Secrecy, privacy, security, intrusion

It appears that Facebook did not suffer a security breach. Instead, publicly available information about its users was scraped. Privacy breach? Yes - but by the individual users concerned and the tyranny of the default.

Should Facebook get into trouble over the fact that someone was able to build a database containing so much information about so many of its users? Absolutely - but the main concern is ensuring that Facebook data is private by default, and this is not in the interests of the platform.

Similarly, the latest LinkedIn data breach was a through scraping. This is a bigger problem, because the whole point of LinkedIn is expanding one’s network for work purposes - and so many people make their entire work history publicly available! A set of half a billion records showing an individual’s work history would be of enormous value to a hostile nation state.

In other words, the problem is how to design online networks that serve the user purpose without providing malicious actors with useful information - all while maintaining profitability.

3 Likes

There was no security breach. It was a publicly available data extract.

FB has provided data harvesting facilities to interested parties as part of their social engagement platform. That is what it is.

Users publish information about themselves, and interested parties can avail themselves of this information. Whether it is to find friends, or others who went to the same school, or worked at the same company, or share common interests.

Since the 2015 Cambridge Analytica data harvesting that was used in the 2016 US election campaign, and the 2019 loophole in the data syncing feature that is the subject of these latest breaches, FB has had to tighten up on their privacy settings.

But in the end, what you as a FB user choose to make public is up to you. If only ‘friends’ are to see that information, then make it that way. Or even better, don’t publish anything that you would not want made available on other sources. Do not publish your email, or private phone number, or address.

2 Likes

At this stage, yes.

Users should consider all the following:

  • You have the choice not to participate in social media at all - it is a pact with the devil, you are the product. Don’t like it then don’t do it.
  • If you do choose to participate, give the minimum public information and even give fake information.
  • You don’t have to give Facebook your phone number. Don’t.
  • You don’t have to give Facebook your real birth date. Use a fake date.
  • You must limit access to your list of friends so that only your friends (or indeed only you) can see that list i.e. not accessible to the public.
  • You should use a dedicated email address with Facebook (so that if it leaks then you can trace the source of the leak back to Facebook - and so that if it leaks then nothing else is accessible via that email address).
  • If you take your privacy very seriously, don’t use a profile picture. You don’t have to have one.
  • It goes without saying, only make posted content Public if you really and fully intend to share it with the entire world. That’s fine if you are a social media wh‌ore and the intention is to go viral, and build your number of followers, and become an “influencer”, etc. etc. etc.

Yes, if any criticism should be levelled at Facebook, it is that the security model is complex, opaque, ever-changing, not well-explained, has a difficult-to-use user interface, …

A naive user who thinks it is a good idea to participate in social media would likely get bad security defaults from Facebook.

3 Likes

And possibly another is never tag photos of faces with the names of the people. This provides invaluable information to allow better biometric analysis of all images to identify individuals and collect data.

4 Likes
  1. You should never post photos of people without their consent. Even an untagged photo can be used with other data to identify an individual.
  2. I don’t know whether Facebook, Twitter, Instagram et al do this for you, but suggest that before posting any photos you remove all EXIF data attached to them. This includes a heap of data the camera type (or phone model), the precise coordinates where the photo was taken, time and date. Even if it is removed by the platform, you are giving the platform extra information about you that it does not need.

Edit: does the Choice Community platform automatically remove EXIF data from photos? If not, same advice applies - but also a call-out to @BrendanMays to investigate and if necessary/possible update the platform to do so for its users.

4 Likes

Great advice. I only do so for those more than 50 years departed.

Personally it’s too late! Although not being on FaceBook how does one really know?

Doubtless extended family have been doing this since before the above advice has been shared.

Does Facebook include this advice to our FaceBook addicted friends before our friends choose to upload?
No need to answer, I expect not!

Auto tagging of our names is also everyday. I’ve stopped worrying as that horse has long bolted. Even after departure we will linger long as digital memories for those left behind?

3 Likes

Good advice.

  1. I believe that Facebook does, BUT
  2. that is not good enough because you have still shared all the EXIF data with Facebook and although they may strip it, they may also keep it somewhere (as you go on to say).

So you need to strip it before uploading to the social media platform. Ideally your web browser / the app would do that for you but I am not aware that that capability exists.

Of course I can’t directly tell you which setting Choice has chosen.

2 Likes

Advertising has always been manipulative. Cambridge Analytica showed what’s possible. The risks to which we willingly expose ourselves.

2 Likes

Well the Federal Court has found Google mislead users on their tracking of users. Not just one setting needed to be turned off but at least two of them. Users may have thought if they had turned of location history that their location data was not kept or used but this was and is not the case.

5 Likes

Maybe our government wasn’t overreacting when they banned Huawei from our 5G rollout.

3 Likes

New legislation amendments being considered by Government on sharing our personal data is being hailed by some as a boon but others say it is very worrisome. Personally I am very worried by the proposed changes. Not only would this legislation allow sharing without your consent (and secretly shared) but would also allow the Government to share outside the Government with third parties.

An article from The New Daily discusses the changes

ABC Article on the “Data Availability and Transparency Bill” from Sept 2020

Other links

https://www.pmc.gov.au/resource-centre/public-data/issues-paper-data-sharing-release-legislation

https://www.legislation.gov.au/Details/C2020B00200

2 Likes

An article regarding the secret deal made between Walker Corporation and the Qld Government.

The same Labor Government that railed against developers making political donations to the LNP.

What a bunch of absolute hypocrites.

image

4 Likes

I am astounded that benefits for the public are considered secret!! What? so we no longer should be told of the benefits we will all receive?

Ok everybody you can’t know what we have done for you because they are benefits for you so we must keep them secret sounds like a Monty Pythonesque script.

6 Likes

A possible class action against TikTok and its parent company regarding alleged breaches of childrens’ privacy.

1 Like

A hillarious article regrdaing the “security” of Trump’s Mexico border wall.

Don’t they have rattlesnake problems in Texas?

1 Like

Nah. Trump now lives in Florida.

1 Like

An article regarding Apple upgrading privacy much to the dislike of facebook.

2 Likes

As far as I am concerned there should be no such thing as commercial-in-confidence in most spheres of government activity. Sure, if it’s defence procurement or a national security agency, I get it. Otherwise public scrutiny must be an unavoidable part of doing business with government i.e. taking my money.

4 Likes

Having been on both sides of the fence, commercial in confidence protects the bidding parties. Often there is business financial and IP information which would be of high interest to competitors. Disclosing such information may also compromise future tenders and the competitive tender process.

Internal government workings shouldn’t fall under commercial in confidence as they aren’t commercial in the real sense. If government doesn’t want something released, it could always be taken to cabinet and protected by disclosure rules applying to such documents.