Image via CrunchBase
There’s a story on this issue on GigaOm, which is worth reading for context.
I don’t think Facebook owns my friends. Do you think they own yours? If you think Facebook should re-enable the “Facebook Friends Exporter” extension, or—better still—simply allow people to use their own contacts as they please, “Like” this posting. Send Facebook a message.
I’m not talking about the policies here, I’m talking about the implementation. A Canadian newspaper, the Examiner, is using Facebook’s much-touted commenting system on their site. When someone likes a comment you made there, or adds a comment to a thread in which you participated, you get a notification of it, right on Facebook. Innit cool?
Except that when you go to see what you’re being notified about, here’s what you get:
Facebook fails to trust itself. Should you?
You know, if you’re planning on hitting people with a nice “ARE YOU REALLY, REALLY SURE YOU KNOW WHAT THE HELL YOU’RE DOING!?” warning every time they go to see what’s happened on a site you sold your commenting system to in response to a notification YOU generated, that’s not actually going to prove to be a terribly effective sales tool.
Just sayin’.
[UPDATE: I posted something about this on my Facebook wall before I wrote this posting. When I went back to look, they'd fixed it. I'm starting to suspect them of following my account in order to see what's busted. If this keeps up, I may have to bill them.]
Facebook seems to revel in making the things you want to do as difficult as possible, either by hiding the things you’re interested in at remote and undiscoverable locations, or by moving them around and changing them regularly.
I just caught a message from a friend who couldn’t work out how to remove a “rogue” app she’d managed to pick up. Since I’m certainly expecting to see more and more (and more!) “rogue” apps in the future, I thought it’s be good to lay out how to manage your Facebook apps, since it seems that a lot of people are actually unaware.
Pull down the “Account” menu in the upper-right-hand corner of the screen. Choose “Privacy Settings”.
At the bottom of the “Privacy Settings” screen, toward the left, there’s an “Apps and Websites” heading, with a link to “edit your settings”. Click on that.
Next, you’ll be taken to the page where you can remove and configure apps.
To remove apps, or configure the information they can get at, click the “Remove unwanted or spammy apps”. This will take you to a page where you can remove apps (by clicking on the “X” to the right of the app’s name) or configure them (by clicking on the “edit settings” link).
If you click on “Edit settings” for a particular app—I’ve used Posterous here—you’ll see the information that it can get to, and—for apps which can be configured, anyway—be able to turn on and off specific kinds of access. In the case of Posterous, all the accesses are required by the app, so if there’s anything in there that makes you uncomfortable, you have no choice but to remove it.
I’d strongly consider removing any app, except those which you knew were from trustworthy sources and which you really needed to use.
Did you know how to do this already? Did this help you?
No sooner does a Federal appeals court tell the Winkelvoss twins to take their $65 million and their million shares in Facebook, and get on with their lives, when yet another claimant to ownership of a big stake in the site comes out of the woodwork, and with a ream of what appears to be supporting email evidence. It was persuasive enough to convince the firm of DLA Piper that he’s worth representing, and that probably says something.
The short version is that, in early 2003, Paul Ceglia advertised on craigslist for a developer to code a site he had in mind, called StreetFax.com, an ad to which a young Mark Zuckerberg responded with some interest. Zuckerberg wanted $1000 for the work, and asked Ceglia for another $1000 to support work on “the facebook site”. According to the contract, Zuckerberg offered Ceglia 50% of “the Facebook” (or “the Pagebook”, they were dithering over domain names and what to call it), with a penalty of 1% additional ownership to go to Ceglia if the project was late beyond a certain date (which it was—Ceglia’s produced an email from Zuckerberg complaining that, due to delays in the project, Ceglia would own 80% of the site, which seemed, to Zuckerberg, unfair).
When Ceglia—who’s no angel, he’s been charged with fraud in an unrelated case—first filed suit last year, Facebook denounced him as a conman, which—given his past record—seemed plausible. However, with the additional evidence in the amended complaint, it’s looking less certain that this is the case.
There’s a funny sort of pattern here: Zuckerberg gets support for his business ventures from people, like the Winkelvosses like Edward Savarin, and apparently like Paul Ceglia, and turns around and screws them when their backs are turned, at least according to the various complaints people have made. Ceglia’s just the latest one.
For his part, Zuckerberg feels his reputation’s been damaged. Go figure.
A couple of good stories on this at Business Insider and ZDNet.
Boy, the malware links are thick as the thieves who promote them on Facebook this morning. Many of my friends are tagged in them by credulous members of their friends lists, but they haven’t gotten me much so far. However, at the rate things appear to be going, the site is going to look like this in a month:
The Future of Facebook. Coming very soon.
Are you seeing more and more of this as well? Remember what I said several months ago about Facebook becoming a “bad part of town“? It’s all coming true before my eyes.
Are you seeing this, too? Are your friends falling for these scams, or are their friends?
Some Useful Guidelines:
Facebook does nothing to protect its users from this sort of thing. One of the best ways of keeping up to date on the various threats and scams which seem to be appearing more and more regularly on Facebook is to join the Sophos Security page on Facebook.
California has recently put a law on the books making impersonating someone on a social networking service a crime (punishable by a fine of up to $1,000 and a jail sentence of up to a year). About a week or so too late for me.
I’ve had a persistent, if intermittent, lunatic stalker of my very own for a number of years now, who’s typically in the habit of having a serious outbreak of abusive nuttiness over the Christmas holidays. This year, his little Christmas present to himself was to set up an ID on Facebook in the name “David Lefty Schlesinger Jr.” and attempt to contact a number of my friends and several members of my family through the site. He also blocked me, preemptively, meaning that I could neither see the profile in search results, nor view it using a direct link.
A friend provided me with a screen capture:
Here’s one of numerous harassing messages sent from this ID to my wife:
After being alerted to the impersonation by someone my stalker had contacted, I expended some time attempting to see what I could do about it myself. The help pages for impersonation and harassment all recommend blocking the profile of the person involved, which requires that you be able to see the profile, which you can’t if they’ve blocked you. The help center on Facebook suggests that there are contact forms squirreled away someplace in there, but after a fair amount of looking, I’ve never managed to find them. (Has anyone found contact forms on Facebook? Where?)
So what’s one to do? In my case, I actually drove (from Santa Cruz) to Facebook’s headquarters in Palo Alto, where they actually have a stack of pre-printed paper forms for people to fill out! I ended up sitting around the lobby, explaining the issue to several people in succession, while folks waiting for appointments listened with some bemusement. I was informed that there was nobody there who could address the issue—something that seems a little difficult to swallow—but that a human being would eventually read the form and Do the Right Thing. When I suggested that this was unacceptable, since people were being harassed and I was being impersonated at that very moment, it was suggested to me that if I didn’t leave, I’d be Officially Asked to Vacate the Premises. Friendly folks. They don’t like video equipment in their lobby, either.
Anyway, two days later, I finally received a response from Facebook—from a generated-per-incident email ID, not a person, not a specific address—telling me that the profile has been taken down. Not a day had gone by before I learned that members of my family were now getting the same sort of harassing messages from a second ID, also blocked from me and thus unreportable. Again, I had friends search for it and report it, and also sent an email to the single Facebook address I had.
Here’s a screen capture of the profile of “Monka Basnezz”:
And here’s just one of the harassing messages. I’ll leave it to the reader to judge the mental state of the sender.
This is in reference, by the way, to an episode of harassment which this person undertook last year, involving the emailing of messages claiming that I was, among other things, a drug addict, a pedophile, a rapist, a blackmailer and a Satanist, to over 900 people involved with my wife’s employer in California, the United Methodist Church. I have a criminal complaint open in Merced County against the perpetrator, but he works pretty diligently at hiding his actual location.
At any rate, I found myself wondering: while I was in a position to physically take myself over to Facebook’s Intergalactic Headquarters, what on earth would someone in Ohio, or Kuala Lumpur, do in a situation like this? I’ve commented elsewhere on the difficulties involved in actually contacting Facebook.
Questions: Does Facebook do enough to keep malicious impersonations off the site? Does Facebook provide anything like adequate user support? My answers are “No”, and “No”. What do you think?
In discussions on Facebook today, a story in The Guardian came up, and it’s led to a great deal of concern. The long and short of it is that if you’re running the Facebook app, on your iPhone or on an Android device, it seems that there’s an excellent likelihood that the app has (possibly without your knowledge, and possibly without your consent) uploaded the phone numbers of everyone in your personal address book.
After reading the story, I went and checked the “Phonebook” page and what I found was distressing: indeed, every single contact in my iPhone’s address book, between 1,500 and 1,600 had been uploaded to Facebook. This included a number of confidential, business-related numbers that were still in there from my last employer.
I wasn't actually interested in "sharing" these. Very "radical transparency".
Even more distressingly, when I checked on my iPhone, the “Sync Contacts” feature was turned off, as I thought it would be. We’ve verified similar behavior in the Android version of the app.
Since Facebook offers you absolutely no help whatsoever on their site for disabling this feature, by the way—much good it does you—you have to go to the main screen of the application by tapping on the button with a grid of nine little squares in the upper left-hand corner of the screen, then tap on “Friends”.
The "Sync" button is in the upper right-hand corner
Next, tap on the “Sync” button in the upper right-hand corner of the friends list. From the “Sync Contacts” screen, you can turn off the app’s ability to both upload your contacts (presumably) and to replace your address book photos with its own (frequently incorrect, it seems) choices.
This is how I found the settings when I checked them
Note that the wording on the option gives no suggestion that the app is going to be tiptoeing through your Address Book and handing whatever it finds over to the Zuckerberg gang: it merely says that it will “Add Facebook profile pictures and links to Contacts”, presumably when they don’t otherwise exist, since the second option gives the description, “Replace existing photos in your Contacts”.
Facebook says that, to get this information the hell off there, you have to first turn off the “Sync Contacts” feature in your phone’s app, and then go to a particular page to get them taken off the site. I did that, and going-on-three hours later, they’re still there.
What’s possibly worse, is that I’m seeing people in “my phonebook”, with phone numbers, and I have absolutely no idea at all who they are. I’m being invited to add them as a friend, but maybe I’m being encouraged to just, I dunno, give ‘em a call first…? This is crazy. Is my personal number, or yours, now showing up in the Facebook “phonebooks” of random strangers? That’s transparency that’s just a mite too radical for me. I’m sure every freak stalker on the Internet is thanking Mark Zuckerberg and his pals, though.
"Yeah, we're going after the obsessive stalker segment, that's huge!"
I know a lot of you out there are using the Facebook app if you have an iPhone, an Android phone, a Blackberry or a Symbian S60 device. I want to try to understand if this is indeed as serious a problem as it seems to be, and if so, the circumstances under which it is and isn’t occurring.
If you use a Facebook app on a smart phone, please do the following:
I’m actually going to see if I can get some sort of comment from Facebook about what’s going on with this in the morning, but this seems like a potentially huge exposure of data, and a completely irresponsible one.
UPDATE: To find the “Phonebook” page from within Facebook, select “Edit friends” from the “Account” pulldown at the upper right-hand corner of any page. When your friends list loads, click on the “Phonebook” link in the sidebar on the left side.
UPDATED UPDATE: Facebook’s “remove all the information you sucked out of my phone” function does, as near as I can tell, nothing at all, or if it does, it’s taking more than nineteen hours to do it. I am not filled with a sense of warm confidence here.
I’ve got an interesting situation going on vis a vis Facebook this week, above and beyond the fun and games with click-jacking and like-jacking, and I learned some things about Facebook this morning as a result. None of them make me feel terribly good about the whole situation.
I, among some others, have an obsessive lunatic stalker by whom I’m harassed online from time to time. Mostly, he’s kept it to anonymous commentary in blogs and the comment sections of news articles, but it seems he discovered Facebook recently.
My Stalker, "Indrid Kuld", on Facebook...
He began by harassing a friend of mine, the “Rachel” mentioned here, and proceeded to drag me into this. Here’s the fun part: “Indrid Kuld” has/had me blocked on Facebook—he regularly deletes and reinstates the ID, something Facebook facilitates—so I can’t even see any of his postings. Being unable to see them, I’m unable to flag them as abusive.
I had some of these brought to my attention, and documented by screenshots, by some of my friends. I started up a Facebook group called “Who is ‘Indrid Kuld’?” to bring some attention to this fellow and his use of sockpuppets on the site. As of this morning, that group was closed down by Facebook as being “abusive of a person or group”, as I was notified by the cheery “Warning!” with which I was greeted this morning.
“Indrid Kuld”, by the way, is a version of “Indrid Cold”, who called author John Keel up on the phone during the events which Keel wrote up in the book The Mothman Prophecies. Keel believed that “Cold”, who predicted the collapse of the Silver Bridge on December 15, 1967 was “a[n]…alien with telepathic powers“, more-or-less, anyway. Clearly not a bona fide Facebook user.
So, either being abusive to aliens is a problem, or being abusive to obviously fraudulent Facebook IDs is a problem. Seems unreasonable to me. So, I go and look at Facebook’s “Help Center” pages to see how one contests or appeals the closing of a group. The closest I found was this:
I was warned for creating content that attacked another individual/group.
We remove content that harasses an individual or group. Facebook also must honor requests to remove content that draws unwanted attention to specific people. To prevent this from happening in the future, please be careful to review the content of any group you administer.
Below it, we’re asked, “Was this answer helpful?” If you click “No”, you simply get the reply, “Thank you.”
Hm.
Okay, let’s try contacting a human being. Searching the site for a contact email, or a feedback form, or a phone number produces nothing. Wow. Wow twice.
This is the point at which the average “Facebook user” gives up in disgust, I suspect. I have other resources at my disposal. A search for the WHOIS information for facebook.com is pretty easy to find…
Administrative Contact:Domain AdministratorFacebook, Inc.1601 S. California AvePalo Alto CA 94304USdomain@facebook.com +1.6505434800
The Register reports that the pandemic of “like-jacking” on Facebook is still going on, and I can validate that. Here’s a screen-capture from my Facebook wall, taken only moments ago:
The authentic “Like” is the one on top; the fake is the one below it. As you can see, the real “like” is virtually indistinguishable from the bogus “like”: the only actual way to tell the difference is by visual inspection of the link. When you hover over “House of 1,000 Corpses” or “Thinking”, the browser shows a link beginning (as expected) with “http://www.facebook.com”. Hovering over “Sorry, I’m allergic to bullshit” shows, instead, a link to “http:/likeylikey.net”.
It’s reported to me that it’s possible to become “infected” with this simply by clicking on the “like” link, visiting the actual site is not necessary. So far, four folks on my friends list on Facebook have picked up (and are propagating) this one.
Be very wary! Facebook is not giving us the information we need to be able to avoid these things. According to an article on the Sophos blog, this attack is accomplished by “clickjacking” via an invisible iFrame on the screen. The Register story suggests “there are no reports that the Facebook attacks amount to much more than pranks that cause users to click a ‘Like’ button that recommends a link to their friends. But it’s not inconceivable that the ‘likejacking’ exploits could be used in much the way black-hat search engine optimization is used to lure people to websites that try to install malware on their machines.”
