The IT Nerd

Last week I posted a story on Portal which is a smart speaker from Facebook. At the time I said this:

Sounds great right? What could go wrong? Well, this is Facebook we are talking about who can’t be trusted with your data. Why let them see into your home? After all, that sounds like a horrible idea. 

However Recode is reporting that well they are collecting data to serve up ads:

Last Monday, we wrote: “No data collected through Portal — even call log data or app usage data, like the fact that you listened to Spotify — will be used to target users with ads on Facebook.” We wrote that because that’s what we were told by Facebook executives.

But the company has since reached out to change its answer: Facebook Portal doesn’t have ads, but data about who you call and data about which apps you use on Portal can be used to target you with ads on other Facebook-owned properties.

“Portal voice calling is built on the Messenger infrastructure, so when you make a video call on Portal, we collect the same types of information (i.e. usage data such as length of calls, frequency of calls) that we collect on other Messenger-enabled devices. We may use this information to inform the ads we show you across our platforms. Other general usage data, such as aggregate usage of apps, etc., may also feed into the information that we use to serve ads,” a spokesperson said in an email to Recode.

At least they corrected the record. But this illustrates why you cannot trust Facebook. It also illustrates why these devices should go nowhere near your home. You’d think that with the issues that this company have had over the last year or so that they would have got their act together prior to the launch of these devices. But clearly not.

Two weeks ago the news hit that Facebook had been pwned (again) by hackers. Today we have good idea of what they accessed. But first, a quick reminder of how the hackers got in. Hackers took advantage of a security flaw in Facebook’s “View As” code, which is a feature designed to let people see what their profile looks like to someone else. The Facebook access tokens that hackers were able to obtain by doing that are basically digital keys that allow people to stay logged in to Facebook. With that out of the way, here’s what the hackers had access to:

• Hackers used a set of accounts that they controlled that were connected to Facebook friends. An automated technique was used to move from account to account, allowing them to collect access tokens in September 2018.
• Hackers were able to obtain timeline posts, friend lists, groups, and the names of recent Messenger conversations from an initial 400,000 people. People in this group who were Page admins of a Page that had received a message from someone on Facebook had the content of their messages stolen.
• After stealing data from the 400,000 people attacked first, Facebook used their friends list to steal access tokens for approximately 30 million people.
• For 15 million people, attackers were able to access name and contact details that include phone number and email address.
• For 14 million people, hackers were able to access the same information as well as other data that includes username, gender, location, relationship status, religion, hometown, current city, birthdate, device types used to access Facebook, education, work, the last 10 places where they checked in, websites, people, Pages they follow, and 15 most recent searches.
• An additional 1 million people had their access tokens stolen but no information was obtained.

Translation: This is not trivial in the least.

People can find out whether or not they were affected through the Facebook Help Center. And they’re going to get emails that will tell them what was accessed in their specific cases.

There’s one more thing of interest. Apparently the FBI is investigating and Facebook has been ordered not to speak about who might have been behind the hack. That sounds curious. No?

If this is not enough to have you the #DeleteFacebook camp, nothing is going to. Because clearly Facebook can’t be trusted to keep your data safe.

First let me explain what Portal from Facebook is and then I will explain why you might not be able to trust them. Portal is a video phone that is supposed to make video chatting through Facebook Messenger much easier. The wide-angle built-in camera will follow the user’s movements and create the sense that the user is sharing a room with the caller they’re talking to. Amazon’s Alexa is integrated into Portal, so it can also play music through Spotify or Pandora, play videos, or cycle through photos.

Sounds great right? What could go wrong? Well, this is Facebook we are talking about who can’t be trusted with your data. Why let them see into your home? After all, that sounds like a horrible idea. Ruby Gonzalez, Communications Director at NordVPN, buys into this lack of trust:

“The fact that Facebook made it – and integrated Alexa, an Amazon device that has already betrayed users’ trust multiple times – really seems like a bold and questionable move, Facebook has failed the public time and time again, with Cambridge Analytica, Russian electioneering, and the big recent data leak. It’s hard to imagine anyone with a shred of concern for their privacy and online security spending a couple of hundred bucks on a ‘smartish’ camera any time soon.”

If you want my advice, I’d avoid Portal like the plague.

Facebook’s issues have just got a whole lot worse with the announcement that its engineering team on Tuesday discovered that hackers exploited a vulnerability in their code to allow them to steal Facebook access tokens for almost 50 million accounts.

Trivial this is not.

The specific vulnerability is in the “View As” code, which is a feature designed to let people see what their profile looks like to someone else. This functionality has been patched and disabled for the time being. It is not clear whether the accounts affected were misused or have had information accessed at this time and Facebook does not know who executed the attacks. Which means that there are a whole lot of unanswered questions.

Facebook is “sorry this happened” and that people’s privacy and security “is incredibly important.” They say that no one needs to change their passwords, but I would do so anyway… Assuming you trust these guys to protect your personal info. Because I sure don’t and neither should you. Which means the number of people on Team #DeleteFacebook is about to grow by leaps and bounds.

Since the whole Facebook/Cambridge Analytica scandal blew up, I’ve wondered how effective the #DeleteFacebook campaign actually was. We may be getting our first indication via a Pew Research study which suggests the following:

Just over half of Facebook users ages 18 and older (54%) say they have adjusted their privacy settings in the past 12 months, according to a new Pew Research Center survey. Around four-in-ten (42%) say they have taken a break from checking the platform for a period of several weeks or more, while around a quarter (26%) say they have deleted the Facebook app from their cellphone. All told, some 74% of Facebook users say they have taken at least one of these three actions in the past year.

Well, if you’re Mark Zuckerberg, you have to be freaking out right now. Because if that is even moderately true, a whole lot of people who are changing their behaviours when it comes to Facebook enough that it will eventually cost Facebook some money. Combine that with a renewed focus of social media companies by politicians in an election year and that likely spells trouble for Facebook. It will be interesting to see if or how they respond.

The Department of Justice along with several other federal agencies are combining forces to investigate Facebook in relation to the Cambridge Analytica scandal.  The Washington Post reported that the following agencies are involved:

• The Securities and Exchange Commission
• Federal Trade Commission
• Federal Bureau of Investigation

This can only be bad news for Zuckerberg and company as the feds don’t just investigate stuff for fun. And they rarely walk away empty handed. And the fact that this many agencies are looking at the social network should set off alarm bells at Facebook HQ. What’s going to really worry Zuckerberg is that the investigation is being broadened to focus on Facebook’s statements following the scandal and whether its disclosures to both the public and its investors were “sufficiently complete and timely,” according to the Post. Not good if you’re Zuck as that could include stuff he said, or didn’t say to Congress.

Perhaps the world won’t have to decide to #DeleteFacebook. The feds may take care of that for the planet.