Slashdot Mirror
Moglen: Facebook Is a Man-In-The-Middle Attack
jfruh writes "In an email exchange with privacy blogger Dan Tynan, Columbia law professor Eben Moglen referred to Facebook as a 'man in the middle attack' — that is, a service that intercepts communication between two parties and uses it for its own nefarious purposes. He said, 'The point is that by sharing with our actual friends through a web intermediary who can store and mine everything, we harm people by destroying their privacy for them. It's not the sharing that's bad, it's the technological design of giving it all to someone in the middle. That is at once outstandingly stupid and overwhelmingly dangerous.' Tynan is a critic of Facebook, but he thinks Moglen is overstating the case."
You can be paranoid about it. But the fact is that we all depend on companies every day and trust them with our personal info. There really isn't an alternative.
SJW: Someone who has run out of real oppression, and has to fake it.
It takes retarded exaggerations and steals our comments.
Then in his opinion, wouldn't email be the same? It's stored on some 3rd party mail server somewhere... and for that matter, wouldn't all form of electronic communication that gets copied/stored somewhere not under your personal control also be classified as a "man in the middle attack"?
as with most social sites, search engines, free email services, you are not customer, you and your relationships are product
It amazes me that people think Moglen is overstating the case. He is not. Let's forget the datamining for commerce. Let's just think about what a simple post on a social network can do with ones life. People have been murdered over a post on social networks by goverments. People have been held in custody (hi USA) over posting a qoute from family guy... Moglen is right. Everything you post on facebook, twitter, hell any service that has an office in the USA will get into the FBI, CIA an SS databanks and you will get in trouble if you post something those warmongers don't like. Moglen is right. Using centralized, datamined networks is stupid and even more dangerous. It takes a lot of effort not to see that.
Besides the term doesn't apply -- in a man in the middle attack, the man in the middle needs to be invisible. Though I suppose you could argue that the vast majority of people using FB don't understand how the Internet works enough to know that they are really sharing information through a third party that holds on to everything, instead thinking of their communication as analogous to sending a paper letter...
weinersmith
If it looks like an apple, and it tastes like and apple, and if it turns into an apple tree after you bury it, it is an apple.
Language isn't that hard.
Some kind of man in the middle attack?
where is your like button?
More like it's payment for services. Did anyone sign up to facebook thinking it was a charity to help people make friends?
your thin skin doesn't make me a troll
Or better said, if you're not the farmer, you're the pig.
Free food, water and a place to live?!? What could possibly go wrong?
=================
Unix is very user friendly, it's just picky about who its friends are.
Yeah, we totally shouldn't use POP3 or SMTP servers because god knows what those people could be doing with our private correspondence!!!!@$!!one
Seriously: There's a case to be made that Facebook is pure evil incarnate (and likewise Google+), but this isn't a rational basis for that. We use middlemen ALL THE FUCKING TIME. For all you know your ISP is sniffing your packets right now -- quick, everyone invest in carrier pigeons!
This is a farce.
Utterly and completely stupid way to compare. You share things on Facebook that you don't care that other people know. As a matter of fact, the only reason someone posts the stupid "I can haz cheezeburger?" cat picture is so they can TELL EVERYONE THAT THEY LOVE CATS. There was no expectation of privacy in the statement, so no privacy is lost.
If you use Facebook for anything that even approaches the requirement of "privacy", then you are a complete idiot.
Nothing to see here, move along....
Tequila: It's not just for breakfast anymore!
It's not the same. Obviously, we have to depend on companies every day. But if we don't like a car company, or a traditional ISP, we can switch to another car or ISP. Facebook is different. If you leave, you leave the ability to connect to many of the people that you connected to via Facebook.
I own my own domain name, and use email and blogs to communicate from a site whose name I own. I do depend on companies to support my DNS and webservice. But if I don't like what those companies do, I can switch or do it myself. I have a Facebook account, but I don't normally use it; it just creates too many problems.
We all need suppliers; that's not the problem. The problem is dependency, that is, being (practically) unable to switch. Being dependent on an external company really is a risk.
- David A. Wheeler (see my Secure Programming HOWTO)
Moglen is absolutely correct and I am very impressed by this great analogy: Facebook (and some other "social" media) is a man-in-the-middle attack; it's just not a technical hack but a social hack. Best 20 second explanation ever.
Google might very well join them soon - if they use profiling on gmail conversations.
.... for a social networking platform that does not track/store/analyze/use my personal data or relationship information.
Any takers?
Something tells me that the 'free' fee for facebook has everything to do with its popularity. Some of us would pay, but many people have culturally come to understand that so long as something is 'free', anything can be given up for it.
MSN, ICQ, yahoo messenger, etc, etc.. all of these were central control communication that could be datamined, weren't they?
This is the guy who also said that clang was built "entirely to undermine freedom".
Why does anybody listen to this nutter?
How shortsightedly-inane-for-the-sake-of-a-headline can you get? At least making a facebook account and having your data shared is an option.
According to the author's logic, the United States Postal Service, for the service of getting our mail delivered, has EVERY SINGLE ONE OF OUR PHYSICAL ADDRESSES, regardless of whether we opted in to begin with! Holy shit.
http://i.imgur.com/jk4xT.jpg
i would not trust most of the internet, especially facebook, myspace, twitter, and google & yahoo
Politics is Treachery, Religion is Brainwashing
By that logic, my ISP, my cellphone and land line phone companies, the Social Security Administration, my health insurance company, my doctors, my tax accountant, my employer and even the executor of my will are Man in the Middle attackers too.
Man, I feel safer already!
BTW, there are two misnomers in the world today. Security and privacy.
Privacy doesn't exist. If someone wants to know all about you, they can. The reason for that is because of security.
That doesn't exist either. Security is nothing more than a series of pitfalls, booby traps and firewalls put between the outside world and whatever you want to keep "safe". The idea there is to make the time, effort and resources needed to get to your stuff to be greater than whatever it is you want to keep safe. The second you think you are "safe and secure" is the second you will be down for the count on something as simple as a DDoS attack.
The people who want to get your stuff just because they can have no concern for the amount of time, money and effort needed to get your stuff. There is no dollar value you can assign to principle. THOSE people are the dangerous ones because they are doing something they BELIEVE in. Spammers and others who are selling your info for profit, the only thing they believe in is a paycheck and they will go for the easiest paycheck they can.
For a case study on what I'm talking about, I submit Anonymous.
Those dudes and dudettes are both the bane and the hero of an IT security person's existence. People like Anonymous not only give security people headaches at work but they keep them employed too.
All the data that is placed on facebook could be placed on servers in peoples own homes. You could regulate who could view your web pages using OpenID or equivalent. People could have web apps that would go out to their friends servers, and get their latest posts and info and put them together into a single page.
Facebook does not do anything that people could not do on their own, if they were smart enough.
NEVER post anyting on FB (or any other social media type site) or willingly give up personal information online without VERY good reason and then ONLY using HTTPS or other secure/encrypted means. A social site wants your birth date? Forget it or lie to them... They ask you for your mother's maiden name as a "security question"? Really forget it, it's not worth the risk. Social Security Number? You got to be kidding! Credit Card number? Rreally? If you really *must* then do what I do and contrive an alternate "backstory" with all this kind of information to give out online. At least with a fictional life story, your not as easy a target for ID theives like my poor nephew is now. Hopefully, not being the easy target might save you the trouble of clearing your name, or (shudder sudder) your kid's credit history.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
The equation the guy proposes, looks sound. Moreover, observational data supports the equation. There is nothing overstated in that.
Facebook is de facto the evil intermediary in between people, just like how record companies are the evil, unneeded intermediary in between artist and the fan.
Read radical news here
But if we don't like a car company, or a traditional ISP, we can switch to another car or ISP.
Many ISPs have local monopolies - legislated monopolies by state law - in the US
http://www.computerworld.com/s/article/9164978/Narus_develops_a_scary_sleuth_for_social_media
Narus is developing a new technology that sleuths through billions of pieces of data on social networks and Internet services and connects the dots.
The new program, code-named Hone, is designed to give intelligence and law enforcement agencies a leg up on criminals who are now operating anonymously on the Internet.
In many ways, the cyber world is ideal for subversive and terrorist activities, said Antonio Nucci, chief technology officer with Narus. "For bad people, it's an easy place to hide," Nucci said. "They can get lost and very easily hide behind a massive ocean of legal digital transactions."
http://www.hotvoipnews.com/blog_87.shtml
VoIP Blocking in Saudi Arabia using Narus Software
VoIP blocking in Saudi Arabia has been around for sometime and was aided by the introduction of the VoIP blocking software provided by the Californian Company Narus. The reasons the Saudi government block VoIP is to protect the national telephone carrier Saudi Telecom from potential competition. By prohibiting VoIP calls people based in Saudi Arabia are forced to use the more expensive Saudi Telecom service.
Wait after the IPO and the shareholders start pressuring for more profit. All minuscule remaining traces of "privacy" go out the window, all your pictures, thoughts, links get exploited to the max. And you may even end up in jail for suspicion of harboring evil thoughts.
That's funny, I didn't know something for which you VOLUNTEER could be considered an "attack." Last I checked, nobody is forced to use Facebook or any other social media site, they do so of their own free will, and it's never been a secret that the companies profit from their practices.
People bitching about lack of privacy after willingly giving away information about themselves is really, really stupid, and it's getting rather tiresome to hear about in the news.
When all your friends are companies, you have either a personal problem or are surrounded by gold diggers.
This is one of the reasons I had such high hopes for Google Wave, a decentralized 'social' service. A similar model to smtp where each entity/end user can run their own wave server if they so wish.
If anyone thought there was any sort of privacy on Facebook they were incredibly naive.
Tin foil much?
Since when has a reputable social network EVER asked for your social security number or credit card number? All of that other information is public information and has nothing useful for applying for credit under someone's name (in the US at least).
Utility services? I PAY for my utilities, and the phone companies especially charged through the nose. You PAY, you are the customer. You get it for free, you are the product.
So unless you propose paying a monthly fee and a usage fee and a signup fee and a rental fee for your facebook usage, shut the fuck up with your idiotic notion that you companies got to provide you with free services and not make a single penny of you.
And if you don't like facebook, DON'T use it. It is not hard, I am not using it right now and still have time to insult your feeble self-entitled mind.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Robert Scoble: "I know Facebook is killing the web, but I decided to help it kill the web because I need my Klout score"
Tynan is a critic of Facebook, but he thinks Moglen is overstating the case.
While the language is a bit...hyperbolic, he's essentially right.
Chas - The one, the only.
THANK GOD!!!
We don't have to overshare information with people or organizations for the sake of convenience.
But they don't record or resell that information.
That is at once outstandingly stupid and overwhelmingly dangerous.
Good to see someone has finally figured this out. I knew this from day 1 of facebook. How gullible people are. That why I have never or will never use it.
What Facebook does is all perfectly above-board, because Facebook's ownership of everything you put there is right in the Terms of Service that you agreed to when you signed up. While some such agreements have been overturned in court, most of them are legally binding. As long as Facebook stays within the bounds of their side of the contract, then there's nothing you can do legally about it.
Where does Facebook make their money? Let's see
- Matching you against advertizers so that the ads you see are more likely to be clicked. Ad clicks are revenue.
- Datamining "anonymized" information about all their users to sell to companies that want statistics about people.
- Kickbacks from leading users to paid services.
Facebook started out as a social networking site. That is what Zuck had in mind. But when he had to turn in into a business that made money, the obvious thing to do was to use the information people put there. Facebook's three primary engineering trusts are (a) improving their site so as to keep you addicted to their service, (b) improving their site so as to maximize the value of the datamining output, and (c) minimizing the cost of providing those services.
In fact, this is little different from what Google does. They keep cookies about what your searches have been and use that to match you against advertizers. If you combine Google searches with gmail, Google+, and Google Docs, you have the same amount of information, a vast treasure trove from which to learn general things about people and to profile individuals in order to match the against ads.
This is the nature of all free web services. But even paid services like Netflix, Newegg, and Amazon mine your searches and purchases and compare you with other people in order to do a better job of recommending things you'll like. Netflix had a million-dollar prize dedicated to this. Amazon always recommends products bought by others looking at what you're looking at. And I regularly get emails from Amazon telling me about products I might like, based on what I've bought in the past. Is this an invasion of privacy? It's hard to say, because it's not clear where the ethical line is between helpful recommendation systems and scouring every detail of your life.
None of these services sell your personal details in an identifiable way. Besides the fact that they'd get into all sorts of consumer protection trouble, Amazon does not want Barnes & Noble to know your purchase history! Same with regard to Netflix and Blockbuster. On Facebook, every tiny piece of info that appears on your page is something you or one of your friends chose consciously to put there. Mind you, that can go wrong, when someone puts up a photo of you that they didn't have permission to put up, but be careful who you're friends with, eh? But everything else is really under your control. It gets really creepy when you get an ad popping up related to something you mentioned in a chat session. I think that's going a bit far. But again, you chose to use Facebook (rather than, say, a telephone or jabber) to communicate that info, and you already know that Facebook owns it. Creepy but completely above board and legal.
Facebook is like the way the devil is described in some religions. He doesn't force you to sin. He simply provides you with many irresistible temptations. Facebook plays on human psychology and this weird combination we have of being introverted (many of us) and wanting to connect with other people. Facebook is designed by experts at addicting people and making them WANT to expose their deepest secrets. The temptation is so great that we consciously choose to walk naked through the streets, knowing full well that many nefarious eyes have really good binoculars. Going well beyond creepiness, Facebook's unfathomable privacy settings make it ripe for identity theft, even newborns who grow up to find out that they have credit card dept of mysterious origin.
And yet Facebook, much like the devil, always follow
the warmongers allow you to post on Slashdot with impunity. Maybe you are overstating the case?
Except for ending slavery, the Nazis, communism, & securing American independence, war has never solved anything.
Most people I know simply don't care about their privacy when it comes to facebook, google+, whatever. They want an easy way to post their pictures online and stay "connected" with friends and family. Email does not work because granny has learned to never click anything in an email so the 50mb zipped attachment stays in her Inbox, or if she does click it, can figure out what the zip file is. Things get too complicated for regular users and it's easier for them to make excuses about privacy, stay in denial, and pretend google or facebook will never screw them.
I think Moglen is spot-on but you can't expect people to get on-board when they haven't the background to understand the situation. What's worse is the one-click Easy Button for everything has become the norm and people expect that. Anything more and they get glassy-eyed and loose interest faster than a 5yr old on a sugar high.
If social networking is to become more secure, it's not going to come from google or facebook. It will come from the OSS community in something like googlesharing, (encrypted) Tor, Bittorrent or the like.
Join the Slashcott! Feb 10 thru Feb 17!
It's not an attack, if people are using it willingly.
If the service is free, you are not the customer, you are the product. Hi Slashdot.
Enough of the hyperbole. Facebook only has as much on you as you let them have. No one died in the transition from MySpace to Facebook and no one is going to die when Facebook goes the way of MySpace.
People just want to be lazy about their lives and blame others when things go wrong for doing so. Facebook can't share anything with anyone I don't let share myself to begin with.
this news (and more generally, Facebook) got me really really sad over the course of the years
I got an account about 8 years ago and I didn't ever use it - till one prophetic day (about a year after) when I read that it might be the "next big thing". I quickly recovered my password and logged in. to my surprise, two dozen friends - old and new, familiar and less so - were already requesting my friendship.
now, I gotta say that I am not the kind of person who's life centers around socialization. but facebook showed me that I am not so alone in using culture, science and play in order to make friends. for a couple of years I viewed facebook as an utopia, together with my "2nd world country" friends
being on facebook was the ultimate liberty, the Good'ol Days of America descending upon our fontanels. facebook was simple, facebook seemed transparent and you could share the exact amount of information you felt responsible for.
but then "they" over-complicated it. "they" said how you have to use it and what for. "they" did not endorse personal growth, but descended to the lowest common denominator - and that is the place all the ugly fungi have the right conditions to grow.
fast forward.
today the only solution I can think of is that EVERY user should have his own facebook. like in the past everybody (who was somebody) had a web page, now everybody has to have "a facebook".
maybe it will be web 3.0, maybe not. but one thing is clear: trust can only be put in persons. not governments, not corporations, not brands. persons. and over the years it became clear to me that Zuckerberg is not somebody I would trust.
excuse my grammar. also, this is my 1st long /. comment, although I have been reading you since I first installed linux (ahh, Mandrake!)
The name is "trusted middlemen", and anybody claiming it is an attack is doing yellow journalism.
It is true that the more people you have to trust, the worse off you are. It is also true that trusting a corporation can be quite worse than trusting an individual (but then, it can be quite better in other points of views). It is also true that trusting corporations that already showed that they don't deserve any trust is even worse. But equating it to a man-in-the-middle attack is a lie. Plain and simply, a lie.
Rethinking email
Sure, and we could easily email our (dozens, hundreds, whatever) of our friends daily with all the photos and news updates we care to share with them, eliminating FB entirely.
That's why FB is *not* any kind of attack. An attack implies an unauthorized insertion into the data stream that forces us to unknowingly share our data with the attacker. We willingly give FB our data, knowing full well (if we read any of the news on the subject at all, or the TOS) that they will use that data to their financial benefit. Calling that an attack is lying saying your dentist can be arrested for assault after the pain he inflicts on your teeth and gums.
The obvious thing to do was to charge users a nominal fee. Fecebook has 900 million users. Charge each of 'em five bucks a year, and you're making 4.5 billion a year. That's a respectable revenue, and five bucks a year is chump change compared to what the average Fecebook pays in Federal taxes.
Exactly right. Facebook is a man-in-the-middle attack on privacy...and it's all controlled by one company. Moreover, it's use is not voluntary since it has become the primary form of online communication between those under the age of 25. What is needed as an alternative is a open-source specification for a new social networking protocol that can be implemented on any server as a peer-to-peer system that will service any social networking client that conforms to the specification. Unfortunately, the only way that that could be implemented efficiently would be if every global user were assigned a unique alphanumeric identifier and THAT would take some sort of global registry maintained by some organization like the United Nations.
A lot of geeks around me regard FB and G+ with suspicion/derision. I wonder if there is a significant percentage within Google & FB employees who feel the same way. Or is it mandatory for them to have an account and use it?
A somewhat less cynical view is that Facebook is to your social interactions what a bank is to your money. You let Facebook manage your interaction data. The advantage for you is that sharing is easier and the data is more secure than it is in your own safe. In return, they get to use your interaction data for their own gain.
Now the banking sector has been heavily regulated by the government to restrict their use of their customers' money to what the community considers ethical. Probably things will have to go wrong before it goes the same way for internet social networks.
Enough of the hyperbole. Facebook only has as much on you as you let them have. No one died in the transition from MySpace to Facebook and no one is going to die when Facebook goes the way of MySpace.
People just want to be lazy about their lives and blame others when things go wrong for doing so. Facebook can't share anything with anyone I don't let share myself to begin with.
Yup, you're right. No way other people could tag me in their photos and have that violate my own privacy.
I've always view Facebook as a modern day, War Games. The only winning move is not to play.
=================
Unix is very user friendly, it's just picky about who its friends are.
Yeah, but so is getting a driver's license (giving up essentially all of you personal information to an organization who's data security is really, really bad) and talking on a phone or texting (every communication can be kept).
Is it dangerous? Yes, just like walking down the street, taking a shower, or eating food you haven't personally raised and prepared. At least someone is getting worked up over it for me so that I can go back to not giving a shit.
Is it just my observation, or are there way too many stupid people in the world?
Man uses bulletin board to communicate. Claims bulletin board knows all his secrets. More at 11.
We all have to die, so let's commit suicide?
Sure, we depend on others all trough our lives, but that doesn't mean we have to use a service which is built on the idea of datamining.
cb
if you're not the farmer, you're the pig.
Even when you get a pig in Farmville, you are still just a pig.
I don't believe that its quite that bleak. You buy a service from Facebook, and you pay with your privacy - and a fraction of your visual field of view (eg looking at ads).
I do not watch free-to-air TV, as I don't wish to pay for their service with my time (watching their annoying ads).
I do not watch pay-TV, as the original intent was for my cash payment to grant me freedom from those ads, and the pay-TV companies re-neged on their promise.
Facebook does not ask me to surrender my time in exchange for their service, so their price is acceptable to me... for now.
Not exactly. The requirement you're trying to conjure is that the parties believe their communication is private.
And, as you suggest, users may expect privacy for a number of reasons. They may not understand how their workaday drivel could be of value to corporations and governments, and so wouldn't expect detailed analysis of their updates and taggings. Or they may not understand the infrastructure, perhaps partly from ignorance (and not caring to look into how computer communications work), perhaps partly from obliviousness (not even consciously registering that there's infrastructure, let alone how it might work).
Otherwise, users may lull themselves into thinking that it doesn't matter if their blathering is monitored. That is, they think they have virtual privacy because they think the information they're giving up is useless. This is where more technically savvy advocates of Facebook fall, I'm guessing. They're not so stupid they don't realize that Facebook has detailed access to their every comment and action on the site (often even realizing that web bugs track them even when they're not even at the Facebook website), they just don't think it's a concern. Well, the truth is that lots of data add up, and even individual comments or tags can be of great value. It's hard to judge the usefulness of these things from the perspective of a little person, without the perspective of a large corporation or government agency. There is no virtual privacy resulting from the unimportance of your social communications. There is only a failure of insight or imagination to reveal the value to be wrung from your information.
Another important connotation of MitM, and one that is not analogously mirrored in this situation, is the ability to alter messages. It's implied to be related to MitM, but I don't know if it's generally agreed that message alteration is a necessary attribute for defining what is a MitM attack. (For instance, merely intercepting data is a valuable result of interposing in believed private communication — gathering credit cards this way is a profitable attack.) Oh, but then again, the ability actually is there. My mistake. It's just not one that we would expect to be actively used. Not regularly, anyway.
Every time an article related to real-life security (i.e., fighting terrorists) appears, Slashdotters come out of the woodwork to say that there have been an average of 300 US deaths in the past 10 years from terrorism, more people die from car wrecks and smoking, etc.
Same thing here: out of all the evil that MIGHT come from sharing on FB, how many people actually lose jobs, have government agents show up at their door, etc?* For 99.9999% of people sharing on Facebook, there might be a few somewhat-bad things that happen (most likely someone finding out more than you would have liked) but probably not too much more common than what spreads through traditional gossip anyway. I imagine very few bad-with-a-capital-B things happen. Most people will die without having experienced first-hand (or even second-hand) any disasters from sharing on Facebook, belonging to supermarket loyalty clubs, etc.
I'm not saying there's nothing wrong or potentially bad, but like most other things in life it just won't matter to most people.
* And in cases where it DOES happen, I'm sure most belong in the category of "you shouldn't have been doing that (or at least not talking about it)"--crimes, affairs, etc.
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
Summary might say:
Even quoting 'man in the middle attack' as if to quote Moglen.
But article only says:
It's actually vague.
It should have been fairly easy to have data visible at the clients end but encrypted in facebook/the icloud/you name it.... but then there is no money for spying/harvesting...
Another reason I miss true peer-to-peer messaging systems like Jabber, despite all its shortcomings.
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
Sounds like this wasn't such a conspiracy theory after all, eh? What better way to keep people from having any privacy than to kill the creator of the one website which would have worked to help provide it cheaply and easily to the public. It's time to make a diaspora, and leave Facebook forever, as far as I am concerned.
Thinkingman.com New Media
The point is that more and more companies offer products that replace open protocols with open servers and clients. Email is/was SMTP with millions of servers and client applications implementing that protocol. No room to make money apart from selling bandwidth. The web as we know it is HTTP with millions of servers and clients and while there is ample room to make money it's not actually a product.
Facebook and Twitter aren't protocols. They are products, owned and controlled by companies that does all of this to make money and to achieve this they offer what people want, not what's sound and reasonable from a technological POV.
If you have a closer look at this you will find that there are reasons for this shifting picture: All the good old protocols were designed from a very technical point of view, or from the point of view of technical users. Email is complicated to set up, there's a reason for many people (if they still use email at all anymore) using some webmail service. It also doesn't do very much except sending messages and small files around. It offers no way to actually find people. The web (based on the Hyper Text Transfer Protocol) just transfers files containing clever markup and doesn't care for anything else. All of this fine and dandy from a technical POV but just doesn't address very much of what "normal" people actually want to do.
I really can't be angry about what Facebook does, because: We (as geeks) just totally failed to come up with protocols and tools for an infrastructure that would've been able to address the needs of casual users. Instead we insisted that webmail is silly and a full-featured MUA the way to go. In Usenet we were fighting HTML content and fake names even as Usenet (as a communication platform) went under. And there was never anything that even tried to implement a net-wide address book or useful calendaring. All these missing things left a gaping hole that companies like Facebook just exploded into like a gas into a vacuum.
It's easy to hate Facebook and to praise geekdom, but we just miserably failed. We were (and still are) more fascinated by the tools instead of what people might want to do.
Enough of the hyperbole. Facebook only has as much on you as you let them have. No one died in the transition from MySpace to Facebook and no one is going to die when Facebook goes the way of MySpace.
People just want to be lazy about their lives and blame others when things go wrong for doing so. Facebook can't share anything with anyone I don't let share myself to begin with.
Very true. Except:
Facebook has caused a large number of divorces, Employers use it to see how their apps are in life, and the government is using it now to spy on us.
With all of that, I'm going to say that within 2012, someone will die because of Facebook.
Probably suicide, but then, we can't rule out murder. Of course, we might get the parent who neglects their kid to death...
Be seeing you...
And the public doesn't seem to care much. Remember that little skirmish about Politico.com buying analysis from FB on public and private message mentions of republican candidates to "evaluate sentiment"? A few people complained for a bit about not being able to opt-out and then it all died out (despite questions on randomization of results etc).
Add to that clickstream selling by ISPs, and attempt to gather and sell your information pretty much by everyone (heck, yellow pages delivery opt out form demands phone number and email) and people seem to be simply tired of fighting it.
Hyperom.com
"TLA Honeypot" is as good an analogy as "MITM Attack"
Most FB users are boneheads (the people I know fit the pattern). They probably don't know, and most likely would not care if they understood this excellent analogy.
your loss of money on lottery tickets. It is a voluntary tax in ignorance. Facebook (and the lottery people) know that there are huge numbers of ignorant people out there who are willing to part with something valuable for something of very little (or no) value simply because they don't understand what they are parting with and what they are gaining/losing.
Oh yeah, and Windows is malware.
about me anyways.
anyhow, your mom is mitm. why would you put something on fb you didn't want fb to know? if you _share_ a link to something you think is interesting.. why would you care that mitm gets it?
now, if you live in indonesia and have to hide your atheism, I suppose you might want to share things like that under a pseudonym, in which case they'd be a mitm to that..
world was created 5 seconds before this post as it is.
A man in the middle. A man with a face like an African mask. There's something about him that just makes me want to punch the fucker.
So those who want all your data at any price just because they can are the real "bad guys", and we shouldn't worry about the commercial entities who collect such data wholesale and freely sell it to the "bad guys" in 10,000 person lots at clearinghouse prices?
Point being - unless there's some serious safeguards in place to prevent the data from being passed on to the nefarious sorts, we kinda have to assume the ones doing the collecting are at least complicit in the abuse. Heck, even if there were safeguards in place do you really think they'd do much good against someone willing to spend untold resources to get it?
I know this guy who gives his girlfriend blow in exchange for blowjobs. Sometimes people need saving from themselves.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Thanks for one, taking a statement and spinning it in a way that totally contradicts what can reasonably be assumed. It's actually a fallacy. But hey, if you want be Captain Obvious, have fun with that. And two, thanks for reiterating what I already stated that your privacy and security are non-existent, especially in the face of someone willing to expend untold amounts of time, effort and money to get it.
Oh and yes, the person willing to forgo any thought to resources in order to get to your personal information is more dangerous than some dude stealing credit card numbers. The person wanting your financial info just wants to rob you blind, couldn't really care less about your feelings or reputation and such. The person looking to get all your info at any cost is trying to destroy you. That's more dangerous. Unless you like some dude from the Ukraine parading around as you?
This is possibly the best summary of Facebook I have ever seen. +1
What would a peer-to-peer "Facebook killer" alternative look like?
Or better said, if you're not the farmer, you're the pig. Free food, water and a place to live?!? What could possibly go wrong?
I will now use this argument against Socialism too. Thanks. :)
From Facebooks' front page, in big friendly letters: "Sign Up It's free and always will be."
There's no mention of payment for services. Are you saying the FB is blatantly lying on its front page? Or are you saying that people who take that statement at face value have below average intelligence?
The news is not that Facebook is a man in the middle attack, but how people react when state this obvious truth.
And the thing is, for now having an account on Facebook and consorts may be voluntary, but if things keep on going the way they are it won't be long before you need an account on a social networking site to get into a university, or to get a job. Or simply to prevent you from becoming completely socially isolated. How voluntary is it then?
I'd mod you up if I had any points today. You have hit the nail on the head with a sledgehammer.
Right on! However I am of the opinion that such market models are short-lived for a reason. They don't create anything of REAL value. If Facebook and Google are monitoring my use of other sites while I am signed into their site, it just means that they have more information about my web-life. If I never spend any money on Facebook, then they won't earn any money from me. They might know a web-site that I did buy something from, they might even know what I bought, and how I paid for it, but if they didn't refer me to the site, they havn't even provided the site with any real service. When you boil it all down, all you have left is what advantages the web has always provided, access to people, resources, products, and information that you would never encounter in your localized physical world. It's things like that make me wish people would get serious about the web and quit trying to use it EXCLUSIVELY as a means to rip people off in one way or another. Unfortunately it will take the full collapse of the fossil-fueled components of our economy for us to utilize this wonder of human thought to it's "TRUE", and "REAL" potential!
-Oz
... because, you know, people choose to use FB and Hitler was elected.
How about seeing things for what they really are, especially including the group dynamics involved?
* You have no control over the data the MITM attacker collects. You have some controls over what Facebook collects.
Does he refer to the ridiculous privacy settings? There is absolutely nothing actually helping you decide what they learn short of using proper crypto. I doubt many cheeseheads on failbook do that. And even then it would also apply to a more traditional MITM...
The odds of terror and government repression don't add up the same for personal risk. Terror is more random, but once you begin to be a real threat to the government (say as an effective organizer) your odds are way above average for becoming the victim of repression.
OK. So, analogous to how the government set up the Federal Reserve to be the lender of last resort, I guess we need a Friendship Reserve to be the "liker" of last resort, for people with no friends, right?
I'm not a lawyer, but I play one on the Internet. Blog
Protocols are always going to be wrapped into products if there is any money to be made. And everybody just wants something to work, nothing else, if it is beyond his field of expertise.
An open protocol can never be monetized, except for some support.
gotta love that term!!!
Or better said, if you're not the farmer, you're the pig.
Free food, water and a place to live?!? What could possibly go wrong?
I will now use this argument against Socialism too. Thanks. :)
I actually think this cuts both ways, one could say the farmer is the 1% paying the minimum required to keep all of the lower classes happy while they get ready to slaughter them for their own gain.
I mean I'm no expert, but my understanding with Socialism was that there was no class division, thus no farmer.
=================
Unix is very user friendly, it's just picky about who its friends are.
Yeah, agreed. I've never used facebook. It seemed like a dodgy idea to me from the get-go. Their senior management aren't people I'd personally choose to trust.
I see you've never read Animal farm.
Free Martian Whores!
Why not get rid of the middle? One of you young hotshots should write a program that does what FB, G+, and MySpace does/did that requires no outside servers, only the people you're connecting to.
Free Martian Whores!
No its not payment. You become the product, and your data will be compartmentalized to make it hard to get away from their service. You stop owning the data you create, you give away free content and free information, and that is the product that is being sold off to third parties.
It is very hard to get all the information that's stored about you out of the system.
Mozilla's browserId is an attempt to go a different way by encrypting the information so that the server cannot actually mine information. They also promote a system where data can be easily moved to other places, even though it is stored in the cloud. The current silos of information base their business model on locking in the information for their users, this is something we need to raise awareness about.
https://en.wikiquote.org/wiki/Eben_Moglen, great quotes
You hear about the person who didn't rely on anecdotal evidence to support his belief system?
There is a problem with your logic. Yes, if you follow Eben's logic your ISP, cellphone and landline companies have the capability to MitM attack you, but that isn't how they tend to operate, on the other hand for Facebook it is their modus operadi. The other ones you mentioned, no, they aren't in the middle of anything, they just have access to private data about you, but that is out of necessity.
And yes, privacy and security exist, but they are relative and not absolute, sure you can't have absolute privacy or absolute security, but you can have degrees of them. But if you think they don't exist go ahead and prove me wrong, post my name and address, or even just my name, I bet you can't.
I know I don't have perfect security or privacy, but just because it ain't perfect I damn well ain't gonna make it easy for strangers to find my life history by posting it to Facebook.