Slashdot Mirror

← Back to Stories (view on slashdot.org)

Is Algeria Deleting Facebook Accounts?

Posted by timothy on from the yo-mark-got-a-minute? dept.

belmolis writes "Algeria is reported to be shutting down ISPs and deleting Facebook accounts in an effort to prevent anti-government protests from escalating as they did in Egypt. Is it likely that they are deleting FB accounts? Unless Facebook is cooperating, this would either require hacking FB to obtain administrator privileges or cracking the password of each account they wish to delete."

15 of 217 comments (clear)

  1. Unencrypted cookie auths by jroysdon · · Score: 4, Interesting

    The problem is that you may send your username and password over HTTPS, each page after that you send your auth cookie over plain ol' unencrypted HTTP. Someone is capturing those auth cookies and using them to send delete commands to Facebook (no doubt after capturing all of the info and friends).

    Use HTTPS Everywhere and force all your traffic that can be to be using HTTPS.

    1. Re:Unencrypted cookie auths by icebike · · Score: 3, Insightful

      That cookie is renegotiated after each https login, and it is specific to one session. You can't clone it from another station.
      Even if you do manage to intercept it, Man in The Middle attacks are notoriously hard to execute, (you have to actually BE in the middle) especially for a bunch of thugs in jack boots.

      Still, you can just look at press photos to see that the Algerian uprising will fail.
      In a Muslim country, you can simply count the number of women in the photos. If its not at least 10 percent, the police will use all force necessary, and will ultimately crush the protest.

      --
      Sig Battery depleted. Reverting to safe mode.
    2. Re:Unencrypted cookie auths by Anonymous Coward · · Score: 4, Informative

      That cookie is renegotiated after each https login, and it is specific to one session. You can't clone it from another station.
      Even if you do manage to intercept it, Man in The Middle attacks are notoriously hard to execute

      Quick, someone tell these guys that hijacking FB sessions should be difficult.

    3. Re:Unencrypted cookie auths by Frosty+Piss · · Score: 4, Insightful

      The problem is that you may send your username and password over HTTPS, each page after that you send your auth cookie over plain ol' unencrypted HTTP

      No.

      This is *NOT* the problem at all.

      The problem is that ridiculously entrenched tin-pot dictators continue to believe that they can control to populous like they did in the pre-Internet days when all you had to do was shut down a few newspapers and "disappear" their enemies.

      Sure, there's obviously a technical process going on, but the root of the problem has nothing at all to do with computers or networks, it has to do with a fundamental change in the dynamics of how populations are controlled by despots.

      --
      If you want news from today, you have to come back tomorrow.
    4. Re:Unencrypted cookie auths by SlappyBastard · · Score: 3, Insightful

      Somehow I suspect that controlling the ISPs makes a man in the middle exploit a tiny bit easier.

      --
      I scream. You scream. I assume that means we're both acquainted with the problem. We proceed.
    5. Re:Unencrypted cookie auths by mr100percent · · Score: 4, Interesting

      People over and over again seem to fall for this mistake. Saudi Arabia is the only country that requires women to be escorted with a "mahram." No other Muslim country makes this claim that it's a requirement, and Muslims worldwide have condemned Saudi Arabia for being too chauvinist. Muslim scholars and shaykhs far and wide have said that Saudi is taking things way too far and that the Quran doesn't call for such things (and it doesn't if you read the text). The Muslim world at large has no desire to oppress women the way Saudi does; more women than men work in Morocco, for example, and Pakistan and Bangladesh had women Prime Ministers, and even Iran has more women in parliament than the US does in Congress.

      If the protestors in Egypt were 100% Muslim only (and they weren't given than Egypt is 10-20% Christian), you'd still see women in the streets walking around uncovered. Cairo is the Hollywood of the middle east, home to a large music and film industry and even scantily dressed women.

    6. Re:Unencrypted cookie auths by mr100percent · · Score: 3, Informative

      Muslims inside Egypt and out condemned that attack. Fortunately, such attacks are few and far between. Look at the aftermath, when terrorists attacked a church around Christmas, thousands of Muslim Egyptians attended church services in Egyptian churches, in order to serve as human shields in case of another attack. They held candlelight vigils outside and put crosses on their facebook pages as well.

      Let's look to the last 2 weeks. A photo has been spreading all over Twitter of Egyptian Christians making a human chain to protect Muslims from police attack as they were praying in Tahrir square on Friday. On Sunday, Egyptian Muslims returned the favor, protecting them while they had prayer services. This is a great moment for Muslim-Christian unity in Egypt.

    7. Re:Unencrypted cookie auths by GuruBuckaroo · · Score: 4, Informative

      This entire thread, with one notable exception, is entirely, horribly uninformed. As the only other worthwhile poster points out, the Firesheep plugin proves that once you have the FB cookie (which can be sniffed via MITM attack or over Wifi), you can hop onto a Facebook session from any computer. Maybe not a shortcoming with the idea of login cookies, but certainly a shortcoming in Facebook's handling of them. Second, about two weeks ago FB started officially supporting an HTTPS-Always preference. There's a checkbox in Account, under Security, that forces all connections (and I do mean all, even connections to other subdomains) to use SSL. No plugin needed. As much as I enjoy Facebook, and correctly monitor both security settings AND what data I allow it to access, I'm really happy that Firesheep showed how piss-poor their security was. It gave the final push to my campaign to secure the "public" wifi hotspots our company offers to it's guests.

      --
      Poor means hoping the toothache goes away.
  2. Users by Anonymous Coward · · Score: 5, Funny

    It would also require that 'users' have delete priviliges regarding their own account.

  3. Algeria Internet NOT shut down (yet) by mbone · · Score: 3, Interesting

    The consensus in the networking community is that the Internet to / from Algeria has not been shut down. See the Renesys blog for more details.

    The situation with regards to social media is more uncertain, with reports of both blockage and routine service.

  4. Impossible? by Shuntros · · Score: 3, Informative

    I thought it was impossible to actually delete a Facebook account? Sure, you can deactivate it, but not delete as far as I can remember.

  5. More likely explanation by M.+Baranczak · · Score: 3, Insightful

    Some of FB's servers went down. Some paranoid Algerian guy, who may or may not have good reason to be paranoid, noticed this, and assumed that it was targeted at him personally. And a rumor got started.

  6. Re:Elections by fuzzyfuzzyfungus · · Score: 4, Interesting

    They do have elections, though I'm not sure how hiqh-quality they are thought to be. The fact that said democracy has been continually operating under emergency powers since the end of the Algerian Civil War probably doesn't make people entirely cheerful.

    Ultimately, though, I suspect that they are hitting the same demographic/economic crunch that has caused trouble for other states recently: Fairly high unemployment(particularly among the large portion of the population that is fairly young), rising costs of staple commodities, and the perception(generally accurate) that the state is corrupt and exploitative in favor of some well-connected elite. Even in well-functioning democracies, that demographic circumstance will produce substantial volatility. If the state is having any legitimacy issues: boom. (On the other side of the coin, as our dear friend Putin can attest, if you preside over a period of improved wellbeing for the population, people will eagerly forgive egregious corruption and repression...)

  7. Re:No password encryption by emt377 · · Score: 5, Interesting

    HTTPS doesn't do much good if the country in question implements transparent proxies at the borders of their national network infrastructure that decrypt SSL traffic, inspect the contents, then re-encrypt it with an SSL certificate issued by one of the authorities registered for that country (which is certainly within the realm of possibility for most governments). Have you ever looked at (let alone modified) the list of SSL authorities that your web browser trusts by default?

    When I was in Vietnam recently, which blocks Facebook, they operated by intercepting DNS. They'd either make lookups fail or make them resolve to their own proxy. Before we realized this my wife uploaded a bunch of photos which then mysteriously disappeared overnight. We got around this by me firing up squid on my linode and using this as our web proxy, by IP address. (Authenticated obviously.) This way names are resolved in the good ole USA, geolocation says we're there (so get stuff in English), etc - AND the local government doesn't get to stick its grimy paws in my DNS lookups. To stops us they'd have to identify me personally, and spend resources on a single individual - and given we were foreign tourists they probably couldn't care less. After all, we'd leave in a few weeks and then we'd still post and say all the same things regardless. If we were locals we'd probably get on a watch list... They DID spend extra time on my exit processing at the airport, where the official wandered off with my passport and was gone 5-10 min.

  8. Dumbasses by bedouin · · Score: 3, Insightful

    When they shut the Internet off here in Egypt it only made people more pissed. Nothing to do inside then you go outside and join everyone else. If you work from home then you're even more pissed off.