Stories
Slash Boxes
Comments
typodupeerror delete not in
  • Preferences

Comments: 148 +-   Cryptographic Tools To Keep You Hidden On Facebook on Wednesday September 09, @03:00PM

Posted by timothy on Wednesday September 09, @03:00PM
from the unless-they-don't dept.
storage
encryption
privacy
hardware
news
Al writes "Many people reveal way too much personal information on social networking sites — something that can easily lead to identity theft or unwanted attention from employers etc. Technology Review has a story about several cryptographic tools that can be used to hide your activity on Facebook, from both untrusted users and from Facebook itself. Urs Hengartner, an assistant professor of computer science at the University of Waterloo, developed a Firefox plugin that obfuscates anything marked with '@@' on Facebook and only reveals the correct information to trusted users who have the right keys. The sensitive data itself is even stored on an outside server so that even Facebook cannot access it. The piece mentions two other projects, NOYB and flybynight, that also aim to make personal information more secure on Facebook."
story
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Cryptographic Tools To Keep You Hidden On Facebook 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Excellent Example! (Score:5, Insightful)

    by swanzilla (1458281) on Wednesday September 09, @03:06PM (#29370765) Homepage
    From the article:
    Dubbed FaceCloak, the tool assures its users that sensitive data stays private, Hengartner says. "If you have a particular illness, you might want to allow only your friends to see that," he says.
    or alternatively, you might keep that shit off Facebook

    • Re:Excellent Example! (Score:4, Funny)

      by MrNaz (730548) * on Wednesday September 09, @03:17PM (#29370959) Homepage

      This is Web 2.0. Common sense has no business here.

    • Re:Excellent Example! (Score:5, Insightful)

      by FooAtWFU (699187) on Wednesday September 09, @03:26PM (#29371133) Homepage
      Their solution to keeping private data off Facebook: Put it somewhere off of Facebook! ... wow, wish I thought of that. Now if only we could trust the off-of-Facebook people...
    • I don't use Facebook. People don't have to solve problems they don't create in the first place.

      • Re:Excellent Example! (Score:5, Insightful)

        by ArhcAngel (247594) on Wednesday September 09, @03:55PM (#29371549)

        I had no need for FACEBOOK either until a few months ago. A very dear friends lost her husband to a car accident. they had moved years ago but we tried to keep in touch. To disseminate information about the accident and subsequent hospital updates (he lived for about a week after the accident) etc. she decided it would be easier to post the info on FACEBOOK where all her friends could see it at once rather than fielding umpteen calls an hour. I created an account and was able to follow the status as well as provide long distance support via posts to her wall. What I also found was that there were lots more friends I had lost touch with long ago I was able to reconnect with. Several of which have renewed friendships and communicate via FACEBOOK daily even though there is little chance we will get to see each other any time in the near future.

    • Re:Excellent Example! (Score:5, Insightful)

      by DarkOx (621550) on Wednesday September 09, @03:37PM (#29371303)

      I really don't know why this concept is so hard for people. My mother told me once when I was very young something very simple. "If you don't want someone to read it don't write it down." was what she said.

      You know she was right. Its completely fool prof, nobody can find your not so well hidden diary, nobody can guess your cipher key that is weaker than you imagined, nobody can crack you later found to be flawed cipher, nobody can reproduce it in the clear accidentally or otherwise.

      If its truly private it does not belong on the Network at all Facebook or anyplace else encrypted or not.

  • I'm sorry, but maybe I'm missing the point... (Score:5, Insightful)

    by natehoy (1608657) on Wednesday September 09, @03:06PM (#29370779) Journal

    If I don't want something on Facebook, I don't put it on Facebook. There! Problem solved!

    Why do I need a tool to encrypt data so only selected people on Facebook can see it? Isn't that what PGP email is for? So I can send out information to specific people and (in theory) only those people can see it?

    And, additionally, if I don't trust Facebook with a bit of information, what in the hell makes you think that I'd trust a completely unknown third party who is building specific plugins so they can collect things I don't want on Facebook on THEIR SERVERS?

    Sounds to me like someone is saying "post all your blackmail-worthy thoughts here. I'll keep 'em safe! Trust me!" in their best used car salesman voice.

    • Re: (Score:3, Interesting)

      by elrous0 (869638) *
      I was struck by the same thing. Asking for crytographic tools on Facebook is kind of like asking "Does anyone make billboard covers?"

      • Re:I'm sorry, but maybe I'm missing the point... (Score:4, Funny)

        by natehoy (1608657) on Wednesday September 09, @03:47PM (#29371435) Journal

        Or "encrypting" a billboard using those 60's-looking inkblot things that can only be seen using special polarized/colored "decoder glasses".

        People know there's a message there, they know you're trying to hide it, so why bother all your "semi"-friends with tons of postings like:

        @@rA3wrAw#FraW3rar3awra3WFaW#fFRAw3WF3Aw#F#:aw#:Rfa

        Which, before decoding, can be read as

        @@NANNER NANNER NANNER YOU CAN'T READ THIS BECAUSE YOU'RE ONLY A DEMI-FRIEND NOT A REAL FRIEND. TRY TO DECODE THIS ASSHAT! OR FIND THE SERVER IT'S COMING FROM AND HACK THEM FOR SERIOUS BLACKMAIL FUN AND PROFIT! :)

      • "Does anyone make billboard covers?"

        YES! And, for a limited time only, for $19.95 plus S&H, we will ship you, not one, BUT TWO! billboard covers! Act now, pick up the phone and call 1-800-SUC-KERS! Credit card customers get this ADDED PREMIUM OFFER - - - yada yada yada.

        Actually, I think you can get anything you can imagine if you watch enough late-night television.

    • Re: (Score:3, Insightful)

      by warrior_s (881715)

      If I don't want something on Facebook, I don't put it on Facebook. There! Problem solved!

      No, you can not predict what information may put you in trouble in the future. Something that looks harmless at present may bite you in the ass in the future (e.g. during job search etc.). So, if you have encrypted your posts right from the beginning, then you don't have to worry about the future.

      • Re:I'm sorry, but maybe I'm missing the point... (Score:5, Insightful)

        by natehoy (1608657) on Wednesday September 09, @04:22PM (#29371925) Journal

        OK, fair enough. But that means I'd have had to think ahead enough to know what might possibly be incriminating down the road. Because if I encrypt EVERYHING, then I have to give EVERYONE I want to be able to read it a decryption key, which means those decryption keys are going to be about as secure as a "don't steal this" sticker on a bicycle.

        Facebook already has a "hide information" where you can select who sees what. If you don't trust Facebook, you're probably better off putting nothing at all there. Putting encrypted data there only means it's obvious you are hiding something.

        Plus, you're still posting the data unencrypted to a central server, just not one owned by Facebook. Do you trust THEM?

        Someone, other than you, is in control of that data. If you think it could be incriminating, perhaps you should think twice about posting it.

      • Re:I'm sorry, but maybe I'm missing the point... (Score:4, Interesting)

        by natehoy (1608657) on Wednesday September 09, @03:38PM (#29371317) Journal

        I have a hammer. It's a nice hammer. I use it to bash things. Nails, sheet metal, inanimate objects that make me angry, etc.
        I have a screwdriver, it's a nice screwdriver. I use it to loosen or tighten screws. It also makes a decent primitive prybar for light jobs.

        I have PGP email. It's nice PGP email. I use it to send secure encrypted communications to a list of recipients that I control.
        I have Facebook. It's a nice Facebook. I use it to say anything that I think my friends and the general public might want to know about my pathetic existence.
        I also have Pidgin. It's a nice Pidgin and has the Encryption module. I use it if I need to say something "off the record" quickly to a trusted pal.

        I would no more use my Facebook to send secure messages to my friends than I would use my hammer to loosen a screw, or my screwdriver to pound sheet metal into shape.

        My point: Right tool for the right job.

        Maybe I'm being pedantic or unimaginative, but I can't see a single reason why I'd want to post stuff to Facebook and have it only visible to certain people. Other people are just going to see I'm hiding something and either be honked off they are not included or try to hack it. And if I'm going be (IMHO) stupid enough to post it, there's no way in hell it's ending up as cleartext on ANY server run by ANYONE I don't personally know so I can personally go down and personally yell at them if the data ever got out.

      • Re: (Score:3, Interesting)

        by Darkness404 (1287218)
        Yeah, I'm sure all your friends want to see "Bob Smith to Joe User DFKSDJFKSDJFKDSJFDSuupoi23423po4i32423op4JLKEJFEFIJEIJFEIOFJEJFEI" all through their newsfeed....

      • You have friends who only communicate by Facebook, but you don't use Facebook because you can't trust it.

        With respect, the solution is not to take that same information and throw it on yet another server run by yet another unknown third party.

        "Give your information, or give it not, there is no 'trust'."

  • Or... (Score:2, Insightful)

    by TTURabble (1164837)
    Maybe you shouldn't post every detail of your life on a website.

    FTA:

    the tool assures its users that sensitive data stays private, Hengartner says. "If you have a particular illness, you might want to allow only your friends to see that

    What ever happened to calling people?

    • Exactly, or texting, or IMing, etc. The point of Facebook is for you to share to -the world- your thoughts. If you want to share your thoughts with one or two other people, there are better ways.
    • I originate from the northern part of Amsterdam, where it is common behaviour to shout these things over the mobile phone or loudly discuss it with your friends, especially while in public transport. Seriously, some time ago the whole bus was informed about whether or not one of the girls should have an abortion or not. Privacy, who gives a shit anymore.
  • So I should feel safe using this tool because it allows 'sensitive data' to be stored on some third party website and not on the 'evil facebook servers'? I would rather facebook had it, as at least I know who they are and that I know its insecure.

    I think I'll just stick with having my facebook profile as only a mask of myself, and not my entire life. Thanx

  • All this hiding (Score:3)

    by Joe Snipe (224958) on Wednesday September 09, @03:12PM (#29370881) Homepage Journal

    can't I just not use facebook?

  • Oh ya? Facebook can fix this (Score:5, Insightful)

    by ironicsky (569792) on Wednesday September 09, @03:15PM (#29370939) Journal
    How long until Facebook simply removes any item with a @@ in it? Or builds in a regex to strip any non-alpha numeric characters from info boxes or posts? Or strips any erroneous or "spam" looking stuff from their site?

    I agree with everyone else. If you don't want Facebook knowing all your dirty little secrets don't post your dirty laundry online. Once its online it will NEVER go away... Google Cache, The Wayback Machine [archive.org] and other caching services will leave a digital trail of your stink for ever. Long after that nasty rash goes away.
  • Social networking sites are all about the drama. Imagine the drama levels when some friends get access to some information and others don't. If the makers of this really want to combine technologies effectively they should somehow connect it to livejournal. Maybe some sort of updating feed about how many people on livejournal are complaining that you put something encrypted up on your facebook page that they can't see? More seriously, it isn't clear to me from this technology that it is completely reliable

    • "Social networking sites are all about the drama."

      Yes, imagine the pure torture someone would go through...

      Post Header: "That Skanky Ho, Wendy, is at it again!"

      Only Wendy finds out that SHE can't read the rest of the post...In fact, nobody but the poster can.

      Teen Girls(between the ages of 10 and 12) around the world now have a new weapon with which to inflict great emotional distress on their anti-peers. I expect the carnage to be widespread and most gruesome (left, left, right, left, left...)

  • Fake datas. (Score:4, Interesting)

    by antdude (79039) on Wednesday September 09, @03:21PM (#29371055) Homepage Journal

    Hmm, I used fake datas like names on FaceBook. Then, a few weeks later, my account got disabled. I e-mailed to ask what's up and the customer support told me that I was using a fake name/datas. They wanted proof like a driver license to get back on. Frak that. MySpace, Friendster, etc. had no problems!

    • Re: (Score:2)

      by hey (83763)

      You have to be more subtle with your fake info.
      I used all fake info and they didn't complain.
      Instead of saying you name is "Fuck Facebook" try "Joe Smith", etc.

      • Re: (Score:2)

        by antdude (79039)

        I did! It wasn't John Doe, John Smith, etc. Lame. Whatever, don't need it and tired of moving to new social networks!

        • Re: (Score:2, Funny)

          by Anonymous Coward

          Rusty Shackleford.

        • It's subtle, but it's not very funny. I usually try to use something like Mike Litoris, if "real" name is required.

  • Another useless application that will never fly (Score:3, Insightful)

    by Monkeedude1212 (1560403) on Wednesday September 09, @03:22PM (#29371061) Journal

    There are 3 Major flaws in this:

    Those concerned with what strangers see on Facebook don't put information they don't want strangers to see on Facebook.

    Those who use Facebook in such a manner aren't the type who have the time to install tools, run them, send the key to their friends, and then append @@ to everything they want hidden.

    Facebook already provides the means to keep your stuff secret to just your friends, and its easier to close off your profile to the public then it is to Encrypt random Data.

    • Yeah... secret to just your friends or anyone who will pay for it. A lot of big companies these days weed out employees by getting a profile of them from facebook.

  • The sensitive data itself is even stored on an outside server so that even Facebook cannot access it.

    So, Facebook doesn't have access to it but someone else does. Oh yes this is SOOOOO much better.

    • Re: (Score:2)

      by edraven (45764)

      Obviously, all you have to do is put data in the outside server that's encrypted in some other way. Then Facebook just has a link to data that's really just a link to somewhere else. See? Problem solved.

  • Many people are saying... if you don't want it seen then don't post it. I don't mind my friends seeing my status (or whatever) but I don't want the Facebook Company or their partners (ie Microsoft) seeing my profile. Sounds like this plugin might solve that problem.

  • I'm sure this is a nice thing for some selected folks (mostly geeks) who know:

    1, What security is.
    2, How to use it.

    For the rest (99.9+%) of the facebook / twitter crowd this will mean nothing, because they can't even understand the first concept, let alone the second..

  • I would be happy if someone would write something to filter the @ and # characters twitter users have some fascination with that have no relevance on non-twitter interfaces. While they are at it, may I go ahead and recommend something to filter, Mafia Wars and Farmville why they are at it. Facebook already has a pretty low signal-to-noise ratio thats only getting worse without people encrypting what little text is still there. </rant> That being said, it sounds very interesting as a practical use of c
  • isolatr.com [isolatr.com] absolutely never shares your personal information with anyone. I've used it for years, never had any annoying online friends, and never even had to enter any of personal information on the site. One time I stumbled on it, saw that it was perfect, and was done.

    • Re: (Score:3, Informative)

      by Red Flayer (890720)
      Create an account and log in.

      Items that make the front page from the firehose are tagged 'story' so that when viewing from the firehose, you can see that the item has posted to the front page.

      It's a functionality kludge (surely there's a better way to indicate item status) but then again, so is much of the slashcode.

    • Re:Secretly to save Facebook (Score:5, Interesting)

      by Spad (470073) <slashdotNO@SPAMspad.co.uk> on Wednesday September 09, @03:39PM (#29371337) Homepage

      Some Facebookers accept any friend requests they get, no matter who it is or if they know them.

      Amazingly so, in fact. A friend of mine had his shop broken into last week. He offered a reward for anyone who could ID the guy caught on CCTV, found out the guy's Facebook ID through it and successfully got himself added as the burglar's friend. He's now passed the name, photographs and location on to the police.

    • I agree. This tool is completely redundant. The only people who would want to keep their data private on Facebook are the ones who didn't put their information on it in the first place.

      • Re: (Score:3, Insightful)

        by insertwackynamehere (891357)
        Everyone on Slashdot who has a hardon to prove how big their not-having-a-facebook-penis is and finally needs to get one for some normal reason has to use this tool though! Then when some girl inquires about it they can be all like "I like keeping my information private so I'm encrypting my Facebook isn't it cool? Here's my public key and some documentation on how to use the decryption software, along with some light reading on the encryption methods you might find interesting by the way I'm sure you'll be
Search
A great many people think they are thinking when they are merely rearranging their prejudices. -- William James

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2010 Geeknet, Inc.