Eternal vigilance app for social networks: treating privacy vulnerabilities like other security risks

Social networking sites are Skinner boxes designed to train you to undervalue your privacy. Since all the compromising facts of your life add less than a dollar to the market-cap of the average social network, they all push to add more "sharing" by default, with the result that unless you devote your life to it, you're going to find your personal info shared ever-more-widely by G+, Facebook, Linkedin, and other "social" services.

Arvind Narayanan has proposed a solution to this problem: a two-part system through which privacy researchers publish a steady stream of updates about new privacy vulnerabilities introduced by the social networking companies (part one), and your computer sifts through these and presents you with a small subset of the alerts that pertain to you and your own network use.

Read the rest

Turkey orders block of Twitter's IP addresses

Just a few days after Turkey's scandal-rocked government banned Twitter by tweaking national DNS settings, the state has doubled down by ordering ISPs to block Twitter's IP addresses, in response to the widespread dissemination of alternative DNS servers, especially Google's 8.8.8.8 and 8.8.4.4 (these numbers were even graffitied on walls).

Following the ban, Turkey's Twitter usage grew by 138 percent. Now that Twitter's IP range is blocked, more Turkish Internet users are making use of Tor and VPNs, and they continue to use SMS for access to the service.

It's interesting that Prime Minister Recep Tayyip Erdoğan has singled out Twitter for his attacks ("Twitter, schmitter! We will wipe out Twitter. I don’t care what the international community says.") Why not Facebook or Google Plus? I'm not certain, but my hypothesis is that Facebook and Google's "real names" policy -- which make you liable to disconnection from the service if you're caught using an alias -- make them less useful for political dissidents operating in an environment in which they fear reprisals.

Read the rest

Teens migrate from Facebook to a Youtube video's comment-section (funny)

Here's a funny fake-news video reporting on the mass-migration of teens from Facebook (where their parents have migrated) to the comments section of a slow-motion Youtube video of a deer running. While I don't think there's going to be mass-migration of all the world's teens to one comment board, there's a grain of truth here. My old Informationweek editor, Mitch Wagner, once discovered some young girls holding a gossipy chat in the comments section of an old blog post of his; when he asked them what they were doing there, they told him that their school blocked all social media, so every day they picked a random blog-post somewhere on the Internet and used it as a discussion board for the day.

Teens Migrating From Facebook To Comments Section Of Slow-Motion Deer Video (via Waxy!)

Peak Facebook


Jeswin proposes that Facebook has failed, explaining that the more you use Facebook, the worse it gets. He describes a login screen with 30 stories on it, four of which are interesting, and blames Facebook for encouraging its users -- especially commercial users -- to share in ways that make the experience worse for everyone.

I don't have a Facebook account and tend not to pay much attention to stories about the service, but I was struck by this: "their product looks like one of those spam filled mailboxes from the nineties." One of the claims for walled gardens is that they're able to use a combination of data-mining and the ability to kick out bad actors to make your inbox spam-free. I've always felt that this was wildly oversold: the hardest-to-deal-with "spam" in my inbox is stuff from people I know, or who know me, and who want attention from me for something that is worthy but that I lack time for (if I pay attention to their stuff, I'll have to neglect something else I've already committed to). Facebook makes it easier for more people to do this, which always sounded like a recipe for disaster to me. Likewise the ability to exclude bad actors: once you get to Facebook's size, you can't police spammers and crazies in realtime -- they pop up faster than you can get rid of them. Every walled garden I ever used, all the way back to Compuserve, had problems with bad actors who'd fill up your screen with commercial pitches, hatemail, and other undesirable junk.

Read the rest

What is exposed about you and your friends when you login with Facebook


(click to embiggen)

When you log in to a service with Facebook, the company exposes an enormous amount of sensitive personal information to the service's operator -- everything from your political views to your relationship status. What's more, logging into a service with Facebook also exposes your contacts' personal information to the service: their locations, political views, organizations, religion, and more.

...and here's what a brand knows when you login via facebook (via Dan Hon)

HOWTO prevent people from sending to your Gmail account via Google Plus

Google continues to try and cram its users into Google Plus, its also-ran social network. The latest move allows people who don't have your Gmail address to send email to your Gmail account by using your Google Plus ID. I have a Gmail account that's associated with my Android devices and the last thing I want is for people to start sending email there. Thankfully, there's a way to opt out (though it would have been much better if it was opt-in). Tl;dr: Gmail -> Settings -> Email via Google+ -> Off. (via Cnet) Cory 45

Facebook fan-pages broken, but FB will unbreak them for a price


Writing in the New York Observer, Trust Me, I'm Lying author Ryan Holiday says that Facebook has deliberately broken its fan-page service so that only a small number of registered fans see status-updates. If "brands, agencies and artists" want to reach all the people who've signed up for status-updates, they have to pay for "sponsored posts." As Holiday notes, this is a large conflict of interest for the service: the worse it works, the more they can charge to fix it.

It’s no conspiracy. Facebook acknowledged it as recently as last week: messages now reach, on average, just 15 percent of an account’s fans. In a wonderful coincidence, Facebook has rolled out a solution for this problem: Pay them for better access.

As their advertising head, Gokul Rajaram, explained, if you want to speak to the other 80 to 85 percent of people who signed up to hear from you, “sponsoring posts is important.”

In other words, through “Sponsored Stories,” brands, agencies and artists are now charged to reach their own fans—the whole reason for having a page—because those pages have suddenly stopped working.

This is a clear conflict of interest. The worse the platform performs, the more advertisers need to use Sponsored Stories. In a way, it means that Facebook is broken, on purpose, in order to extract more money from users. In the case of Sponsored Stories, it has meant raking in nearly $1M a day.

Holiday goes on to point out problems with other services, including Twitter and Craisglist. His focus is on the cost to advertisers, but there's also the cost to users, who believe that they are getting the news they signed up for, and instead are getting the news that a deep-pocketed firm can afford to put before them. For further reading, see Eli Pariser's Filter Bubble.

Broken on Purpose: Why Getting It Wrong Pays More Than Getting It Right (via MeFi)

(Image: C&T Program Fan Club Insert, a Creative Commons Attribution (2.0) image from dcmatt's photostream)

Sociability's value comes from privacy

A smashing essay on Kyro Beshay's site about the relationship between sociability and privacy is a must-read:

Social networks and services have definitely given us new and seamless ways to communicate with people from across the globe, pushing the boundaries of what in our lives is deemed acceptable to share, but a wall has been hit and the efforts to tear it down have left me uncomfortable. I’m specifically talking about this new move to broadcast what pages and messages we’ve viewed, without our consent. Services like BBM have long been guilty of this, but the idea has seen increased adoption recently with services like FB Messenger and Apple’s iMessage. In fact, this whole push for “passive sharing” has been gaining momentum, with Quora as the latest transgressor.

We’re now forced into an obligation to respond to a person’s message, almost immediately. With email and texting, there exists a wall of privacy and discretion where the person on the receiving end is given full power to read, ignore, or respond without being bound by deadlines or expectations. I may not want to read or reply to a message for a myriad of reasons – I need time to think of a proper response, I’m waiting on other plans to get sorted, or the sender is just someone who really annoys me. My question is: Is this sort of stuff increasing the value of our social interactions? I don’t think so. In fact, I’d argue that it’s making our interactions less enjoyable. Many friends have mentioned how others knowing when they’ve read a message has made for many awkward situations; and I wholeheartedly agree.

Being Social Is About Being Private

Preliminary analysis of LinkedIn user passwords

As you've no doubt heard, a large tranche of hashed LinkedIn passwords has been leaked onto the net. There's no known way to turn the hash of a password back into the password itself, but you can make guesses about passwords, hash the guesses, and see if the hashed guess matches anything in the leaked database. Bunnie Huang has been making some educated guesses about the passwords, and he's reported on his findings.

I thought it’d be fun to try to guess some passwords just based on intuition alone, using LeakedIn to check the guesses. Here’s some of the more entertaining passwords that are in the database: ‘obama2012′, ‘Obama2012′, ‘paladin’, ‘linkedinsucks’, ‘fuckyou’, ‘godsaveus’, ‘ihatemyjob’, ‘ihatejews’ (tsk tsk), ‘manson’, ‘starbucks’, ‘qwer1234′, ‘qwerty’, ‘aoeusnth’ (hello fellow dvorak user!), ‘bigtits’ (really?), ‘colbert’, ‘c0lbert’, ‘bieber’, ‘ilovejustin’, ’50cent’, ‘john316′, ‘john3:16′, ‘John3:16′, ’1cor13′, ‘psalm23′, ‘exodus20′, ‘isiah40′, ‘Matthew6:33′, ‘hebrews11′ (bible verses are quite popular passwords!).

Interestingly, there is no ‘romney2012′ or any variant thereof.

Leaked In

Scathing critique of "social" sites: "The Social Graph is Neither"


Maciej Ceglowski's "The Social Graph is Neither" is a scathing, spot-on critique of the deceptive and seductive simplicity of "social graphs" which purport to represent human interaction and relations through mathematical modelling. As with many "semantic web" projects, social networks can only achieve any kind of usable scale and coherence by simplifying the relationships they model to the point of triviality.

One big sticking point is privacy. Do I really want to find out that my pastor and I share the same dominatrix? If not, then who is going to be in charge of maintaining all the access control lists for every node and edge so that some information is not shared? You can either have a decentralized, communally owned social graph (like Fitzpatrick envisioned) or good privacy controls, but not the two together.

There's another fundamental problem in that a graph is a static thing, with no concept of time. Real life relationships are a shared history, but in the social graph they're just a single connection. My friend from ten years ago has the same relationship to me as the friend I dined with yesterday. You're left with forcing people (or their software) to maintain lists like 'Recent Contacts' because there is no place in the model to fit this information.

"No problem," says Poindexter. "We'll add a time series of state transitions and exponentially decaying edge weights, model group dynamics as directional flows, and pass a context object in with each query..." and around we go. p> This obsession with modeling has led us into a social version of the Uncanny Valley, that weird phenomenon from computer graphics where the more faithfully you try to represent something human, the creepier it becomes. As the model becomes more expressive, we really start to notice the places where it fails. p> Personally, I think finding an adequate data model for the totality of interpersonal connections is an AI-hard problem. But even if you disagree, it's clear that a plain old graph is not going to cut it.

Pinboard Blog (via O'Reilly Radar)

(Image: Map of top 50 UK PR twitter people and their followers, a Creative Commons Attribution Share-Alike (2.0) image from porternovelli's photostream)

Getting people's names right in software design: a LOT harder than it looks

Charlie Stross weighs in on the Nym Wars and Google Plus's braindead "real names" policy. He reprints Patrick McKenzie's prescient list of problems with name-handling in software design, a must-must-must-read for anyone thinking about the subject, and then ruminates further.
People have exactly one canonical full name.
* People have exactly one full name which they go by.
* People have, at this point in time, exactly one canonical full name.
* People have, at this point in time, one full name which they go by.
* People have exactly N names, for any value of N.
* People's names fit within a certain defined amount of space.
* People's names do not change.
* People's names change, but only at a certain enumerated set of events.
* People's names are written in ASCII.
* People's names are written in any single character set.
* People's names are all mapped in Unicode code points.
* People's names are case sensitive.
* People's names are case insensitive.

Read the rest

Understanding the Nym Wars

Here's a pair of great (JWZ) posts (Kevin Marks) on the Nym Wars, in which Googlers, net users, and sensible people try to convince the G+ team that it's insane to tell people that they must socialize using their "real names," and to then try to adjudicate what a "real name" is. Both link out to the canonical essays produced to date on the subject, such as EFF and boyd, and add a lot of good context.

David Cameron's net-censorship proposal earns kudos from Chinese state media

UK prime minister David Cameron (who is reported to have rioted himself and then fled police while at university) has proposed a regime of state censorship for social media to prevent people from passing on messages that incite violence. This proposal has been warmly received by Chinese state media and bureaucrats, who are glad to see that Western governments are finally coming around to their style of management.
The British Government’s wariness of the Internet and Blackberry Messenger – symbols of freedom of speech – is a forced reaction, which might upset the Western world. Meanwhile, the open discussion of containment of the Internet in Britain has given rise to a new opportunity for the whole world. Media in the US and Britain used to criticize developing countries for curbing freedom of speech. Britain’s new attitude will help appease the quarrels between East and West over the future management of the Internet.

As for China, advocates of an unlimited development of the Internet should think twice about their original ideas.

On the Internet, there is no lack of posts and articles that incite public violence. They will cause tremendous damage once they are tweeted without control. At that time, all governments will have no other choice but to close down these websites and arrest those agitators.

Riots lead to rethink of Internet freedom (Thanks, Juha!)

(Image: General Chu Teh, a Creative Commons Attribution (2.0) image from thomasfisherlibrary's photostream and David Cameron - World Economic Forum Annual Meeting 2011, a Creative Commons Attribution Share-Alike (2.0) image from worldeconomicforum's photostream)

LinkedIn opts you into being used in advertisements; here's how to opt out


LinkedIn have rolled out a new line of advertisements in which their customers' faces are used to advertise their sponsors' products. Helpfully, LinkedIn have decided to opt all their users into this. Here's a guide to keeping yourself from being an unpaid shill by opting out again.
1. Click on your name on your LinkedIn homepage (upper right corner). On the drop-down menu, select “Settings”.

2. From the “Settings” page, select “Account*”.

3. In the column next to “Account”, click “Manage Social Advertising” .

4. De-select the box next to “LinkedIn may use my name, photo in social advertising” .

A Box You Want to Uncheck on LinkedIn (via Making Light)