Referral links

Unlike other ads on this page, the two links below are to services I use - if you're looking for a new SIM or broadband connection I can personally recommend them, and these are specific referral links that I can get bonuses from if you sign up, so please use them :-)

Get a free giffgaff Sim Broadband from £5.99 a month with an included wireless router when you sign up to Plusnet - terms apply

Sunday, 28 October 2012

Facebook security - hype, false rumours, and why the ads are fine

[Short link to this article if you need it - - or retweet me]

This may become a multi-part post about facebook and social media as I've got quite a lot to write.

This part is about setting the record straight on some of the fact-free nonsense that's regularly seen on the site and what you can do to avoid spreading what is little more than spam on the site. I'd like to think that everyone on facebook could read this and think twice when they see anything like this in the future. In various forums I've already commented about how many people don't seem to understand about online security and privacy generally. And I've also mentioned how many people are willing to spread misinformation based on apparently not bothering to check and fully understand the facts. Or "crying wolf" by spreading false information risks, which has the negative effect of desensitising people to the real issues, which can only make it harder to explain real risks and scams to people (Claim you're free £150 Tesco voucher here - only 75 left).

I'll delineate the case studies in this article with horizontal lines in case you get bored of reading about any particular one :)

Unsourced scaremongering information

In one recent example, someone in a comment thread on a friend's post said this:

"Worse still, if you have the mobile app on your phone, it will publish stuff willy-nilly to your Timeline when you don't have a say in it at all."

When I queried this, they tried to back it up with a couple of links - neither of which had anything to do with the claim. Worse still, when you query some people I've seen suggestions you just "google it" as though their ill-advised beliefs are common knowledge - and in many cases an attempt to do so is fruitless, thus the discussion has wasted everyone's time. Evangelism on security beliefs which aren't based on fact isn't any different than religion, and I'm not a fan of having either shoved in my face as fact rather than belief.

Scams, "view your stalkers" and "authorise this app first"

Survey scams and forcing you to authorise apps are another thing. The Tesco example I mentioned at the start is an example, as is "free iPad" or "click here to view something sensational" or arguably the most common one "See who views your profile". All are examples of the same things - scams. If you see any examples, walk away and clear up any apps you've authorized and remove any posts they've made, otherwise you're contributing to the problem. This is why they should be avoided:
  • You have no idea who's running the "offer" or video
  • The people running those offers are only interested in making money (fairly obviously) so you are not really going to get anything for free. In the case of being forced to take surveys, it's because - surprise, surprise - the scammers make money every time a survey is completed.
  • If you have to authorize an app on facebook to view a video, then something's wrong. Why should you give someone else access (who, as per point 1, you don't know) access to your account. The scams usually post to your account to try and spread themselves and drag in your friends my making them think it was you who have received the offer. If the video's truly gone viral in any sense, you'll almost certainly be able to find it on youtube or similar sites without giving anything away.
Here's an example of what can happen when you authorise such a rouge application on your account. The authorisation screen (left screenshot) clearly says it will be able to "post on your behalf" and it will - on your wall, and potentially the walls of your friends as in the example on the right:

Adverts - they're not all bad ...

Now to adverts - let's get one thing clear - adverts are an important part of keeping the internet free to use. How much do you think it costs to run a site like facebook with the massive of data they process? Far more than your internet connection, that's for sure. And for that reason I have no problem with relatively unobtrusive adverts on web pages which I'm not paying for. Many people use AdBlock, but I consider that morally wrong, If you really object to adverts, you should vote with your business and use somewhere else rather than block it, or pay if that's an option. It's the reason I've said before that I pay for We7 music streaming and it's the reason I refuse, completely, to pay for a pay TV subscription. I'm not going to pay and still endure adverts. If you object to social media sites showing you adverts then you can stop using it and use a service that you pay for, such as

As a case study, the most recent example I've seen was this thread which was a link to a specific article about how facebook would now target specific adverts to you based on telephone numbers/addresses supplied by advertisers to facebook, which would then look them up in their database, and display that companies ads if a match was found. So you get ads from companies you deal with as opposed to random ones.

Now if you sit back and think about it for a moment, if you're going to have adverts, why on earth is that a bad thing? Let's look at it this particular issue objectively with a few points:
  1. If you've allowed a company to share your number with "selected third parties" doing it with facebook isn't violating privacy in any way whatsoever
  2. Surely you'd rather have adverts from companies you're interested in instead of things you might not be, so why on earth would you use this as a reason to put a fake number on facebook if this is likely to enhance the advert quality?
  3. Unless you've blocked them, you already have this sort of things via cookies from sites you've visited, this approach is better as it's from companies you've ALREADY SIGNED UP WITH, not just the ones you've merely visited (As an example I wish I never clicked on Brennan as I'm sick of being bombarded with their ads, but at least it's something I'd shown an interest in)
  4. Frankly, the many people com who think that this specific topic means Facebook are giving away your phone numbers to anyone are idiots. (Whether they've done that for another reason isn't the point, but think about it. Would people playing Facebook games prevent authorisation if it got access to your phone number? Probably not.
  5. The may people who think this will result in extra spam/cold calling are also idiots. It's driven by the data  that company's already have - nothing extra can happen in this respect compared to what could have happened anyway.
And these are all the flaws in just that one one comment thread I saw. This nonsense and misinformation is all over the place. And I'm getting fed up of trying to educate people - it'd be a full time job fighting people who don't want to change their unfounded beliefs. I did get involved at the end of that thread but I usually don't bother unless it's showing up on a friend's feed. Sites like Facecrooks and AllFacebook have a lot of good information on them - the people running them must despair at this kind of thing.

Timeline exposing private messages

Another one recently is repeated posts about how private messages have been appearing on people's timelines - supposedly visible if you scroll your timeline back to 2009 or earlier. Now I've done a correlation between all private messages I've had at that time, and none of them are on the timeline. What does show up is any posts made on my wall at the time. And I've been unable to find any true evidence to suggest otherwise, but a bit of research shows plenty of articles like this one backing up what I've said - there simply isn't any evidence, other than anecdotal, that it's leaking private conversations.

Look at this ... then write a comment

The other one I think is strange is not a scam so much as an annoyance, but when someone sees a picture with a caption along the lines of "Look at this for a while, then write something in the comments". As though something is likely to happen. Needless to say it doesn't - you're just making a spam comment on a picture. And because that picture is "public", the fact that you've followed those silly instructions just has one effect - potentially spamming other people's news feed with a belief that something might happen. This is far more likely to turn me off facebook than the people pledging to leave every time Facebook's layout is changed (can you even remember, other than the timeline change, what any of the things people complained about were? Do you REALLY miss them?)

Honestly, if you do leave such a comment and nothing happens, DELETE YOUR COMMENT so it doesn't waste anyone else's time. It's often the users that are making me less enchanted with the service ...

"You do NOT have my permission"

The alarming thing is how many new examples have shown up since I originally started drafting this blog. The most recent one is the "chain post" saying "You do NOT have my permission to utilize any of my profile information nor any of the content" with a load of seemingly clever words suggesting that making a post along those lines nullifies any contradictory terms in the T&C which everyone's signed up to.

Clearly it doesn't require much thought to realise that this is false - so I do wonder if people are doing it ironically or something, but I'm not sure I understand why.

It it isn't obvious, then the reason it's pointless is because YOU agreed to the T&C when you signed up for your account. Facebook did not agree to modify those T&C by agreeing to the post you made. It's not that hard to see why it's unenforcable nonsense giving people, as with most of the other things I've talked about, false information.

If you're affected by the issues in this article ...

Of course it can be hard to know what to do when you see any of these examples on your feed. You could ignore it, but ideally explaining why it's false is the best approach, as by doing so anyone seeing the post will hopefully read the comment. Although I think some people get upset when you point out such things, so it can be hard to make the point in an effective way.


Honestly, there have been plenty of valid security concerns on the internet, especially with Facebook. How about we start focusing our attention on checking the SSL certificates when buying things online instead? Do the people worried about adverts also worry about that? Focus on the real ones, and don't spread misinformation. It's easy to accept and believe scaremongering "chain posts" that seem genuine because they're from your friends, but it's no different from pyramid chain letters in terms of authenticity.

Think about it for a moment. Why do people encourage sharing this information by cut & pasting a message rather than providing a link to a relevant article? Partly because by sharing (often false) information that way, they can make scams seem more authentic because it seems to come from your friends, yet not provide a source or any evidence. If you don't know enough about security to understand what you're posting, please refrain from scaremongering under your own name.

There, I feel better now.

(Despite what I've just said, all comments are welcome of course, even if you disagree with me!)

1 comment:

  1. Excellent post, went ahead and bookmarked yo ur site. I can’t wait to read more from you. click here to learn more