Jump to content
chrisg

Facebook

Recommended Posts

Juggs asked for this in Megz' thread in the Green Room - let's see if I can explain a little.

 

First of all I am not, and never will be a member of Facebook, I know a lot of people here are, but the majority here are pretty net-savvy, with the huge membership FB has the overwhelming majority are not, they are neophytes.

 

My partner is a very active member, in a sub-group that focuses on spirituality and plain friendship, they are pretty choosy about whom they befriend but even they get dramas.

 

One of her friends is a rape and trauma Councillor, she has had many threats leveled at her on FB, baseless but disturbing, and in the main FB does nothing about it. In the meantime hardly a day goes by that someone doesn't post some warning about virus attacks on FB which 99.9% of the time are false, although there was one this weekend that had veracity, it was an old cracker trick, well known in the community.

 

( Here is mine and my friends distinction, it is not new, started in the early 2600 days, a "Hacker" tends to be ethical, curious and if anything these days intent upon keeping the net clean - a thankless task, a "Cracker" is a purely malicious person attacking others or entire sites, for whatever reason they seem to find this amusing. That is leaving aside the government sanctioned cyber-wars that go on between governments, mostly unseen and unreported. and is also leaving aside phishing and identity theft.)

 

How do you protect yourself?

 

First, as Megz found, don't put to much personal information in a profile, second run the usual mix of local protection tools, the preferred mix I usually recommend to anyone is Avast, MalWareBytes and Adaware. The first runs in the background, the others you have to periodically run, in the free versions.

 

FB is as I said is constantly seeing alarmist broadcast messages about attacks - they are usually false, a quick Google shows them to be such , we I think know that Snopes is usually a good resource for that but so is Hoax-Slayer, and both are pretty reliable.

 

Below attacks you get malicious postings, calling people names, being slanderous, image theft, the list goes on. On Atomic such behavior would never be tolerated, I have mixed feelings over our current crop of mods, I think they can be a little heavy handed on the ban/suspend button but that is built around a reasonable set of FAQs. FB has FAQs, and tutorials that are mostly about "take care but it is not our job" - up to call the cops, who rarely take any notice.

 

FB moderation is very, very patchy, I've seen innocent posts that happen to have a key word like "pedophile" in them be deleted whilst as in the current attacks on Megz' family nothing is being done about it.

 

It is VERY difficult to actually talk to FB. The equivalents of our RTM button seem to do very, very little, I rather assume they are swamped by such notifications and cannot keep up.

 

Up until a few weeks ago you could email notification@facebook.com and be likely to get a reply and some action taken - that mail was going direct to their customer service desk, which is rather hopelessly under-staffed, but it has sometimes resulted in deletion or banning of members. I don't know if that mail is still active but have suggested to Megz to give it a try.

 

The cops? Very unlikely to give a damn, unless escalated as a letter direct to your local Commissioner of police when it may get passed along to the few cops that understand cyber-stalking and cyber crime, depends on your state and who is in that seat most of the time, but it will be slow, true cyber crime keeps those few rather busy, social sites are not a priority to them.

 

More effective direct action?

 

Not easy, it is nigh on impossible without performing a hack to derive the IP address of someone posting on FB, and even then it may well be a proxy or even a chain of proxies with cut-outs and anonymysing.

 

I know their mods can see the IPs, but they rarely do much about it. I have an "adopted daughter" the daughter of a friend who was killed in a car crash years ago, who very, very briefly took a contract at FB, decided it was a disaster, she specialises in security, she wrote a report and walked. They threatened to sue her but their HR/Legals are so slack she hadn't even signed anything when they gave her system access. She was horrified at what she saw and now works at MS, Defender might get better soon. She told me some of what she saw, it was not encouraging.

 

A lot of that comes from the genesis of FB, it was never intended to be the phenomenon it is, nor was it intended to be used as it is appearing ubiquitously on just about all media. Like a lot of code it was cobbled together for a local need but went global - time and place, and its roots are still that cobbled code, that is why it keeps changing so much as they try to catch up.

 

Recently they have lost millions of users, mostly across the US and Canada, and that trend will likely continue, there is a lot of dissatisfaction in many FB communities and some are taking it into their own hands and establishing their own sites around their own specific interests.

 

That trend will probably continue because they claim they don't care, their focus is on Asia. Good luck to them on that, the highest percentage of crackers used to be in the US and parts of Eastern Europe, in the US arrests have slowed that down, Eastern Europe remains a problem, but Asia is the growth market for crackers.

 

So how do you pin down where a malicious user is posting from?

 

By ethical hacking.

 

That's a mix of things.

 

If the miscreant has been silly enough as to have legitimate personal details in their profile then it can be quite simple.

 

Googling a user name can sometimes turn up useful information, these people are usually up to mischief other places often under the same user names, and those places may make it easier to find an IP.

 

From there the old tools, Whois/Finger etc can pin it down, but it may involve having to follow a proxy chain and that can involve going social with ISPs who may or may not give a damn. If they do then the cracker will probably be blocked/banned, Australian. UK, French and US ISPs react very quickly in that regard, never seen an Eastern European or Asian ISP do a thing, with one exception, Singtel.

 

But if you can resolve the IP/email of a cracker what to do then?

 

You can go social on them definitely via your proxy or proxy chain and with a cut out including one time accounts on Hotmail or Gmail or similar, some, the script kiddies, cease and desist immediately with a few gentle threats, but most just treat it as a challenge so often it is not worth bothering about.

 

From there we go into the murky world of ethical "White hat" hacking and I'm not about to give a tutorial on that, if you are interested go read "The Art of Deception," Cuckoo's Nest," Takedown" et al, but you will be reading history, ethical hackers tend to be very smart code writers with a great love and protectiveness of the net who are incensed by net abuse and constantly roll up new tools to fight back. If you can get hold of 2600 magazine or go look at www,2600.org.au you will be more current, but they don't give all the tricks away.

 

There are ad hoc groups around the globe who cooperate in developing tools. Some can be very destructive - it is not hard once you get inside a Cracker's computer to do a lot of damage, both at code and hardware layer. Code can be pretty easy if you can plant some remote desktop capability, delete the OS etc. Or you can get very destructive by rebooting into BIOS with a script left behind to overclock the machine to destruction. It used to be thought that was not possible, but it is, or you can do something as simple as Shimamura pointed out years ago, instruct a hard drive to read a track that is outside the platter and wreck the head, effectively destroying the head and thus the drive. That doesn't work very well these days, drives are smarter.

 

There are many, many more tricks, but I'm not going to discuss them here, effectively they are viruses, but used to fight back at originators - that's cyber war. The difference is they are targeted viruses, not like the ones we see hitting our anti-virus protection that are just loose in the field.

 

I don't write code much anymore, networking is my thing, but I have many friends who are great code writers, and ethical hackers, I tend to orchestrate retaliation rather than make tools, code writers are rarely very disciplined, and I trust that does not offend some around here whom I know are but it is more common to find intuitive code writers who can write flawless code in short order but need direction, and sometimes restraint.

 

It is a bit of an endless war - a site that span off of here a few years back was attacked a couple of years back, at database level - required a near complete re-build and lost a lot of data. It was not the only site hit, it was a concerted attack on social sites built around such tools as SMF, Invision, Coppermine etc. Whilst the developer of that site sweated out a successful re-build I and my friends went on a rampage and killed a lot of crackers. Nowadays that site is marked as "leave alone" in most cracker rings, although it did recently suffer a spate of spam until the registration process was tightened up.

 

How do I know it is being skirted around? I masquerade on a few cracker rings, never for long, tend to wipe them out and move on, with help of course.

 

Will it change?

 

Probably not totally, but have a look at www.joindiaspora.com , it's early days but that project aims to level out social networking so it is more like email, you don't have to belong to a host of sites, they will, if it works all be linked together. Then you can put in common security rules and make it much harder for crackers to endure. As an article about it on IEEE remarks it could also be the death of FB and I for one will shed no tears over that...

 

That do you as an overview Juggz?

 

Cheers

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

o

Edited by chrisg

Share this post


Link to post
Share on other sites

Um, wow. I don't really dabble much on fb, been on 4 times this year but that was really informative and eye opening. Almost sound like something from a William Gibson novel.

 

I will keep my "softly softly" matra when I am online.

 

Tye

Share this post


Link to post
Share on other sites

Wow - awesome post. Had some idea such things went on in the background of the interweb, but that level of detail is well... all very intersting.

Share this post


Link to post
Share on other sites

I'm still not sure how you got from rape to hacking to fingering to Facebook is bad.

 

It's like this. People are stupid. It's that simple.

The world has a large population of exploitable people. Is that the Earth's fault, or the stupid people who should know better?

Share this post


Link to post
Share on other sites

:)

 

Twinny, I utterly agree with you, but social networking has created an entirely new form of predator and many users are not so much stupid as naive.

 

Facebook isn't bad, it's policies are the problem, their attitude to their users and to any complaints about behavior such as Megz is experiencing, is one of utter neglect.

 

Imagine that around the tiny sites many of us hang on, this one included?

 

Cheers

Share this post


Link to post
Share on other sites

Yes, Facebook has little concern for our privacy. But people need to take steps to ensure that their privacy stays intact.

Simple things like not putting up your mobile number, email address etc.

The amount of times I look at a friend's post, or picture, then you see one of their friends comment, so you click on their Facebook page, then on to someone else etc etc....you can go several people deep before you think to yourself, I have no idea who this person is, but I am seeing some pretty private pictures of them and some pretty private posts of theirs.

 

Yes, if Atomic was like that, we wouldn't like it....but the way to counter that is to change your posting habits.

I'm still fairly private here, yet I have met a lot of Atomicans, so generally the guard slips.

People need to be educated about the dangers or releasing personal details on the web. Not just Facebook

 

If we were to use your stance for things such as the Government's proposed internet filter, then we would all be in agreement on that, right? If Facebook is allowing predatory behaviour, then the Government is absolutely correct in imposing a national firewall?

 

Do you agree with the internet filter proposal?

Share this post


Link to post
Share on other sites

If we were to use your stance for things such as the Government's proposed internet filter, then we would all be in agreement on that, right? If Facebook is allowing predatory behaviour, then the Government is absolutely correct in imposing a national firewall?

 

Do you agree with the internet filter proposal?

In reverse order, more or less, but I have a big fat "NO!" for the compulsory national filter. Primarily, because I don't think they should have the ability to choose what I look at, but also because they won't even let me know what it is that I'm not being allowed to see. Regardless of how good their intentions are when establishing such a system, it is the wet dream of Politbureau and Thought Police - anything the government deemed objectionable could be censored and we'd never even know it existed. Like reporting on how bad a job the government of the day was doing.

 

The second comment is that there is a big difference between what the mandatory filter would be and FB actually responding to customer complaints. Actually, their current modus operandi seems to be the worst of both worlds: arbitrary censorship (of words like paedophile, regardless of context) and lack of response (which is de facto encouragement of bad behaviour).

Share this post


Link to post
Share on other sites

:)

 

I'm an absolute NO on any filtering - education of users is what is required, I still maintain you need a license to go out on the internet freeways and lesson one is keep your private details off-line.

 

FB really need to lift their game if they expect to not crash and burn and it could be as simple as a front end education programme for users as they login, but they won't, all they really care about is advertising dollars.

sounds cynical- its not..

 

Cheers

Share this post


Link to post
Share on other sites

While it was an... interesting read, I was hoping for a lot more specifics to the kinds of problems you have previously encountered on facebook. I mean, your post is very generic - run a few add blockers, scan for malware, keep your av up to date. Thats hardly anything worth posting about.

 

I mean, I expected at least something more substantial - here I was figuring you had friends/clients/whatever that had been split wide open by clickjacking, or applications who changed hands and suddenly went rogue - but we barely even got a recommendation to carefully set privacy settings and thoroughly consider your friend requests.

 

The second half isn't really all that groundbreaking - it all hinges on you googling a username and hoping you find something, somewhere, that allows you to obtain an IP address. With that, I'm not sure what you're expecting to do - you're not the law, so I can't imagine any ISP or website worth more than few cents handing over any kind of information. And even then, you're hoping you find something current and not stale, and something that hasn't come from a proxy. Again - what proxy is going to give you information without some kind of a warrant? From there its all vague hand waving "I do a lot of super secret things - that I can't tell you about. But rest assure I do them, and they work".

 

Your post lacks a lot of substance, involves a lot of grotesque posturing - talk of killing crackers (even tho I know you're not referring to a slug to the head, its all designed to talk you up), a lot of false starts ("I could... but I wont"), and really - you posted a lot of words without actually saying anything at all.

 

In the threads in TGR you mentioned having to clean up some really nasty problems picked up from facebook, which is why you avoid it. Nothing you've described above is unique to facebook, which could very well lead me (or anyone) to question - if those are the real basis of your concerns, why do you venture onto practically any part of the internet and yet avoid facebook like the plague? I mean, your username here is your first name and last initial - not a very security conscious approach one would think?

 

Can you please provide some more concrete examples of the problems you've encoutered with facebook specifically, and the cleanup methods you had to undertake?

 

Ta.

Edited by Juggalo Scrub

Share this post


Link to post
Share on other sites

Chris, that seems to be quite a lot of words without any overarching point.

 

Ultimately it seems to come down to "Facebook is unmoderated," and I can't help respond with "so what?" It doesn't make Facebook inherently evil.

 

It's not the first, and it certainly won't be the last, unmoderated medium. It's worth educating people not to be ignorant about this.

 

Rob.

Share this post


Link to post
Share on other sites

:)

 

I'll have to think on those last two responses - what do you want?

 

I am NOT going to go revealing hacker tricks that evolve so fast it's pointless anyway, and Juggs, me talk myself up? You are the master at that :)

 

Specific problems can well start with what Megs is going through - not nice and doing what we can - I think we'll get there, probably down to cops now - dealing with idiots, and getting addresses , no not IP, physicals.

 

A concrete example:

 

About a year ago someone hi-jacked the FB account of a naive friend of mine and used it to cause a lot of mayhem.

 

That went VERY social, had to delete his account, after saving out the friends he wanted to keep, which took time then went after the hi-jacker - took a while, used in the end a chain seeker, which does take time, found him, happened to be on an ISP that could not give a shit, not here, Estonia of all places, so dropped in an Easter egg, a lucrative download that was seized on with glee by one member of a ring and distributed, Looked like a trojan mixed with an SQL injection- it wasn't, it was feral, went into any machine that downloaded it and compromised the machine entirely, starting with NIC drivers and worked its way up to OS wipe. You have to be inventive, very few attacks on crackers work twice, they talk a lot.

 

Do you really think I'm going to post up full details of what my motley crew do ? No.

 

Interesting response Juggz - I'm not being superior, far from it, as I said I mainly keep the hounds at bay, sure my user name is basically me, I don't really care much, little about me exists on the net, well not the net you can see, and most places I go that you can't see wipe very quickly.

 

I don't really have much faith in such things as passwords, very crack able, I do trust a good firewall, and I sit behind two that talk to each other plus I run IDS, you know who I am, Right up to surname and could find me on White pages - big deal, If you want to try to hack me go right ahead - I'll even expose an unused machine behind just the first firewall, that is not even on my premises. I'll bet you can't do it.

 

What often happens in my friends is we run sec checks on each other, I usually lose, but some of my friends are code mutants :)

 

I'm not, but I do think the net needs protection and its an ad hoc community, sometimes assembled as an IETF, have to play politics and attract interest - sorta what I do, sometimes.

 

Give it a go - have fun :)

 

Rob - I just posted basics - FB is moderated - badly, Atomic sometimes over moderates, better but not ideal , most sites I moderate we just swat away the odd spam, in the end that depends on the host, and in a few weeks I'll be my own distributed host, easier to control.

 

I'm going to go watch some great tennis, just be aware, I posted what I could, and no, I was not talking myself up, just what I do, as many around here could tell you.

 

Long way to say I'm a bit disappointed by those last responses - many around here do not really understand the basics or the risks, I'd hardly call Megz a noob, but she is in a situation , generated by FB 's lack of care, or perhaps erratic moderation - I'd not like to moderate that many member's, but some of the stuff said about her and her family has me rather angry, so, pitching in , are you ?

 

Cheers

Share this post


Link to post
Share on other sites

http://stuartl.longlandclan.yi.org/blog/2011/05/31/facebook/ ← My reasons

 

The first two reasons are the primary reasons I didn't assimilate into the FaceBorg. Then Mark Pesce gave his (rather controversial) keynote at linux.conf.au earlier this year, which pointed to a very good third reason.

 

http://blog.futurestreetconsulting.com/201.../smoke-signals/ ← Transcript of Mark Pesce's Keynote speech at LCA2011, which discussed FaceBook

http://blip.tv/linuxconfau/keynote-markpesce-4869975 ← Video of keynote speech

 

What chrisg mentions, seems to only back up what was said in that keynote.

Share this post


Link to post
Share on other sites

I don't think anyone is doubting what chrisg is saying, its just the fact that juggs has asked him several times to give us his reasons why he won't use facebook and what he is constantly having to fix for his friends in regards to facebook, I think the first part has been answered adequately, but the second part hasn't.

Share this post


Link to post
Share on other sites

http://stuartl.longlandclan.yi.org/blog/2011/05/31/facebook/ ← My reasons

 

The first two reasons are the primary reasons I didn't assimilate into the FaceBorg. Then Mark Pesce gave his (rather controversial) keynote at linux.conf.au earlier this year, which pointed to a very good third reason.

 

http://blog.futurestreetconsulting.com/201.../smoke-signals/ ← Transcript of Mark Pesce's Keynote speech at LCA2011, which discussed FaceBook

http://blip.tv/linuxconfau/keynote-markpesce-4869975 ← Video of keynote speech

 

What chrisg mentions, seems to only back up what was said in that keynote.

 

This part here:

 

http://blog.futurestreetconsulting.com/201.../smoke-signals/ ← Transcript of Mark Pesce's Keynote speech at LCA2011, which discussed FaceBook

 

I'm not quite sure what he's going on about, he mentions facebook, I got that, claimed he was happy he wasn't a puppet any more, etc ... this is all after he talks about the human condition (MIMESIS) in which Humans imitate other humans. But doesnt' really explain what's wrong with Facebook. Was he maybe trying to get at that because all his facebook friends would 'like' something that he in turn would imitate that like and change the way he acts?

 

I find this to be a very generalised viewpoint. It's cool he quite facebook and what not, but I'm not 100% sure what he's getting at. Could you dumb it down for us all, so that people don't have to spend 20 minutes reading through that giant wall of text (because I guarantee people won't bother and your point will be more heard / known if you do that for us).

 

Cheers,

Share this post


Link to post
Share on other sites

This part here:

 

http://blog.futurestreetconsulting.com/201.../smoke-signals/ ← Transcript of Mark Pesce's Keynote speech at LCA2011, which discussed FaceBook

 

I'm not quite sure what he's going on about, he mentions facebook, I got that, claimed he was happy he wasn't a puppet any more, etc ... this is all after he talks about the human condition (MIMESIS) in which Humans imitate other humans. But doesnt' really explain what's wrong with Facebook. Was he maybe trying to get at that because all his facebook friends would 'like' something that he in turn would imitate that like and change the way he acts?

Okay, some key points... I'll use direct quotes here with emphasis added.

 

Booting up into Homo Sapiens Sapiens meant the acquisition of a facility for mimesis as broadly flexible as the one we have for language. These may even be two views into the same cognitive process. We can imitate nearly anything, but what we choose to imitate is determined by our network of peers, that set of relationships which we now know as our ‘social graph’.

 

This is why one needs to choose one’s friends carefully. They are not just friends, they are epidemiological vectors. When they sneeze, you will catch a cold. They are puppet masters, pulling your strings, even if they are blissfully unaware of the power they have over you – or the power that you have over them.

 

All of this is interesting, but little of it has the shock of the new. Our mothers told us to exercise caution when selecting our friends. We all know people who got in with the ‘wrong crowd’, to see their lives ruined as a consequence. This is common knowledge, and common sense.

If this is all happening on Facebook – which it normally is – there is another member of your social graph, there whether you like it or not: Facebook itself. You choose to build your social graph by connecting to others within Facebook, store your social graph on Facebook’s servers, and communicate within Facebook’s environment. All of this has been neatly captured, providing an opening for Facebook to do what they will with your social graph.

 

You have friended Mark Zuckerberg, telling him everything about yourself that you have ever told to any of your friends. More, actually, because an analysis of your social graph reveals much about you that you might not want to ever reveal to anyone else: your sexual preference and fetishes, your social class, your income level – everything that you might choose to hide is entirely revealed because you need to reveal it in order to make Facebook work. Because you do not own it. Because you do not have access to the source code, or the databases. Because it is closed.

In other words...

  • Knowing the social graph, someone can indirectly manipulate the things you do, by coaxing others to mimic some behaviour.
  • As each person starts mimicking some behaviour, a certain portion of that person's social group also start mimicking that behaviour.
  • Over time, this spreads through the social links, and people in your peer group start mimicking that social behaviour.
  • Eventually, as more and more of your "friends" do it, so do you.
  • Due to the closed-source nature of FaceBook, you have minimal control over who sees this social graph, and therefore, who will start the ball rolling, or in which direction.

People you know joining FaceBook, and then you joining FaceBook itself and adding in people as "friends", is a prime example of this. In essence, it's not the act of joining which is bad, it's the revelation of your social graph which is particularly alarming from the privacy perspective. I think this is what Mark Pesce was getting at, or at least my interpretation of the passages I have quoted.

Share this post


Link to post
Share on other sites

My problem with it though Redhatter is that it's all hearsay. I could ask any number of my friends or people here who are on facebook if anything I said on facebook made them change their life or if they imitated me in any form.

 

The issue I have with his opinion is that it's merely his view. That his list of 'friends' on facebook are ACTUAL friends. I know that's the title we give someone we add on facebook. But it's only that because putting down 'people we know' is too long and can't be considered a buzz word :P

 

I could see how human interaction can cause people imitate one another, but I can't see how text on a page can, I really don't. And on top of that, sure it doesn't stop there. Wouldn't Atomic Forums also be considered to be that? A Hero / Superhero / Titan, etc could be considered a peer and thus people will imitate them whilst coming up through the ranks?

 

The last part that I disagree with is that he mentions people 'COULD' manipulate people using this medium, and quite frankly I'm not seeing too much evidence of this. And if he's referring to himself, I think it speaks more of his personality than anything else.

Share this post


Link to post
Share on other sites

Perhaps… but it is a factor one has to consider… and while the people around you may not be consciously influenced by what you do or say, there are subtle influences there.

 

Plus, I think we're seeing enough people getting into hot water to suggest people are being adversely manipulated or affected.

 

The key difference though between a forum like Atomic, and FaceBook, is that Atomic is largely out in the open, and doesn't rely upon a social graph (although I notice since V3, the feature exists). FaceBook is a world garden in which you need to reveal to the system your "circle of friends" before you are able to participate.

Edited by Redhatter

Share this post


Link to post
Share on other sites

Perhaps… but it is a factor one has to consider… and while the people around you may not be consciously influenced by what you do or say, there are subtle influences there.

 

Plus, I think we're seeing enough people getting into hot water to suggest people are being adversely manipulated or affected.

I think what they are adversly affected by is the lack of knowledge of the lack of privacy on the internet, not the claim that they have been made puppets by their FB social group.

 

I don't believe the arguement holds any water. A friend on FB is not the same as a friend in real life and as such the level of influence is different.

Share this post


Link to post
Share on other sites

I'm thinking the guy is an Open Source man and dislikes most closed source systems.

 

I'm just getting that vibe off what I read and it's a topic I don't really have much of an opinion on either. Both seem to have pros and cons. I think the biggest point here is though (and he nailed it in that link) ... if you don't like it, if you have concerns, etc ... don't sign up.

Share this post


Link to post
Share on other sites

Burn FB burn in hell ! It is a shame people put so much personal info online, but its a crime how FB ignores the well being and safety of users.

 

Posted Image

Share this post


Link to post
Share on other sites

You know what's a damn shame? The incessant, unnecessary and baseless hatred people devote towards something as harmless as Facebook.

 

Fuck, people.

Get a brain cell.

Share this post


Link to post
Share on other sites

Burn FB burn in hell ! It is a shame people put so much personal info online, but its a crime how FB ignores the well being and safety of users.

FB ignores them? Or the people who post their details ignore them? God damn people, I love me some Facebook and I'm not dead or have been hacked or anything. I for one am glad they leave my account alone, all for myself to do with as I wish. I think I would ahve a problem with them taking concern with everyone's details.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×