Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Facebook, pr0n and privacy

Published: 2007-11-30
Last Updated: 2007-11-30 23:04:13 UTC
by John Bambenek (Version: 1)
1 comment(s)

No small amount of controversy has been raised about Facebook apparently tracking and making public the purchases users are making through online while logged into the Facebook site (even if they aren't doing it explicitly through facebook).  Without going into much repetition of what has been said elsewhere about the controversy (or repeating what I've said in another article I've written on the subject) or the specifics of tracking users in general, the interesting part of the controversy is that it was entirely preventable.  When users add applications in Facebook, it asks them if they want messages put in their profile and so forth and allows users to block feeds from being entered by other third-party sites, and there are additional privacy settings that would hide the feed regardless.  Instead of being responsible, users mindlessly clicked forth not bothering to think of the implications of what they were doing, put information out there that some didn't want out there, and now complain that someone didn't protect them from doing silly things.  What you say and do online can and will be used against you (ok, maybe I'm just a tad cynical there), and when push comes to shove, the only person that can protect their personal data is the person themselves.  And it's not just Facebook you have to worry about.

There are malicious porn sites out there being tracked by McAfee that use pop-ups to extort money from perusers of free porn and many also sell the personal information of their clientele.  I recall an incident investigation I did some years ago that pointed back to a porn site in Mexico that happily charged people for their wares, and then turned around and sold the credit card information legitimately given to them.  And it's not just unsavory websites that happily take user information quietly and use it for commercial purposes, big companies do it too (i.e. Google).

 The moral of the story is consumers need to be wary of how, when and to whom they give their personal information online.  For the more privacy conscious, check out Firefox extensions TrackMeNot and AdBlock Plus to trim down on the information you put online.

UPDATE 2011 UTC: Facebook has made some modifications to the tracking service (Beacon) so that users have even more of an opportunity to restrict that information.

UPDATE 2302 UTC: ISC Reader Ken pointed us to a nice writeup in using the Blocksite Firefox plugin to block the Facebook Beacon messages from working.

John Bambenek / bambenek (at) gmail [dot] com
University of Illinois

1 comment(s)
Diary Archives