a word of advice and warning, Facebook is a toxic wasteland of security risks

[Chauncey Gardiner]

Hi Kaichu,

Thank you for the kind greeting. We agree, when a man works hard, is honest and fair, may he be blessed for himself and for his fellow man.

~ Chance

[127.0.0.1]

IMHO

the root of all evil is ignorance.

Ignorance is a state of being uninformed (lack of knowledge). Which is why I created this thread.

[kaichu dento]

Maybe a root of victimization, but not of evil - this valuable thread is now in danger of being sidetracked and should go back to Facebook and how to avoid its dangers.

[Greta]

Maybe a root of victimization, but not of evil - this valuable thread is now in danger of being sidetracked and should go back to Facebook and how to avoid its dangers.

What KD said.

Let's get back on track. If anyone wants to take this in another direction, please take it to the Underground.

[PhotonWrangler]

I'm not a facebook user either, nor am I on myspare or twitter. I just don't need to be connected to others for every waking monent of my life.

I am on LinkedIn but I am very wary of any invitation that comes my way from an unknown indiividual. It;s too easy to think that an Invitation to Connect is a compliment of some sort and should always be acknowledged, but it's not necessarily so.

[flashy bazook]

Where I would appreciate some helpful advice is, what to can I do to protect myself from these threats beyond not belonging to Facebook?

I see more and more "integration" between Facebook and everything else, so I worry that I am in danger even if I avoid it as much as I can and do not belong in it.

For example, iOS 6 has introduced integration with Facebook, and you can almost not go to any news site without finding those Facebook icons.

So, any ideas?

[sidecross]

I never would post on Facebook or Twitter and I expect anything I do via my computer and the internet is public to both the government and the corperate 'State'.

[Burgess]

You folks are ALL WRONG about Facebook ! ! !




Now, if you'll excuse me . . . .


I've gotta' go water my crops in Farmville.



_

[idleprocess]

I live by the rule that everything you do on the internet could potentially come back to you - be it e-mail, message boards, IM, facebook, games, blogs, etc. While not everything you do will live up to the usual hypothetical of would you want it read on the 6 O'Clock News, it's not necessarily a bad standard to live by - especially for mediia where you have little real expectation of privacy.

I use facebook. I post status updates, click "Like", post photos, and have given it accurate demographic inforomation. I do not give facebook apps permissions to my account, have not given it a complete personal dossier, never "check in", do not participate in polls /questions not clearly started by people I know (and even then mostly steer clear), and make a distinct point not to use it at work on my employer's computers. I have it set to the point that only friends can see things on my wall and review the default wall regularly to see what's "leaking." I have the facebook app on my smartphone and even make sure the GPS is off before launching the client.

And for all the hubub over facebook, the rest of the big players are just as bad. I can search/browse for something obscure on amazon and rest assured that banners for that very item (or others quite like it) will be served up for weeks as I hit numerous other ad-driven sites. Gmail will serve ads based on keywords in my e-mail and - a bit creepier - terms I've searched for in google.

It's very nearly impossible to be truly anonymous on the internet these days. Since almost no one pays for the services they receive online, the service providers are forced to find some other way to stay in business - and information about their users happens to be one of the most valuable commodities in their possession. I accept it as part of the deal and just do my best to minimize my profile without engaging in actions that simultaneously raise attention (ie encrypted e-mail, anonymous browsing, the use of proxies/excessive SSL, VPNs, etc) ... like the locks on houses, the idea is to "keep the honest people out" and make it difficult for the casual dishonest.

[127.0.0.1]

It's very nearly impossible to be truly anonymous on the internet these days.

it is completely impossible unless you

a) own and manage the links
b) own and manage the interconnecting devices
c) own and manage the access

companies and enterprises that do a, b, and c can control everything

anything and everything YOU do while using someone else a, b, and c...is, more and more often:

a) logged
b) stored
c) archived for retrieval

those 10 18 wheelers full of storage arrays headed to Langley ? yup. and 10 more trucks behind them.

the big new push in IT is not 'more locking mechanisms', the push is forensics and data analysis. let them in, OK so they broke in, we'll fix
that stuff later....right now, we watch it all. we cannot block all of it all the time...but we can certainly track and log all of it, all the time...
which is the direction more IT budgets are heading. it is way behind what it could and should be.

[idleprocess]

Oh, I suspect that *effective* anonymity is possible so long as you don't do anything that sets a pattern and never use a service / device that can be traced to you. The limitations and massive inconvenience of this means that almost no one will bother. No accounts. No personal device that's not massively reconfigured every 24 hours (with a radically different config every time). Always using a neighbor's, the library's, a coffee shop's internet service. Only doing things so bland and generic as to blend in with what everyone else on the service is doing.

And even then you may well blaze a traceable path thanks to all the logging and analysis capabilities in the hands of the .gov, ISP's, and private industry.

[markr6]

OK, I understand that Facebook can be dangerous as far as content and phishing. But what about the computer and network I am using? Some of the IT guys at my company will not allow me to access our company's Facebook Page in fears of a hacker getting into my computer and into the system with customer information via the network. So I have to use a dedicated "facebook" computer off the network.

Do you agree? This really makes my job difficult. Yes, better safe than sorry but I really want to be more engaged on our page.

[mvyrmnd]

OK, I understand that Facebook can be dangerous as far as content and phishing. But what about the computer and network I am using? Some of the IT guys at my company will not allow me to access our company's Facebook Page in fears of a hacker getting into my computer and into the system with customer information via the network. So I have to use a dedicated "facebook" computer off the network.

Do you agree? This really makes my job difficult. Yes, better safe than sorry but I really want to be more engaged on our page.

Most IT departments rule by FUD (Fear, Uncertainty and Doom)

This sounds like FUD to me.

With proper passwords (not words or random numbers, but phrases and sentences!), 2-stage authentication (which Facebook does offer, and EVERYONE should use it) and I'm assuming that your IT guys operate and maintain a decent firewall, and you have a good (read: not Norton, McAfee or Trend) AV app on your system, the odds of you coming a cropper are as minimal as possible.