, has EVERY SINGLE ONE OF OUR PHYSICAL ADDRESSES, regardless of whether we opted in to begin with! Holy shit.

Bad analogy. The USPS does not have the contents of the letters that they have delivered to you. FB has.

Re:Stupid much? (0)

Anonymous Coward | more than 2 years ago | (#38945343)

A better analogy would be if the USPS opened and photocopied every letter you sent, and then had arrangements in place so that UPS and FedEx did the same when you used their services, and send the data over to USPS.

of course (1)

FudRucker (866063) | more than 2 years ago | (#38944931)

http://i.imgur.com/jk4xT.jpg [imgur.com]

i would not trust most of the internet, especially facebook, myspace, twitter, and google & yahoo

Facebook's, handling personal info, a MitM attack? (1)

Ynsats (922697) | more than 2 years ago | (#38944995)

By that logic, my ISP, my cellphone and land line phone companies, the Social Security Administration, my health insurance company, my doctors, my tax accountant, my employer and even the executor of my will are Man in the Middle attackers too.

Man, I feel safer already!

BTW, there are two misnomers in the world today. Security and privacy.

Privacy doesn't exist. If someone wants to know all about you, they can. The reason for that is because of security.

That doesn't exist either. Security is nothing more than a series of pitfalls, booby traps and firewalls put between the outside world and whatever you want to keep "safe". The idea there is to make the time, effort and resources needed to get to your stuff to be greater than whatever it is you want to keep safe. The second you think you are "safe and secure" is the second you will be down for the count on something as simple as a DDoS attack.

The people who want to get your stuff just because they can have no concern for the amount of time, money and effort needed to get your stuff. There is no dollar value you can assign to principle. THOSE people are the dangerous ones because they are doing something they BELIEVE in. Spammers and others who are selling your info for profit, the only thing they believe in is a paycheck and they will go for the easiest paycheck they can.

For a case study on what I'm talking about, I submit Anonymous.

Those dudes and dudettes are both the bane and the hero of an IT security person's existence. People like Anonymous not only give security people headaches at work but they keep them employed too.

Facebook Dangerous? Really? (2)

bobbied (2522392) | more than 2 years ago | (#38945017)

People somehow think Facebook is just fun, it is not just fun to FB it's a business. I do enjoy keeping up with folks but it is extreamly dangerous if you don't pay close attention to what you post. My last nephew's birth was announced on FB, poor kid. I know his full name, date of birth, place of birth, mother's name, father's name, mother's maiden name all from things posted on Facebook by his mother. This data will NEVER go away, unless Facebook decides to erase it or happens to loose it. Something tells me that FB isn't going to erase anything on purpose so this kid's life is going to be an open book to anybody on my sister's extensive "friend" list. Shure hope nobody takes the poor kids ID and "establishes" some credit history for him.

NEVER post anyting on FB (or any other social media type site) or willingly give up personal information online without VERY good reason and then ONLY using HTTPS or other secure/encrypted means. A social site wants your birth date? Forget it or lie to them... They ask you for your mother's maiden name as a "security question"? Really forget it, it's not worth the risk. Social Security Number? You got to be kidding! Credit Card number? Rreally? If you really *must* then do what I do and contrive an alternate "backstory" with all this kind of information to give out online. At least with a fictional life story, your not as easy a target for ID theives like my poor nephew is now. Hopefully, not being the easy target might save you the trouble of clearing your name, or (shudder sudder) your kid's credit history.

Re:Facebook Dangerous? Really? (0)

Anonymous Coward | more than 2 years ago | (#38945255)

Tin foil much?

Since when has a reputable social network EVER asked for your social security number or credit card number? All of that other information is public information and has nothing useful for applying for credit under someone's name (in the US at least).

Overstating ? (1)

unity100 (970058) | more than 2 years ago | (#38945043)

The equation the guy proposes, looks sound. Moreover, observational data supports the equation. There is nothing overstated in that.

Facebook is de facto the evil intermediary in between people, just like how record companies are the evil, unneeded intermediary in between artist and the fan.

Gee whiz, could that be why.... (1)

sgt_doom (655561) | more than 2 years ago | (#38945065)

.....the below?

http://www.computerworld.com/s/article/9164978/Narus_develops_a_scary_sleuth_for_social_media [computerworld.com]

Narus is developing a new technology that sleuths through billions of pieces of data on social networks and Internet services and connects the dots.

The new program, code-named Hone, is designed to give intelligence and law enforcement agencies a leg up on criminals who are now operating anonymously on the Internet.

In many ways, the cyber world is ideal for subversive and terrorist activities, said Antonio Nucci, chief technology officer with Narus. "For bad people, it's an easy place to hide," Nucci said. "They can get lost and very easily hide behind a massive ocean of legal digital transactions."

http://www.hotvoipnews.com/blog_87.shtml [hotvoipnews.com]

VoIP Blocking in Saudi Arabia using Narus Software

VoIP blocking in Saudi Arabia has been around for sometime and was aided by the introduction of the VoIP blocking software provided by the Californian Company Narus. The reasons the Saudi government block VoIP is to protect the national telephone carrier Saudi Telecom from potential competition. By prohibiting VoIP calls people based in Saudi Arabia are forced to use the more expensive Saudi Telecom service.

And it WILL get worse... (0)

Anonymous Coward | more than 2 years ago | (#38945143)

Wait after the IPO and the shareholders start pressuring for more profit. All minuscule remaining traces of "privacy" go out the window, all your pictures, thoughts, links get exploited to the max. And you may even end up in jail for suspicion of harboring evil thoughts.

"Attack?" (0)

Anonymous Coward | more than 2 years ago | (#38945145)

That's funny, I didn't know something for which you VOLUNTEER could be considered an "attack." Last I checked, nobody is forced to use Facebook or any other social media site, they do so of their own free will, and it's never been a secret that the companies profit from their practices.

People bitching about lack of privacy after willingly giving away information about themselves is really, really stupid, and it's getting rather tiresome to hear about in the news.

Google Wave (1)

meatloafs (2568499) | more than 2 years ago | (#38945223)

This is one of the reasons I had such high hopes for Google Wave, a decentralized 'social' service. A similar model to smtp where each entity/end user can run their own wave server if they so wish.

I'm shocked to find that... (1)

boddhisatva (774894) | more than 2 years ago | (#38945239)

If anyone thought there was any sort of privacy on Facebook they were incredibly naive.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?