Loss of Privacy

Though tame for 4chan, the screen shots are NSFW.

The accounts were compromised through a third-party website’s security flaw, and the hackers then used the list of email addresses and passwords to compromise the email accounts. Since the dating website’s passwords and that of the corresponding usernames were the same, this was easy to do.

(lesson to be learned: use strong and unique passwords for different sites)
Though Facebook doesn’t seem to be the target of the attack, using the same passwords over multiple sites is highly dangerous.  The underlying message is that Facebook is not secure and too easy to mess with.

Many people fail to understand that most of what you put on the internet is not private and people you probably don’t want to read your information do.  If you’re privacy conscious, you might want to take a look at the new Facecloak, which aims to keep your information private on Facebook, allowing you to choose who sees it.

…researchers at the University of Waterloo in Ontario have developed a browser plug-in to help users keep their information private from prying eyes and from social-network providers as well. Urs Hengartner, an assistant professor of computer science, and his colleagues say the plug-in replaces sensitive information in a user’s profile and news feed with meaningless text that can only be unscrambled by trusted friends or contacts. Dubbed FaceCloak, the tool assures its users that sensitive data stays private, Hengartner says. “If you have a particular illness, you might want to allow only your friends to see that,” he says. “This leaves it up to the user to decide what information to keep away from Facebook.”

Of course, if you’re that afraid that some unauthorized person will be able to access your information, then, maybe, you shouldn’t post it to begin with.

TrendMicro is reporting that, even after they found three new rogue facebook apps related to the fucabook scam and Facebook deleted those plus three more, more apps that steal your data are continuing to pop up.

The SEC has announced that people attending any SEC football games are barred from posting on Twitter, FaceBook, YouTube, TwitPic, or any other service because they own the copyright to everything that happens at the stadium.  The SEC claims that all such media coverage rights belong to CBS because the two have just signed a 15 year, $3 billion contract.

Earlier this month, the conference informed its schools of the new policy, which reads: “Ticketed fans can’t “produce or disseminate (or aid in producing or disseminating) any material or information about the Event, including, but not limited to, any account, description, picture, video, audio, reproduction or other information concerning the Event.”

While Major League Baseball has had a similar policy for years, they have not enforced it in relation to social media sites that post video clips or short messages about their games.  If the SEC is serious about enforcing this policy, they will soon find that it is an impossible task.

Unlike the SEC, the Big Ten has embraced social media.  Abilene Christian University of the Lone Star Conference is also planning a big social media event for the start of their season.

I suspect that the SEC has implemented this policy to 1) placate CBS with a promise to crack down on copyright.  After all, a $3 billion investment needs some guarantees and 2) When the SEC does crack down on people who abuse the privilege, for example by uploading full games and/or selling them, the have a legal leg to stand on.

What this really amounts to is the SEC is covering their asses, however, they should have been more clear on the matter.  Individuals will be upset at the changes as they have been made with no explanations.  This leads to speculation and fear.  While we all want to keep our rights to take photos at the game or film a short clip, we need to know that we won’t be hauled off to jail for it.  The SEC should have been more forthcoming about the changes and been upfront as to why they’re doing it.  Everyone understands that CBS needs to protect their investment.  Just don’t treat the fans like idiots because of it.

Facebook has, again, tweaked its terms of service, this time to address privacy issues and the use of ads.  The new update to the Statement of Rights and Responsibilities is available for review and comments from Facebook users.  One of the most important changes is that Facebook now makes it clear that, if you share something with “everyone,” it doesn’t mean just people on Facebook, it’s to the entire world.

The company also added a new section which details proper use of its pages features, including who is able to administrate them, and provisions that require all content on the pages to be public and able to be indexed by search engines.

On top of that, the company is locking down sponsored status updates. These are user updates which have been paid for by an outside company, effectively turning users into marketing mouthpieces. What’s unclear, however, is how Facebook intends to police items that are not known advertising schemes, such as people’s personal businesses. Although under the updated document, it’s a little clearer that that has to be done on Facebook pages instead.

Some other changes include:
• Not being able to place a “become a fan” widget inside of an advertisement (however you can still place it next to one).
• Clearer language on what kind of information third-party applications get access to.
• A ban on attacks that could disable the service (such as DDoS attacks, which are all the rage right now).
• A ban on pyramid or multilevel marketing schemes.

With the seemingly constant changes and tweaking of Facebook’s terms of service, one has to wonder if it is worth it to continue to keep a Facebook profile.  While Facebook can be a useful tool, is it really worth losing control over what personal data gets into the hands of the public.

Facebook faces the challenge of being public in the sense that it’s online and can be seen by everyone, yet they also need to protect the privacy of the individuals using their service.  All the privacy settings should be defaulted on and, if a person wants the world to see what they’re doing, then let the user turn on such services.  Just because the rules are obfuscated, doesn’t mean that users should assume they are protected.