Slashdot Mirror
Moglen: Facebook Is a Man-In-The-Middle Attack
jfruh writes "In an email exchange with privacy blogger Dan Tynan, Columbia law professor Eben Moglen referred to Facebook as a 'man in the middle attack' — that is, a service that intercepts communication between two parties and uses it for its own nefarious purposes. He said, 'The point is that by sharing with our actual friends through a web intermediary who can store and mine everything, we harm people by destroying their privacy for them. It's not the sharing that's bad, it's the technological design of giving it all to someone in the middle. That is at once outstandingly stupid and overwhelmingly dangerous.' Tynan is a critic of Facebook, but he thinks Moglen is overstating the case."
It amazes me that people think Moglen is overstating the case. He is not. Let's forget the datamining for commerce. Let's just think about what a simple post on a social network can do with ones life. People have been murdered over a post on social networks by goverments. People have been held in custody (hi USA) over posting a qoute from family guy... Moglen is right. Everything you post on facebook, twitter, hell any service that has an office in the USA will get into the FBI, CIA an SS databanks and you will get in trouble if you post something those warmongers don't like. Moglen is right. Using centralized, datamined networks is stupid and even more dangerous. It takes a lot of effort not to see that.
Your ISP does not see the information you transmit if it's encrypted, or email, chat, etc.
Facebook CAN see the messages you send, even if your communication to and from facebook is encrypted.
Or better said, if you're not the farmer, you're the pig.
Free food, water and a place to live?!? What could possibly go wrong?
=================
Unix is very user friendly, it's just picky about who its friends are.
I do think it's a widespread ethical view that these utility-like services shouldn't use the information for their own gain. In the phone era, that was formalized with fairly detailed rules; AT&T couldn't just randomly listen in on your phone calls and use it to sell advertising profiles to mail-order catalogues. In the internet era technology is moving faster than people/law can keep up with.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
Sigh - straw man arguments are so tiresome.
These social sites are not your ISP.
These social sites are like inviting a business into your living room to eavesdrop on conversations with your acquaintances.
And for those who say "Who cares of I publicly post all my thoughts and relationships?" I have one question:
What would McCarthyism look like with the data available today?
Rather it seems we have to have special whole new laws because "via the internet" or "with a computer" needs to be tacked on. I'd say this is the larger problem.
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
... we all depend on companies every day and trust them with our personal info. There really isn't an alternative.
I wonder why?
When I arrived to the US and received my SSN, I tried to take the message that was next to it seriously : "Keep this number safe and secret" / not word by word citation/.
Then I went to get bank account, set up account for gas / electricity, driver's licence, cell phone contract, everywhere I was asked for my SSN. Seriously, why can PEPCO, GEICO, WASHGAS, AT&T oblige me to reveal this information?
My guess is that people in the US have been slowly but surely trained to surrender sensitive personal information to third parties.
Your ISP can see which websites you visit, how long you spend there, how often ....
Yes, but it is not part of their business model to do that.
People would be quite out-raged to receive an email from their ISP, that reads: ... P.S.: Has your daughter looked at planned parenthood?
Based on the web-sites you visited, we recommend following companies to you.
fB is also worming their way into other sites via scripting. I play some games at an EA owned site and suddenly you can not select a game room, or even see a game room list, unless you allow scripting by facebook.net. In the interests of allowing fB members more interaction EA has in fact forced everyone using the game to send data to faceBook. Anyone not blocking scripts is totally unaware of the issue, but most of them probably think fB is a good thing anyway.
You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
What would McCarthyism look like with the data available today?
You remember when your president had to publicly reaffirm he wasn't a muslim but a good god-fearing christian with good wholesome christian values ? McCarthyism never left.
You americans and your battles over symbols. You raise a big stink over irrelevancies like ID-cards and Facebook and meanwhile you've got the TSA, warrantless wiretaps, draconian copyright lawsuits, etc.
If all else fails, immortality can always be assured by spectacular error.
Back when Facebook became the Next Big Thing, I thought it seemed silly and a bit dangerous to rely so heavily on a single web site for so many things while excluding anyone who wasn't a member. You're just opening yourself up to monopoly abuses in that situation. I thought an open protocol for interfacing with social media components, whether hosted on Facebook, a competitor, or a personal site would be a more inclusive solution with less potential for exploitation or single point of failure issues. Then I realized that there would be no commercial incentive to supporting a solution that bypasses central servers, so of course it would never happen. The Internet is devolving back into AOL.
I've been "online" since '93, and have hosted my own sites and DNS, etc; Whats funny is when people who didn't even use email until the early 2000's found out I'm not on FB they act like I'm some kind of luddite. Thats how many people view the whole web 2.0 experience. They can't be bothered with email and websites when the warm and cozy FB gives them everything they want. It's the Walmart of the net. Zuckerberg's fantasy of an "all seeing eye" http://en.wikipedia.org/wiki/Sauron is coming to fruition.
We play the game with the bravery of being out of range
The assertion that "Facebook is a man in the middle attack" is utter bullshit. an "attack" would imply that Facebook is doing something that the user does not want to do.
The reality is that facebook/myspace/google+ et al. is a service in which the user willingly sends their information to them, and then they happen to share such information with some connections.
People do that willingly, people willingly sign up to facebook and send such information to facebook. The people who do not want to share information with facebook do not do it.
Ubuntu is an African word meaning 'I can't configure Debian'
If you send encrypted information through your ISP, they can't read it.
If you send encrypted information THROUGH Facebook, they'll remove it calling it "spam". I tried this and, supposedly, they censor all encrypted messages, only allowing clear text, unencrypted messages on Facebook. It's like they say "Don't distribute encrypted information through our service. Since we can't read it, there's no profit in it for us."
Eben Moglen is absolutely correct that Facebook is a man-in-the-middle service attempting to fool dumb people into disclosing their personal information and secrets.
Stated another way...
Your relationship with your ISP: You are the customer.
Your relationship with Facebook: You are the product.
You don't get to 500 million users without understanding the contents of every message. Text data mining is actually one of the simplest things to implement and can provide a wealth of attitudinal data about products and services.
My Facebook rep has gone into some of their programs for targeted display of ads. I haven't asked her too much about how it would work, but the message she keeps driving home with me is that they can target ads based on how much someone likes something. She says this is based on more than what someone clicks on.