New article on Facebook issues

Tsunami · 1 Mar 2015, 09:22 PM

In Belgian newspapers, there were some recent articles regarding the new FB policies. Apparently the government's privacy commission wants to file a legal case against the new FB TOS. In Europe, about 6 countries have already planned or considered such lawsuit. I don't know however if what the newspaper wrote is true. I am very sceptic in trusting social networks, but equally sceptic in bashing them. Often the true lies somewhere in the middle. Anyways, according to the articles:

- Facebook would log your IP or smartphone location, type of browser, settings of your computer, ... (I am not sure if the windows password, which in Windows 8 is also the password of an email account, is included in settings of computer) in order to collect demographic data about their users and for example send popups with ads to your Phone : imagine you walk the Champs Elysées in Paris, FB knows where you are and could send popups with ads for a local shop a few blocks down the street.

- Facebook would save the contacts you have in apps such as Whatsapp, Spotify, or Instagram. I don't know how these work, as I don't use them, but aren't those apps password protected? So does this mean Facebook can just look over your virtual shoulder and bypass passwords in order to get access to your contacts list? Then who guarantees me they can also not just bypass the passwords of webmail accounts, website accounts (signing in to the webhost), etc?

- Facebook would be able to log the nr of your payment cards, look into the invoices to see what you bought and where ... Unless you buy something right through Facebook while being signed in, how can FB follow you after signing out of your account? And I thought financial transactions were Always highly secure? So does this mean Facebook can, even if not signed in to FB, just look over your shoulder and log any data? Including passwords of webmail accounts, webhost accounts, ... ??

I have just purchased a new computer and still getting used to the latest version of Windows... I'm not sure if it's safe to log in to Facebook now or if I better avoid signing in from my new computer?

I doubt all the horror stories from the newspaper would be true, but then I cannot be sure. If it'd be true, we're talking about pure Huxleyan practises...

William9 · 2 Mar 2015, 11:51 AM

Quote:

Originally Posted by Tsunami

...
- Facebook would log your IP or smartphone location, type of browser, settings of your computer, ... (I am not sure if the windows password, which in Windows 8 is also the password of an email account, is included in settings of computer) in order to collect demographic data about their users and for example send popups with ads to your Phone : imagine you walk the Champs Elysées in Paris, FB knows where you are and could send popups with ads for a local shop a few blocks down the street....

Isn't logging your IP address and browser expected? My web host provides me with that information and which pages were visited by visitors to my little website. Isn't serving targeted ads based on location and several other factors the Holy Grail of advertising and not unique to FB?

jl66 · 3 Mar 2015, 01:20 AM

Nothing new, we all knew about it.

Tsunami · 4 Mar 2015, 08:02 AM

I never heard about the logging contacts from apps such as Spotify or Instagram. I never heard about logging bank card details.

I may be wrong, as I don't use Instagram or Spotify, but I guess that their user accounts are password protected ; so how can Facebook just bypass those passwords to access data in those apps?

Then who tells they cannot bypass any password (eg domain registration accounts with Namecheap, GoDaddy ... or hosting accounts) ?

I heard about the IP and browser type logging before, so wasn't too surprised with that. And while I wouldn't be too happy with constant advertisements popping up, it's not exactly something I'd worry about neither. YouTube uses ads too, Gmail does, ... Not pleasant but nothing to worry about neither. It's mainly the bypassing of passwords that I hadn't heard before and that I find a worrying thing (IF the article from the newspaper is correct, that is...)

adamlau · 4 Mar 2015, 03:58 PM

Quote:

Originally Posted by Tsunami

I never heard about the logging contacts from apps such as Spotify or Instagram...

One of the primary reasons Facebook enters into a relationship with another company is to share aggregated customer information for the mutual benefit of both. Else, Facebook purchases the company outright to own the data. Facebook is unable to (unless they decide to inject an exploit through your browser or employ a 0-day against your OS) access your credentials for services for which they have not entered into an arranged agreement with. Regarding the settings of your connected device, that would generally be limited to your OS and browser fingerprints. Perhaps a MAC address indicating the make and model of your NIC which can narrow down the type of mainboard in use, which in turn can narrow down the type of connected hardware and so on and so forth. IP, OS and browser logging is standard network operations procedure and serves as invaluable aid in diagnosing, traversing, maintaining and improving network health. All of the above is greatly simplified, but generally holds true. FYI, if you truly care about online security and privacy, then you really ought to be traveling down the Linux or BSD road. For all the talk about email security here on EMD, it is quite surprising how many users are still using Windows despite the obvious ramifications regarding security and privacy.

Tsunami · 7 Mar 2015, 08:26 PM

But you are saying they cannot log the passwords or bypass them if they don't have an agreement or ownership of a service? So in respect to Wordpress.com, Weebly.com, Wix.com, Name.com, GoDaddy.com, Namecheap.com, ... they could not log your details?

radtux · 8 Mar 2015, 10:17 PM

I am not surprised. Its a giant advertising network thats becoming better and better by user tracking.

somdcomputerguy · 9 Mar 2015, 08:57 AM

Quote:

Originally Posted by Tsunami

But you are saying they cannot log the passwords or bypass them if they don't have an agreement or ownership of a service? So in respect to Wordpress.com, Weebly.com, Wix.com, Name.com, GoDaddy.com, Namecheap.com, ... they could not log your details?

I can't say 100% whether Facebook can or can not, but I don't doubt that this is possible. See, I have seen many 'services' that let one login or signup with one's FB user/pass, so I would only assume that FB has more of a persons data available to them if this procedure is used. Again, I'm not sure that FB could login to this service as you, but I don't doubt it and at the same time wouldn't be surprised if they can. I do use Facebook, but only to stay in touch with some family members, some High School and some other friends. I occasionally post there myself, but usually only a YouTube video or news clip that I feel to 'share' and I play or use absolutely none of the 'games' or other apps that are available there. The browser that I use and the add-on's in use 'hide' most advertisements from me on pretty much every website I visit. Most of these advertisements are run from external j/s files that the NoScript and AdBlock add-on's can disable.

- bruce

Tsunami · 9 Mar 2015, 11:21 PM

But i would never sign in to any other service using my Facebook login... I guess this would make it highly unlikely that FB can just access your accounts with wordpress.com, blogspot.com, name.com, godaddy.com, weebly.com etc as long as you sign in without signing in to those accounts using your Facebook ID?

somdcomputerguy · 10 Mar 2015, 01:38 AM

Quote:

Originally Posted by Tsunami

..etc as long as you sign in without signing in to those accounts using your Facebook ID?

I have seen many services (most notably, forums, but other kinds as well) that allow one to sign in with ones Facebook credentials. I don't know or care what this would allow FB to do with that service, as I have never used my FB user/pass to sign into anything else, but money talks you know..

Tsunami · 11 Mar 2015, 12:39 AM

Quote:

Originally Posted by somdcomputerguy

I have seen many services (most notably, forums, but other kinds as well) that allow one to sign in with ones Facebook credentials. I don't know or care what this would allow FB to do with that service, as I have never used my FB user/pass to sign into anything else, but money talks you know..

Yes. Tastebuds.fm and Meetup.com amongst others have a "sign in using your FB" option. But I never did that, I just created a new account and signed in directly with that account, instead of signing in using Facebook profile. I never used the FB profile for any other sign in than for signing into Facebook itself.

David · 11 Mar 2015, 01:05 AM

When a company is intent on compromising your privacy (and you are aware of that) I am wondering why you would want to use that company at all.....

jl66 · 11 Mar 2015, 03:39 AM

Never sign in with a FB account!, it's always better to use a throw away account or an alias of your main email account.

1 Mar 2015, 09:22 PM	#1
Tsunami The "e" in e-mail Join Date: Jun 2004 Location: in between the bright lights and the far unlit unknown Posts: 2,341	New article on Facebook issues In Belgian newspapers, there were some recent articles regarding the new FB policies. Apparently the government's privacy commission wants to file a legal case against the new FB TOS. In Europe, about 6 countries have already planned or considered such lawsuit. I don't know however if what the newspaper wrote is true. I am very sceptic in trusting social networks, but equally sceptic in bashing them. Often the true lies somewhere in the middle. Anyways, according to the articles: - Facebook would log your IP or smartphone location, type of browser, settings of your computer, ... (I am not sure if the windows password, which in Windows 8 is also the password of an email account, is included in settings of computer) in order to collect demographic data about their users and for example send popups with ads to your Phone : imagine you walk the Champs Elysées in Paris, FB knows where you are and could send popups with ads for a local shop a few blocks down the street. - Facebook would save the contacts you have in apps such as Whatsapp, Spotify, or Instagram. I don't know how these work, as I don't use them, but aren't those apps password protected? So does this mean Facebook can just look over your virtual shoulder and bypass passwords in order to get access to your contacts list? Then who guarantees me they can also not just bypass the passwords of webmail accounts, website accounts (signing in to the webhost), etc? - Facebook would be able to log the nr of your payment cards, look into the invoices to see what you bought and where ... Unless you buy something right through Facebook while being signed in, how can FB follow you after signing out of your account? And I thought financial transactions were Always highly secure? So does this mean Facebook can, even if not signed in to FB, just look over your shoulder and log any data? Including passwords of webmail accounts, webhost accounts, ... ?? I have just purchased a new computer and still getting used to the latest version of Windows... I'm not sure if it's safe to log in to Facebook now or if I better avoid signing in from my new computer? I doubt all the horror stories from the newspaper would be true, but then I cannot be sure. If it'd be true, we're talking about pure Huxleyan practises...

3 Mar 2015, 01:20 AM	#3
jl66 Essential Contributor Join Date: Oct 2013 Posts: 413	Nothing new, we all knew about it.

4 Mar 2015, 08:02 AM	#4
Tsunami The "e" in e-mail Join Date: Jun 2004 Location: in between the bright lights and the far unlit unknown Posts: 2,341	I never heard about the logging contacts from apps such as Spotify or Instagram. I never heard about logging bank card details. I may be wrong, as I don't use Instagram or Spotify, but I guess that their user accounts are password protected ; so how can Facebook just bypass those passwords to access data in those apps? Then who tells they cannot bypass any password (eg domain registration accounts with Namecheap, GoDaddy ... or hosting accounts) ? I heard about the IP and browser type logging before, so wasn't too surprised with that. And while I wouldn't be too happy with constant advertisements popping up, it's not exactly something I'd worry about neither. YouTube uses ads too, Gmail does, ... Not pleasant but nothing to worry about neither. It's mainly the bypassing of passwords that I hadn't heard before and that I find a worrying thing (IF the article from the newspaper is correct, that is...)

7 Mar 2015, 08:26 PM	#6
Tsunami The "e" in e-mail Join Date: Jun 2004 Location: in between the bright lights and the far unlit unknown Posts: 2,341	But you are saying they cannot log the passwords or bypass them if they don't have an agreement or ownership of a service? So in respect to Wordpress.com, Weebly.com, Wix.com, Name.com, GoDaddy.com, Namecheap.com, ... they could not log your details?

8 Mar 2015, 10:17 PM	#7
radtux Senior Member Join Date: Nov 2010 Posts: 145	I am not surprised. Its a giant advertising network thats becoming better and better by user tracking.

9 Mar 2015, 11:21 PM	#9
Tsunami The "e" in e-mail Join Date: Jun 2004 Location: in between the bright lights and the far unlit unknown Posts: 2,341	But i would never sign in to any other service using my Facebook login... I guess this would make it highly unlikely that FB can just access your accounts with wordpress.com, blogspot.com, name.com, godaddy.com, weebly.com etc as long as you sign in without signing in to those accounts using your Facebook ID?

11 Mar 2015, 01:05 AM	#12
David Ultimate Contributor Join Date: Dec 2001 Location: Canada. Posts: 10,355	When a company is intent on compromising your privacy (and you are aware of that) I am wondering why you would want to use that company at all.....

11 Mar 2015, 03:39 AM	#13
jl66 Essential Contributor Join Date: Oct 2013 Posts: 413	Never sign in with a FB account!, it's always better to use a throw away account or an alias of your main email account.