Wednesday, April 28, 2010

Two Facebook Stories

The Boston Globe today carried two stories about Facebook. One was about a host of stolen and fake Facebook accounts being sold on the blackmarket. Apparently accounts are stolen through phishing schemes that lure unsuspecting Facebook users into revealing their passwords, or else, malware loaded onto users' machines that track keystrokes reveals their passwords. The article, from the New York Times, by Riva Richmond, explains,

Facebook accounts are attractive because of the higher level of trust on the site than exists in the broader Internet.

As a result, people are more likely to believe a fraudulent message or click on a dubious link on a friend’s wall or an e-mail message. Moreover, the accounts allow criminals to mine profiles of victims and their friends for personal information like birthdates, addresses, pets’ names, and other tidbits that can be used in identity theft.

While the accounts that were compromised and offered for sale could be legitimate, they most likely also included bogus accounts, Howard said. IDefense did not see the accounts themselves, but the inclusion of many accounts with small numbers of friends suggests the seller created fake accounts, perhaps using an automated tool, and sent out blind friend requests to gather contacts.
Perhaps not coincidentally, the second article about Facebook is about Senators pressuring Facebook to improve its privacy controls. The call was triggered by Facebook's announcement last week of new plug-ins that allow users to share their passions for various products on other websites. As part of the new plug-in, Facebook is sharing users' personal information with three other websites: business review service Yelp, music service Pandora, and Microsoft Corp.’s Docs.com for word processing and spreadsheet. Users have to go into their privacy preferences and opt-out of the service to avoid this sharing, rather than opt-in, and that is what is outraging some users, and the Senators. The article, from an Associated Press article by Michael Liedtke, says,
Facebook users who don’t want to be part of the company’s expansion have to go through their privacy settings and change their preferences.

Schumer thinks the onus instead should be on Facebook to get users’ explicit consent. “They have sort of assumed all their users want their information to be given far and wide, which is a false assumption,’’ Schumer said.

Schumer sent a letter calling for simpler privacy controls to Facebook founder Mark Zuckerberg. The concerns were echoed by Democratic Senators Michael Bennet of Colorado, Mark Begich of Alaska, and Al Franken of Minnesota.

Facebook tried to assure Schumer that its latest idea won’t invade users’ privacy.

“We welcome a continued dialogue with you and others because we agree that scrutiny over the handling of personal data is needed as Internet users seek a more social and interactive experience,’’ a Facebook vice president, Elliot Schrage, wrote in a letter to Schumer.

Schumer called Facebook’s response inadequate and said his staff planned to meet with the company today.
In the meantime, Facebook users may want to change their privacy settings and be sure they are not handing out their passwords to phishing schemes. The privacy setting to opt out of this new "sharing" with the three other websites is inexplicably called "instant personalization" and is the last option on your privacy settings. If you receive strange spam messages from a Facebook friend, you might want to let them know you think their account has been corrupted and they might want to take it down.

No comments: