July 2010 Archives

Facebook privacy win? What?

The same day we find out about a new low in the facebook privacy struggle we also see a big win on the horizon.  If reports are true, Facebook is testing a new permanent account deletion feature that will delete all information about your account and anything you have ever shared. 



"Deleting your Facebook account is never as easy as it should be, as many folks have found out that they need to deactivate their account for 14-days first, after which Facebook will send you various notifications in order to entice you back, before you're able to complete the deleting process, which is probably why Facebook has a little trouble with its customer satisfaction rating. Fortunately Facebook is currently testing out a new deleting system that will allow users the ability to delete their account, which will apparently help you skip the mandatory 14-day deactivation period. In case you've been itching to delete your Facebook account for some time now, you can check your account settings to see if it's there yet, but don't be surprised if you don't see it, as it's currently being tested on a select number of users for the moment."


Facebook privacy win? What?

The same day we find out about a new low in the facebook privacy struggle we also see a big win on the horizon.  If reports are true, Facebook is testing a new permanent account deletion feature that will delete all information about your account and anything you have ever shared. 

<img src="http://www.privacywonk.net/images/facebook-deletion.jpg">

"Deleting your Facebook account is never as easy as it should be, as many folks have found out that they need to deactivate their account for 14-days first, after which Facebook will send you various notifications in order to entice you back, before you're able to complete the deleting process, which is probably why Facebook has a little trouble with its customer satisfaction rating. Fortunately Facebook is currently testing out a new deleting system that will allow users the ability to delete their account, which will apparently help you skip the mandatory 14-day deactivation period. In case you've been itching to delete your Facebook account for some time now, you can check your account settings to see if it's there yet, but don't be surprised if you don't see it, as it's currently being tested on a select number of users for the moment. "


Facebook Insecurity and Privacy

The ever growing facebook saga has reached a new chapter and a new low.

Facebook has been receiving the ire of the privacy and security community for all of 2010.  Yesterday, security researcher Ron Bowes of SkullSecurity found a new vulnerability and this one is huge.

Facebook's Directory page - https://www.facebook.com/directory - you can get a list of every searchable user on facebook.

Ron put together a Ruby script that harvested over 171 million names, usernames, and profile URLs.  You could easily add a picture and location information to this dataset and have a nice data-mining project on your hands. 

With this dataset as a baseline we could start crawling other social networking and media sites for similar user names, location information, and attempt to make social media profiles of individuals.  This would be a gold mine data set for advertising, law enforcement, intel gathering, etc.

The privacy issue is pretty clear cut here.  Facebook, in its continued march toward wide-open, unrestricted, and identifiable social networking has exposed the name, username, and picture of every searchable user to the public.  A smart hacker got wise and downloaded all of this information to prove a point.  He also released the 2.8GB of data through a torrent.  A smart advertising agency or foreign government can do the same thing to targeting individuals for profit or something worse.

171 Million names, usernames, and profile URLs exposed.  Keep repeating that until the gravity of it all sets in.

On July 12th, 2010 Apple, Inc hand delivered a response to The Honorable Edward J. Markley and The Honorable Joe Barton addressing their previous request for information regarding Apple's privacy policy and location-based information.  The Full Request for Information letter to Steve Jobs can be found here: http://markey.house.gov/docs/markeybartonapple.pdf

The 13 page response is very detailed and I am still reading over the document.  I will update this post with my thoughts.  For now, I simply want to push the document out for people to read.  I do not know why but most people covering this document are linking back to a Scibd.com link, which requires compulsory registration to download the document.  I am hosting the document here for easy access, hopefully my connection provider does not take offense.


PrivacyWonk hosted copy: http://www.privacywonk.net/download/34544240-applemarkeybarton7-12-10.pdf

Original Scribd.com link: http://www.scribd.com/doc/34546602/apple-response-to-markey-barton