The IT Nerd

I bet that Mark Zuckerberg wishes that he had accepted that invite from the UK government among others right about now. I say that because The UK parliament has today publicly shared secret internal Facebook emails that cover a wide-range of the company’s tactics related to its free iOS VPN app that was used as spyware, recording users’ call and text message history, and much more. You might remember that the VPN app in question created all sorts of negative noise for Facebook before it was removed from the App Store earlier this year. Bloomberg has the details on this bombshell:

The documents, which had been sealed by a California court, led lawmakers to conclude that Facebook undertook deals with third party apps that continued to allow access to personal data.

Damian Collins, head of the committee, added that Facebook shut off access to data required by competing apps, conducted global surveys of the usage of mobile apps by customers possibly without their knowledge, and that a change to Facebook’s Android app policy that resulted in call and message data being recorded was deliberately made difficult for users to know about.

And…

Collins said last week that he would release the emails and that he was free under U.K. law to do so. He’d obtained the documents after compelling the founder of U.S. software company Six4Three to hand them over during a business trip to London.

The full data dump can be found here. It is very much worth your time to look at.

If it wasn’t clear before, it should be absolutely crystal clear now that when it comes to Facebook, not only are you the product, but it can’t be trusted to manage your data in a responsible manner. Thus if you really care about your privacy, you need to #DeleteFacebook and do so now. There is nothing to be gained by being on that platform any longer.

Facebook Dating is now live in Canada and Thailand. Facebook Dating doesn’t have its own app; instead, it’s nestled inside the core Facebook app and it is being positioned as a way to find serious partners rather than casual matches. So the Tinder bunch need not apply apparently. The service will recommend matches that users aren’t already friends with, but who share dating preferences, interests and if they’d like, mutual friends or groups and events.

Personally, I would think that Facebook would want to fix the numerous issues that they have with protecting user data before launching a dating platform. But clearly they have other priorities.

Last week a joint Canada/UK parliamentary committee sent out a request… If you call it that to Facebook CEO Mark Zuckerberg to give testimony in front of said committee. Today according to the Associated Press, Facebook told this committee to go do one:

Facebook rejected the invitation to appear before the so-called “international grand committee” session Nov. 27, arguing it wasn’t possible for Zuckerberg to appear before all parliaments.

So…. If I were running the committee in question (which also now includes Australia, Argentina and Ireland), I’d twist the screws. Threaten Facebook with oversight or have the UK and Canada or anyone else associated with this committee table legislation that limits what Facebook can do when it comes to user data. Or find some way to hit them in the bank account really hard. The fact is that Zuckerberg cannot simply be allowed to thumb his nose at people who want answers in terms of Facebook’s complete inability to protect user data. After all, he’s the CEO and the buck is supposed to stop with Zuck. Clearly he doesn’t want that which makes one question if he should be CEO of Facebook as he clearly doesn’t want to be responsible for anything and be held accountable for anything.

Mark Zuckerberg must have said WTF when he work up today to this:

I can’t think of a time where something like this has ever happened. And he’s got until this time next week to say yes to this. What this group is looking for is greater detail about Facebook’s digital policies and information governance practices. Seeing as Facebook can’t stop from getting pwned in one way or another, those would be good things to ask about. We will see if Zuck ignores this like he has ignored many previous invites in the past. But I suspect things have reached a point that if he does ignore this, bad things will happen to him and Facebook.

Last week I posted a story on Portal which is a smart speaker from Facebook. At the time I said this:

Sounds great right? What could go wrong? Well, this is Facebook we are talking about who can’t be trusted with your data. Why let them see into your home? After all, that sounds like a horrible idea. 

However Recode is reporting that well they are collecting data to serve up ads:

Last Monday, we wrote: “No data collected through Portal — even call log data or app usage data, like the fact that you listened to Spotify — will be used to target users with ads on Facebook.” We wrote that because that’s what we were told by Facebook executives.

But the company has since reached out to change its answer: Facebook Portal doesn’t have ads, but data about who you call and data about which apps you use on Portal can be used to target you with ads on other Facebook-owned properties.

“Portal voice calling is built on the Messenger infrastructure, so when you make a video call on Portal, we collect the same types of information (i.e. usage data such as length of calls, frequency of calls) that we collect on other Messenger-enabled devices. We may use this information to inform the ads we show you across our platforms. Other general usage data, such as aggregate usage of apps, etc., may also feed into the information that we use to serve ads,” a spokesperson said in an email to Recode.

At least they corrected the record. But this illustrates why you cannot trust Facebook. It also illustrates why these devices should go nowhere near your home. You’d think that with the issues that this company have had over the last year or so that they would have got their act together prior to the launch of these devices. But clearly not.

Two weeks ago the news hit that Facebook had been pwned (again) by hackers. Today we have good idea of what they accessed. But first, a quick reminder of how the hackers got in. Hackers took advantage of a security flaw in Facebook’s “View As” code, which is a feature designed to let people see what their profile looks like to someone else. The Facebook access tokens that hackers were able to obtain by doing that are basically digital keys that allow people to stay logged in to Facebook. With that out of the way, here’s what the hackers had access to:

• Hackers used a set of accounts that they controlled that were connected to Facebook friends. An automated technique was used to move from account to account, allowing them to collect access tokens in September 2018.
• Hackers were able to obtain timeline posts, friend lists, groups, and the names of recent Messenger conversations from an initial 400,000 people. People in this group who were Page admins of a Page that had received a message from someone on Facebook had the content of their messages stolen.
• After stealing data from the 400,000 people attacked first, Facebook used their friends list to steal access tokens for approximately 30 million people.
• For 15 million people, attackers were able to access name and contact details that include phone number and email address.
• For 14 million people, hackers were able to access the same information as well as other data that includes username, gender, location, relationship status, religion, hometown, current city, birthdate, device types used to access Facebook, education, work, the last 10 places where they checked in, websites, people, Pages they follow, and 15 most recent searches.
• An additional 1 million people had their access tokens stolen but no information was obtained.

Translation: This is not trivial in the least.

People can find out whether or not they were affected through the Facebook Help Center. And they’re going to get emails that will tell them what was accessed in their specific cases.

There’s one more thing of interest. Apparently the FBI is investigating and Facebook has been ordered not to speak about who might have been behind the hack. That sounds curious. No?

If this is not enough to have you the #DeleteFacebook camp, nothing is going to. Because clearly Facebook can’t be trusted to keep your data safe.