Moglen: Facebook Is a Man-In-The-Middle Attack 376
jfruh writes "In an email exchange with privacy blogger Dan Tynan, Columbia law professor Eben Moglen referred to Facebook as a 'man in the middle attack' — that is, a service that intercepts communication between two parties and uses it for its own nefarious purposes. He said, 'The point is that by sharing with our actual friends through a web intermediary who can store and mine everything, we harm people by destroying their privacy for them. It's not the sharing that's bad, it's the technological design of giving it all to someone in the middle. That is at once outstandingly stupid and overwhelmingly dangerous.' Tynan is a critic of Facebook, but he thinks Moglen is overstating the case."
Re:they just figured this out? this is a revelatio (Score:5, Interesting)
Free food, water and a place to live?!? What could possibly go wrong?
Moglen put it into the best elevator pitch (Score:5, Interesting)
Moglen is absolutely correct and I am very impressed by this great analogy: Facebook (and some other "social" media) is a man-in-the-middle attack; it's just not a technical hack but a social hack. Best 20 second explanation ever.
Google might very well join them soon - if they use profiling on gmail conversations.
Re:So is every ISP (Score:5, Interesting)
http://en.wikipedia.org/wiki/Phorm#BT_trials [wikipedia.org]
So people generally don't accept it when it is your ISP. They shouldn't (but ATM seem to) accept it with fb. How long that will last only time will tell - MZ will be happy once he has his billions - most things he has been saying of late in a "tech visionary" context are just complete nonsense, so I suspect he isn't in it for the long term.
Re:So is every ISP (Score:5, Interesting)
... we all depend on companies every day and trust them with our personal info. There really isn't an alternative.
I wonder why?
When I arrived to the US and received my SSN, I tried to take the message that was next to it seriously : "Keep this number safe and secret" / not word by word citation/.
Then I went to get bank account, set up account for gas / electricity, driver's licence, cell phone contract, everywhere I was asked for my SSN. Seriously, why can PEPCO, GEICO, WASHGAS, AT&T oblige me to reveal this information?
My guess is that people in the US have been slowly but surely trained to surrender sensitive personal information to third parties.
Re:Email? (Score:4, Interesting)
Then in his opinion, wouldn't email be the same? It's stored on some 3rd party mail server somewhere... and for that matter, wouldn't all form of electronic communication that gets copied/stored somewhere not under your personal control also be classified as a "man in the middle attack"?
Gmail certainly is, its whole point is targeted advertising. Wonder how many of the Facebook tinfoil hat crowd has got a gmail address.
Re:So is every ISP (Score:5, Interesting)
I wonder if you could make a firefox plugin that encrypts all posts to facebook, also detects other peoples encrypted posts and if you have their pub key decrypts them to view. Could also have something similar that encrypts images to a valid jpg/gif/png what ever but only decrypts again if you have the key.
Re:Not the same thing (Score:5, Interesting)
Re:So is every ISP (Score:2, Interesting)
They log this info under CALEA regulation in the US, probably keeping it forever. There is no warrant required for the sharing of the info with the govt. because they are considered the 'owners' of this info, not the end user.
Re:So is every ISP (Score:5, Interesting)
If you send encrypted information through your ISP, they can't read it.
If you send encrypted information THROUGH Facebook, they'll remove it calling it "spam". I tried this and, supposedly, they censor all encrypted messages, only allowing clear text, unencrypted messages on Facebook. It's like they say "Don't distribute encrypted information through our service. Since we can't read it, there's no profit in it for us."
Eben Moglen is absolutely correct that Facebook is a man-in-the-middle service attempting to fool dumb people into disclosing their personal information and secrets.
Re:Open door (Score:2, Interesting)
Those aren't problems with social networks; those are problems with governments. I doubt the British tourists cared if the world saw their tweets: in fact, they explicitly tweeted them publicly, so it doesn't matter that twitter was "in the middle". The problem was that the TSA reacted to them badly. Similarly, people being arrested over innocent public posts on social networks aren't (typically) being betrayed by the networks themselves; they're deliberately posting publicly.
Re:Not the same thing (Score:5, Interesting)
I've been "online" since '93, and have hosted my own sites and DNS, etc; Whats funny is when people who didn't even use email until the early 2000's found out I'm not on FB they act like I'm some kind of luddite. Thats how many people view the whole web 2.0 experience. They can't be bothered with email and websites when the warm and cozy FB gives them everything they want. It's the Walmart of the net. Zuckerberg's fantasy of an "all seeing eye" http://en.wikipedia.org/wiki/Sauron [wikipedia.org] is coming to fruition.
"I've been "weaving" since 1793, and have designed my own patterns and tailor-store advertisements, etc; What's funny is when people who didn't even use a needle until the early 1800's found out I'm not using a loom, they act like I'm some kind of Luddite." That's how many people view your post.
Now, me, I totally get where you're coming from, but it *is* a Luddite-ish stance. Kids these days lump email in with non-anon ftp, telnet, and gopher. You'd be better off telling people to use social media responsibly than to tell them to eschew it.
Re:So is every ISP (Score:4, Interesting)
yes, but facebook rate limits messages also! with a coding scheme as sparse as that, you'd be lucky to send a kilobyte per hour.
Your loss of privacy on facebook is like (Score:3, Interesting)
your loss of money on lottery tickets. It is a voluntary tax in ignorance. Facebook (and the lottery people) know that there are huge numbers of ignorant people out there who are willing to part with something valuable for something of very little (or no) value simply because they don't understand what they are parting with and what they are gaining/losing.
Oh yeah, and Windows is malware.