The main question I have about Facebook allowing apps to collect (and keep) user data is, “Who didn’t know this was going on?”
Seriously? You play the FB games to learn which celebrity you’re most like or what your “real” age is or what your personality IQ is, and you don’t think that someone, somewhere devised the quiz for a commercial purpose? You get asked questions about your habits, likes, and dislikes, and you don’t suspect that the software is collecting data about you for some reason?
When you click to play/answer a quiz you’re told that the app is going to have access to all sorts of your personal information, often including your contacts. You have to say, “Okay”!
Perhaps the most obvious collectors/sharers of data with Facebook are the other websites and services that allow you sign into them using your Facebook (or Twitter or ….) accounts.
You have to agree to let them see and use at least some of your Facebook information as part of the login process. Did you think that these other sites and applications were not getting information about you and your habits from Facebook at the same time they were telling Facebook what they knew about you? Again, seriously?
Facebook — and many other social sites, games, and apps, are free. They sell ads like the free old-time television. But, they know more about you than the broadcasters who sent the same commercial to everyone in America. Apparently people didn’t expect that Facebook would use the knowledge they have to sell more ads and make more money.
Facebook has made mistakes. It said that it didn’t share information when it had, and it didn’t get back information from places like Cambridge Analytica it said it would. And, Mark Zuckerberg and others have dissembled on the topics of privacy and data sharing.
But, I worry about the uproar focusing on Facebook and the follow-on idea that you can pass data storage laws that are going to keep your information safe on the Internet. Laws and a contrite Facebook are not going to keep your views, demographics, and interests private if you publish them online. And, if you take a poll/survey/test for the fun of it, you have to expect that the hosting site is doing something with your information.
We are each responsible for determining what we want the world to know about us and we should expect others to react positively, negatively, or commercially to what we share. Frankly, I thought this was understood by all of us Internet-savvy folks including Facebook users, bloggers, and Pornhub contributors.
The New York Times published a handy list of commonsense steps you can take give yourself marginal protection on Facebook, and most of their advice applies for other sites and apps. Read it and take their suggestions.
But, really. The outrage over Facebook’s “data breech” sounds a little like the indignation and surprise of the bordello piano player. I don’t need Mark Zuckerberg to testify in front of Congress to know what’s being going on upstairs in the rooms.
Two phishing attacks are hitting my in-box hard today.
One tries to trick you into logging into your Facebook account to see the new features available to you. This is a really clever angle since earlier this week Facebook unleashed a site redesign which has been widely panned in part because Facebook didn’t pre-announce the changes or explain them.
This phishing email sounds like Facebook is responding to criticism by telling you of changes and inviting you to learn more about them.
Of course, if you do click on the link, you’ll go to a site that looks like Facebook but is, in fact, a fraudulent site somewhere in the European Union. The crooks want you to give up your Facebook user name and password. From there they’ll have access to your Facebook account and can post and send messages coming from “you” to trick your friends into giving up more information. Or worse.
The second attack is an email supposedly from the FDIC telling me that my bank has been taken over. According to a warning I heard on the radio, if you click on the link to the phony FDIC site, you’re asked to put in your bank account number and other identifying information. Guess what happens after you do this?
Practicing Safer Computing
Here’s how I quickly spotted these messages as phony:
- I hovered my cursor over the links. Microsoft Outlook pops up a message showing the real destination of any link when the cursor is held over it. In these cases the destination started out with “www.Facebook.com” or “www.FDIC.gov”, but the location kept going and in both emails ended with a “.eu”. This means I’d be taken to crooked sites in the European Union and not to a business or government site in the US. (Check out an earlier post about a phishing attack for more information on uncovering where a link is really going to take you.)
- The FDIC mail was sent to an email address that I don’t use for banking. [email protected] simply is not used for those activities, so why would I get messages in that inbox?
- I wasn’t expecting email from either organization. I don’t click on links in email when I am not expecting the message. Even when I do get a notice from my real credit card companies or bank, I don’t click on their link. Instead I type the address in myself (or use my bookmarked location).
- I am getting multiple copies of each message. They’re being sent to every email address I have displayed on the Internet, and I think I am getting multiple copies to the same email account. No real sender would be so unselectively spammy.
Yeah, I could wind up falling for tomorrow’s phishing attack. I know no one is immune. But, these two didn’t get me. Don’t let them get you!