Moglen: Facebook Is a Man-In-The-Middle Attack

jfruh writes "In an email exchange with privacy blogger Dan Tynan, Columbia law professor Eben Moglen referred to Facebook as a 'man in the middle attack' — that is, a service that intercepts communication between two parties and uses it for its own nefarious purposes. He said, 'The point is that by sharing with our actual friends through a web intermediary who can store and mine everything, we harm people by destroying their privacy for them. It's not the sharing that's bad, it's the technological design of giving it all to someone in the middle. That is at once outstandingly stupid and overwhelmingly dangerous.' Tynan is a critic of Facebook, but he thinks Moglen is overstating the case."

Re:So is every ISP

[Trepidity]

I do think it's a widespread ethical view that these utility-like services shouldn't use the information for their own gain. In the phone era, that was formalized with fairly detailed rules; AT&T couldn't just randomly listen in on your phone calls and use it to sell advertising profiles to mail-order catalogues. In the internet era technology is moving faster than people/law can keep up with.

Re:So is every ISP

[gringer]

Your ISP does not see the information you transmit if it's encrypted, or email, chat, etc.

If you're taking a paranoid view, a slight clarification is needed here. Your ISP does not see the unencrypted information you transmit if it's encrypted, or email, chat, etc., as long as they do not have the means to decrypt that data.

Re:Utterly stupid

[AtomicJake]

If you use FB, you know that your friends and family will post personal information about you as well.

Worse: If you do not use FB, you know that your friends and family will post personal information about you as well.

Re:So is every ISP

[FatdogHaiku]

fB is also worming their way into other sites via scripting. I play some games at an EA owned site and suddenly you can not select a game room, or even see a game room list, unless you allow scripting by facebook.net. In the interests of allowing fB members more interaction EA has in fact forced everyone using the game to send data to faceBook. Anyone not blocking scripts is totally unaware of the issue, but most of them probably think fB is a good thing anyway.

Re:Not the same thing

[Anonymous Coward]

Facebook realizes that MySpace failed by preventing people from leaving.
That's why Facebook is aggressively making deals with Internet sites to -require- Facebook to access that site.

That's right, if your Facebook account is suspended BY Facebook or if you quit Facebook, you are effectively banned from using other websites that have this arrangement with Facebook. Even if you PAID for that other website service, too bad.

Spotify comes to mind here, but Facebook is pushing lots of other sites to make Facebook login "exclusive" there also.

Re:Not the same thing

[DogDude]

Being dependent on an external company really is a risk.

No. being dependent on a company that one doesn't pay is a risk. Like you said yourself, hosting your own domain is no problem because if you don't like the service, you can complain or switch. The problem with Facebook is that the users are NOT the customers, they pay nothing, and as a result, have no support and no say in the quality of the service. Relying on a service that is "free" is truly risky (and horribly naive, as well).

Re:Open door

[plover]

Sorry, but I attended an FBI presentation last week, and the SA told us point-blank that Facebook was the greatest investigative aid ever. It used to take a warrant and months of hard work to figure out who someone was, what they did, who they hung out with, what kinds of things they talk about over drinks, and who supplies the dope to the party. Now it's a browser away and they don't even need a warrant.

Harvesting a million individual sites is more expensive and time consuming, and can be tracked and tampered with by the site owner. You could set up your own blog on your own server that spits out a red, white, and blue "Happy 4th of July, fellow patriots!" when viewed by an uninvited visitor, while spewing forth whatever brand of hatred you like when visited by your fellow clansmen. Breaking into this circle requires expensive undercover work. But Facebook will cooperatively deliver a full and faithful copy of whatever you dropped on their system.

By the FBI's own words, Moglen is exactly correct.

Re:Yes they can see it

[Anonymous Coward]

Correction, they haven't been caught recording or reselling that information. It'd take a helluva lot of convincing for me to believe that they do not in any way record that information. The reselling, if not already happening, will likely happen in the not too far future once technology has developed enough for that information to be more processable and useable.

Re:So is every ISP

[horza]

Unless you live in the UK, in which case if you use BT as your Internet provider they intercept all your communications. They then break down your data by protocol, using "deep packet inspection", and profile each subscriber for advertising purposes. All totally illegal yet done to tens of thousands of subscribers without their knowledge, not that BT cared. You can read more here [telegraph.co.uk].

Phillip.

Re:So is every ISP

[techsoldaten]

You don't get to 500 million users without understanding the contents of every message. Text data mining is actually one of the simplest things to implement and can provide a wealth of attitudinal data about products and services.

My Facebook rep has gone into some of their programs for targeted display of ads. I haven't asked her too much about how it would work, but the message she keeps driving home with me is that they can target ads based on how much someone likes something. She says this is based on more than what someone clicks on.

Re:So is every ISP

[retchdog]

it depends what you mean by text data mining. yeah, you can grab keywords, and there are some simple clues about proximity of certain simple adjectives, and you can sort of associate certain vocabularies with income and spending habits, but the R^2 is pretty low. text mining is far, far away from "understanding the contents of every message." even google does a shoddy job; many of its text mining-based ads are silly and even insulting.

most of the marketing-juice comes from (surprise, surprise) the social network. facebook has trained people (maybe not you, but probably many of your "friends") to advertise themselves! if you're 1 hop away from 6 people who all explicitly "Like"d some expensive imported chocolate or coffee, that will probably tell me a whole lot more (marketing-wise) about you than any 100 of your messages, even if i had a human being reading every one of them, which text mining is nowhere near.