Blog
Facebook Doesn’t Get It
Responding to concerns about privacy Facebook came out with a new security feature… except it doesn’t address any of the fears that users of the site are having.
Facebook has announced a new security feature that aims to keep hackers from tapping into users’ personal information.
First off, they should already be doing everything they can to prevent hackers from gaining access to your account. That they are just now addressing that issue is a cause for alarm. That’s not even the issue at hand though. The real issue is Facebook sharing your data (data that they even said would remain private) with “partner” websites. We’ve already seen two massive data leaks from Yelp since this program was introduced. Not only does this not go far enough, it’s opt-in.
“Oddly, this system is ‘opt-in,’ meaning by default it’s not enabled. You have to dig through Facebook’s labyrinthine privacy settings to turn it on,” he writes. “This might be a mistake, given how complex and intimidating Facebook’s privacy settings already are.”
More settings to confuse people. It’s beginning to look like they do this on purpose so that as much data as you can possible have is out there and fodder for their advertising partners.
Some users have complained they are uneasy about their personal preferences showing up on sites other than Facebook.com. Recently, an unknown number of people, including some notable tech pundits, have deleted or deactivated their Facebook accounts in response to privacy concerns.
Last month, a group of U.S. senators sent a letter to Facebook asking the company, which was started in a Harvard dorm room and is now valued at billions of dollars, to give users more control of their private information.
The new security features do not address the issues most users have been complaining about, such as whether Facebook will keep their information private. Instead, the latest feature aims to protect Facebook users from external hackers. It does not change company policy.
Translation: We have you locked in. You’re not leaving us. We don’t care about your privacy, we want money. Go < expletive > yourselves. Nice, Facebook. Nice.
Your Facebook Data Once Again Put at Risk
Popular social media site Yelp has had two issues in the past day or so in which Facebook users’ data was put at risk. Is this just the tip of the iceberg for your data?
Last night, we reported on a security exploit discovered by web security consultant George Deglin that would allow a malicious site to quietly harvest a user’s Facebook friend list, email address, and other data. The exploit used a technique called Cross Site Scripting (XSS) to inject malicious code into Yelp, and took advantage of the fact that Yelp is one of Facebook’s partners for its controversial Instant Personalization feature to harvest the Facebook user data. The hole was quickly patched, and no user data was compromised.
Tonight, Deglin discovered a second hole in Yelp that once again allowed him to inject malicious code using XSS that could put Facebook user data at risk. Yelp has now patched this second hole, and once again the company believes that no user data was compromised. Facebook has turned off Instant Personalization on Yelp for the time being as Yelp looks to ensure there are no more vulnerabilities. Source
It’s plain to see that money from partners matters more to Facebook than the security of user data. I really hope something changes soon.
Reading
I recently renewed my library card after not using it for 10 years. Normally when I want to read a book I purchase it and then proudly put it on my shelf. The problem with that is I live in a small apartment and I have run out of shelf space. In fact, I ran out about 20 books or so ago. Now that I renewed my library card I’ve started to pay attention to books again. When there is a review on NPR I make note. When I hear about a book from a friend, I mark it down. Now my problem isn’t finding space for all these books on my shelves. The problem is finding the time to read all these great new books. At least that is a good problem.
These are the books on my to read list:
- When I Stop Talking, You’ll Know I’m Dead: Useful Stories from a Persuasive Man by Jerry Weintraub
- The Good Man Jesus and the Scoundrel Christ by Philip Pullman
- The Omnivore’s Dilemma: A Natural History of Four Meals by Michael Pollan
- World War Z: An Oral History of the Zombie War by Max Brooks
- A New Religion in Mecca: Memoir of a Renegade Brewery in St. Louis by Tom Schlafly
- Sit, Ubu, Sit: How I Went from Brooklyn to Hollywood with the Same Woman, the Same Dog, and a Lot Less Hair by Gary David Goldberg
So many books, so little time.
On Upgrades
I’m going to rant a little bit on software upgrades, more specifically, web application upgrades. I have had a blog using WordPress for the past 5 years. This upgrade process with WordPress has always been fairly simple. Not only has the process been simple, but I have always gotten the expected outcome. New features, bug fixes, etc always worked without a hitch. I never once experienced an issue because of an upgrade. This blog is now using Habari. Habari is a lot like WordPress with regards to upgrading. It’s simple and functionality never breaks with each release (unless perhaps you are using bleeding-edge non-stable versions).
The software I use at work for creating websites is an ASP.Net CMS called DotNetNuke. There are a lot of good things about the software, but I fear that the negative outweigh the bad in many aspects. One of those aspects is upgrading. Over the past year I have run into several roadblocks while upgrading. Some of these include disabling functionality (on purpose and on accident), creating more bugs than they fix with each new release, and putting off show-stopping bugs to future releases. I have to wonder when dealing with the software if they ever actually test it before they release.
I never understood how careless they could be with the software that “powers hundreds of thousands of websites.” Maybe ASP.Net developers are part of a completely different paradigm than PHP developers. In the past I have noticed a huge difference in the PHP and ASP communities, maybe that way of thinking stems from the developers. In my office, we have come across several things that don’t make sense with regards to DNN decisions or errors. So often in fact that we don’t even say “that doesn’t make sense” anymore. Instead, we shrug and say, “That’s DNN” then continue to look for a solution to yet another issue created by improper testing.
