Is Facebook even safe anymore?
privacytips.jimdofree.comDo people really hate FB so much right now that this garbage becomes the top article on HN?
This website[1] seems to be entirely blank aside from this article, the claims made are dubious at best and essentially unsourced, and the alleged "breaches" discussed seem to all just be dumps of easily scrapable data or things third-party developers (not FB) left lying around. There's zero evidence whatsoever of actual breaches of FB servers here, which would be a major story covered by far more reputable sources were it true.
As far as I can best see, this is trying to sell people on VPN services for which the author gets a commission, given the embedded link to a "best VPNs" site...
It's because it's such a highly controversial subject. I completely agree there's good and bad on Facebook, but overall feel like it nets out positive.
Im having a hard time finding a positive in Facebook.
Ditto. It obliterates privacy and datamines everything, while simultaneously serving as a platform for propaganda (marketing being slightly more benign economic propaganda).
In exchange for getting data-mined and marketed-to I get to see what the people I can't be bothered to email are doing.
There are other use cases, like businesses and groups announcing things over FB, but there are plenty of other platforms for this, many of whom are cheap or free.
I don't know how to say this without sounding aggy, sorry.
If you don't see the value, don't use it. Not every product is for everyone. It's entirely possible that for you there is no value in Facebook use. It has a low value for me (excluding WhatsApp).
I use it only because I think its zero cost/risk. I'm very unlikely to fall for phishing scams and no useful (not already public) information about me is on there.
To me this is one of the big frustrations of the article: Facebook is safe for some and unsafe for others, it's useful for some and not for others, it's "worth it" for some and not for others...
But simply "not using it" isn't enough. They still glean all sorts of information about you from both your browsing habits and other people you may know, or even those who may simply have stored your phone number or email address in one of their devices.
That's fine, but it's another example of this being a complex, personal matter not a simple yes/no universal answer...
Working in Japan security breaches can and do happen, but when they do the government has the ability to fine said corporation or even force them to cease offering services for a period of time.
I get the distinct impression that US companies largely face no consequences for data breaches and when they do it's fines that equate to less than a percent of their annual profits. Unless something changes there is very little incentive to start taking this stuff seriously.
Despite all that, Japanese IT data security is a joke though. They all talk the talk here but most systems I've seen are held together by sticks and glue on the backend. If I didn't live here I wouldn't dream of giving my data to a Japanese firm.
> but most systems I've seen are held together by sticks and glue on the backend.
I'm pretty sure that's - unfortunately - true for a lot of backends and not a Japanese phenomena.
Try finding an appsec job in japan.
...sony...
Your point being?
Sony had massive issues with PSN security a few years ago
It never, or at least not for a long time now, has been safe.
Data breaches are not even the main concern. The main concern is, how FB itself acts with your data in its pockets. Do not trust the a millimeter far.
Facebook has information as a business model.
It could be improved, like the user having the real ownership of all personal data and with confirmation to where, to whom and when delivering it.
But, for real, will those changes please their investors?
I canceled my Facebook account a few months ago. A full delete, not a deactivation. Somehow, I still get the occasional email notification from a Facebook group, and it makes me really really curious to know how that could be possible if my account is supposedly gone.
tl;dr The author worries that Facebook data breaches suggest unfixable infosec problems at the company.
My response:
Data breaches are a secondary concern. Facebook has too much data for anyone to exfiltrate a large percentage of it.
The primary bad actor is Facebook itself, which can analyze and operate on all of that data (to share with governments, partners, or psychological experiments).
But then again, the practices you mention in your last paragraph have literally nothing to do with the subject of this article (not saying that I do or don’t agree with you there).
> But then again, the practices you mention in your last paragraph have literally nothing to do with the subject of this article
That's the point of my comment. The article asks if Facebook has become unsafe because of hackers. I was arguing that Facebook has been unsafe for a long time because of Facebook, rendering the article somewhat beside the point.
Asking if Facebook is unsafe because of hackers is like asking if a vial of arsenic might be contaminated with cyanide. Yes, it may be contaminated, but it was already guaranteed to kill you.
Facebook = Malware
Facebook is a data breach.
It never was safe.
Perennial reminder of a conversation early on in Facebook's life:
> Zuck: Yeah so if you ever need info about anyone at Harvard
> Zuck: Just ask.
> Zuck: I have over 4,000 emails, pictures, addresses, SNS
> [Redacted Friend's Name]: What? How'd you manage that one?
> Zuck: People just submitted it.
> Zuck: I don't know why.
> Zuck: They "trust me"
> Zuck: Dumb fucks.
The irony is that Hacker News is literally unsafe to use as it puts users at risk of doxxing by not providing basic privacy functions like post and/or account deletion or even the ability to change your username. I really don’t understand why the HN crowd (which claims to be privacy focused) never seems to call this site out on that. Did I miss the text when you sign up telling you that everything you post will be publicly accessible for the rest of time? Is there even a mention of it anywhere?
To answer the original question though, no Facebook isn’t safe and never was. Delete your account. I did four years ago and I’ve never missed it.
>Did I miss the text when you sign up telling you that everything you post will be publicly accessible for the rest of time
While reasonable people can disagree on this point, it seems a valid point of view that once you've publicly posted something that's part of an online conversation you can no longer unilaterally delete it.
once you've publicly posted something that's part of an online conversation you can no longer unilaterally delete it.
But once you delete your account those posts can be attributed to “Deleted User”. HN doesn’t even do that.
I agree that's a more defensible position. Of course, there are lots of situations--you have a bylined article "printed" in a newspaper/magazine, you write a book, you appear speaking in someone else's YouTube video--where it's not really reasonable to expect to be able to expunge what you've written from the public record.
This isn't a new thing. You couldn't typically delete a Usenet post either.
What has changed is how easily and casually people can put things out in public without editorial oversight that they may regret.
You couldn't typically delete a Usenet post either.
In the early days of Usenet posts were ephemeral and would only last a week. That expectation was baked into the culture and everyone was surprised to find a sneaky organisation had been archiving it all to monetise later.
Maybe in the very early days. But there were various archives of many newsgroups pre-Web (much less pre-DejaNews and Google).
Yes lots of groups had their FAQs for example on an FTP site, but ordinary posts weren’t typically archived
HN is public by design so it is assumed that you only post things that you are comfortable with sharing. Even then, I heard that the moderation team is happy to help out if there are a few particular posts you'd like to delete/amend.
Meh. Email address, date of birth, names, phone numbers aren’t private. Some of these we even willingly disseminate publicly.
If these pieces of data are used for authentication for some other service (cough healthcare), that is a flaw elsewhere - not with Facebook.
If we are gonna be upset about this we should still be upset about Equifax, which we totally forgot, didn’t we?
I’m now under the assumption that some kind of data breach of mine is inevitable. It’s not worth stressing out about in a lot of ways.
we should still be upset about Equifax, which we totally forgot, didn’t we
By any reasonable definition Equifax got away with it Scot free. No one is expending any energy getting angry about it because it has been repeatedly demonstrated that regulators don’t care about data breaches so what can you do?
No company is going to care about this until C-suites and boards start going to jail.