May 2, 2010

When Opt out Privacy disappears, Spammers win

It is amazing how far we’ve gone from being completely private individuals into being highly open with whatever info we wish to share at any given moment. The Internets have made us into self publishing freaks and we put ourselves into the public eye more than we sometimes wish we would’ve.

I kind of like this. I have always been honest with who I am. Yes, I too have some skeletons in my closet, but I think we all have those moments where we wished we’d done something differently. However, that day, that sorrow. For now let me turn your eyes to one of those things that public data on the web will cause, namely SPAM galore. Not only the kind of spam where you’ve get loads of e-mails, but the kind of spam where people will steal your identity.

Open Graph and Friend requests

I played around a bit with the data you could get out of the Open Graph the other day and managed to get some interesting results. Now I am considering not writing about it as it might cause some nasty stuff to happen. Think about it. Have you had a lot of friend requests from people you do not know lately? Since the Open Graph got launched I get two or three friend requests from people I’ve never met, per day. Considering this is all that is needed to start robbing a profile from information, I think we will see a lot more of it in days to come.

I think, just as Mark, that we cannot hide on the web. What I don’t believe, however, is that we don’t need any security measures to help us avoid the worst abuse. As the information stored in Facebook is in the news feed format and if you have been active enough, it is not that difficult to construct a bot that doesn’t only look like you, but one that talks and expresses itself just like you. This cause a wide range of difficulties if you’re in a beef with someone.

Normal case scenario

Basically I could rob a profile from anyone I’m friends with and then construct another profile that behaves and acts just like it. I could friend people of the person I’m targeting and I could get them in deep trouble by messing with their relationships. With a bit of co-ordination I could probably skim some financial data from them and get them in REAL trouble. But I don’t and I won’t, but I know people who would, if they just knew how to.

This is not a worst case scenario.. This will happen, it is just a matter of time. It all depends upon when the crooks get a hold of the brains to do it. We’ve seen them get on with the groups and the pages that all of a sudden change names. This is the same thing only that they will pretend to be YOU when they contact your friends. Luckily for me, people don’t like me, and thus I will probably not be used for these “like needed” scams.

Adding a Seccurity Feature

We need to add a security feature to Facebook Open Graph. You should be able to see a news feed when logged in, with information about who, when and how your data has been handled. In Sweden this is required according to the “PUL” (personal data seccurity act) legislation, but for other areas of the world it is not.

I don’t know, but my stomach is starting to turn a bit. One way, I really hate Facebook as it takes so much of my time from me as it continuously evolves. But at the same time I really love Facebook for giving me all these opportunities to connect with others. The openness gives me so many possibilities to offer great services to Internet users, and we will see some sick shit coming out this spring. It is one of those impossible moments in your life where you cannot take sides for or against. This is not very unique when it comes to my brain… always trying to reason until there is no reason… but that my gut cannot decide is really wicked.

What do you think? Any good posts on the topic?

5 Comments
  • Ulf Hedlund, May 2, 2010 Reply

    I reached the same conclusion when playing around a few days ago, but havn't seen much written about the potential problem yet. But I'm sure that some "full transparency" advocates will say it's not a problem at all and I'm sure that it will be abused nevertheless.

    Add some of the known (and yet unknown) security holes on the platform and there will be mayhem. Facebook need to address the issues with something better than "privacy is dead":

    • Jesper Astrom, May 2, 2010 Reply

      Indeed. If I only think about the stuff I know how to do with very limited programming knowledge, then I wonder what a "real" programmer and hacker can do/extract, then automate and reproduce.

      For spammers, social media offers loads of ways to create unique content as the social media platforms many times block parts of their content for search engines but make it available through their API's. Thus you can auto generate loads of "unique" content bound to certain topics and categories in a matter of seconds.

      That's the "nice guys" in the spam-industry. Those with "morals". Anyhow.. we need to spark the discussion as it has the potential to turn into the Internet form of card skimming. Hmm... I'm feeling a label coming along... "Personality Skimming - a result of semantic theft" ... haha...


Leave A Comment

Leave a Reply