Forgot your password?
typodupeerror
Facebook Privacy Security Social Networks Your Rights Online

Moglen: Facebook Is a Man-In-The-Middle Attack 376

Posted by Soulskill
from the can-we-blame-alice-and-bob-for-this dept.
jfruh writes "In an email exchange with privacy blogger Dan Tynan, Columbia law professor Eben Moglen referred to Facebook as a 'man in the middle attack' — that is, a service that intercepts communication between two parties and uses it for its own nefarious purposes. He said, 'The point is that by sharing with our actual friends through a web intermediary who can store and mine everything, we harm people by destroying their privacy for them. It's not the sharing that's bad, it's the technological design of giving it all to someone in the middle. That is at once outstandingly stupid and overwhelmingly dangerous.' Tynan is a critic of Facebook, but he thinks Moglen is overstating the case."
This discussion has been archived. No new comments can be posted.

Moglen: Facebook Is a Man-In-The-Middle Attack

Comments Filter:
  • by iggymanz (596061) on Monday February 06, 2012 @02:46PM (#38944505)

    as with most social sites, search engines, free email services, you are not customer, you and your relationships are product

  • Open door (Score:5, Insightful)

    by santax (1541065) on Monday February 06, 2012 @02:47PM (#38944515)
    It amazes me that people think Moglen is overstating the case. He is not. Let's forget the datamining for commerce. Let's just think about what a simple post on a social network can do with ones life. People have been murdered over a post on social networks by goverments. People have been held in custody (hi USA) over posting a qoute from family guy... Moglen is right. Everything you post on facebook, twitter, hell any service that has an office in the USA will get into the FBI, CIA an SS databanks and you will get in trouble if you post something those warmongers don't like. Moglen is right. Using centralized, datamined networks is stupid and even more dangerous. It takes a lot of effort not to see that.
    • by HBI (604924)

      They like the service and it's too much work to set one up for yourself. That's basically how all web businesses continue to exist. So people use meaningless arguments like "you are overstating the case". That concedes the point while trying to minimize its impact.

    • It amazes me that people think Moglen is overstating the case. He is not. Let's forget the datamining for commerce. Let's just think about what a simple post on a social network can do with ones life. People have been murdered over a post on social networks by goverments. People have been held in custody (hi USA) over posting a qoute from family guy... Moglen is right. Everything you post on facebook, twitter, hell any service that has an office in the USA will get into the FBI, CIA an SS databanks and you will get in trouble if you post something those warmongers don't like. Moglen is right. Using centralized, datamined networks is stupid and even more dangerous. It takes a lot of effort not to see that.

      Actually, it is very easy to overlook this or ignore it (since it is so convenient). And unfortunately, it takes a lot of effort to open people's eyes so that they can see it.

    • As long as people are really aware of the issue, I'm not bothered. I consider everything posted on facebook to be completely public - the equivalent of making a statement to the news media. I then only provide information that I do not mind being associated with my identity by any organization. I apply the same thinking to posting on slashdot.

  • A bit too dramatic (Score:4, Insightful)

    by martas (1439879) on Monday February 06, 2012 @02:48PM (#38944527)
    Besides the term doesn't apply -- in a man in the middle attack, the man in the middle needs to be invisible. Though I suppose you could argue that the vast majority of people using FB don't understand how the Internet works enough to know that they are really sharing information through a third party that holds on to everything, instead thinking of their communication as analogous to sending a paper letter...
    • Besides the term doesn't apply -- in a man in the middle attack, the man in the middle needs to be invisible.

      To the contrary: the term applies absolutely. You just need to apply it on the social level instead on the technical level. Who is aware about FB (and its use of the information), while using FB? While it is visible, it is not perceived by the users as being the man-in-the-middle.

    • by berashith (222128)

      I saw an update to facebook today that showed a pair of articles that a friend and I both read. I think the only reason it was in my feed was that my friend was also included. I was not logged in to facebook at the time, and followed a link from an independent site. Why did this information get broadcast to everyone I know ? I now have to go find the app that provided facebook the ability to do that, and eliminate it from my profile. There was no indication at the time I was reading that this was going to h

      • by martas (1439879)
        It's probably the cookies left by the Like button that's all over the Internet now, that works even if you're not logged on (even if you don't have an account). That's why I blocked all facebook cookies on my browser along time ago.
      • by Pope (17780)

        Those are from the Facebook Social Plug-ins that sites can choose to run. If you're logged out of FB and go to the site, it won't show you anyone on your Friends list. It's not an App on FB at all. http://developers.facebook.com/docs/plugins/ [facebook.com]

    • by mspohr (589790)

      I think that Facebook is invisible some of the time. I know that it tracks you when you leave Facebook and visit other sites and a lot of web sites use a Facebook commenting system which is not labeled Facebook but the information ends up with Facebook.

  • If it looks like an apple, and it tastes like and apple, and if it turns into an apple tree after you bury it, it is an apple.

    Language isn't that hard.

  • by Osgeld (1900440) on Monday February 06, 2012 @02:50PM (#38944565)

    where is your like button?

  • by AtomicJake (795218) on Monday February 06, 2012 @02:55PM (#38944637)

    Moglen is absolutely correct and I am very impressed by this great analogy: Facebook (and some other "social" media) is a man-in-the-middle attack; it's just not a technical hack but a social hack. Best 20 second explanation ever.
    Google might very well join them soon - if they use profiling on gmail conversations.

  • .... for a social networking platform that does not track/store/analyze/use my personal data or relationship information.

    Any takers?

    Something tells me that the 'free' fee for facebook has everything to do with its popularity. Some of us would pay, but many people have culturally come to understand that so long as something is 'free', anything can be given up for it.

  • by Goaway (82658)

    This is the guy who also said that clang was built "entirely to undermine freedom".

    Why does anybody listen to this nutter?

  • How shortsightedly-inane-for-the-sake-of-a-headline can you get? At least making a facebook account and having your data shared is an option.

    According to the author's logic, the United States Postal Service, for the service of getting our mail delivered, has EVERY SINGLE ONE OF OUR PHYSICAL ADDRESSES, regardless of whether we opted in to begin with! Holy shit.

    • How shortsightedly-inane-for-the-sake-of-a-headline can you get? At least making a facebook account and having your data shared is an option.

      According to the author's logic, the United States Postal Service, for the service of getting our mail delivered, has EVERY SINGLE ONE OF OUR PHYSICAL ADDRESSES, regardless of whether we opted in to begin with! Holy shit.

      Bad analogy. The USPS does not have the contents of the letters that they have delivered to you. FB has.

  • http://i.imgur.com/jk4xT.jpg [imgur.com]

    i would not trust most of the internet, especially facebook, myspace, twitter, and google & yahoo
  • By that logic, my ISP, my cellphone and land line phone companies, the Social Security Administration, my health insurance company, my doctors, my tax accountant, my employer and even the executor of my will are Man in the Middle attackers too.

    Man, I feel safer already!

    BTW, there are two misnomers in the world today. Security and privacy.

    Privacy doesn't exist. If someone wants to know all about you, they can. The reason for that is because of security.

    That doesn't exist either. Security is nothing more than

  • People somehow think Facebook is just fun, it is not just fun to FB it's a business. I do enjoy keeping up with folks but it is extreamly dangerous if you don't pay close attention to what you post. My last nephew's birth was announced on FB, poor kid. I know his full name, date of birth, place of birth, mother's name, father's name, mother's maiden name all from things posted on Facebook by his mother. This data will NEVER go away, unless Facebook decides to erase it or happens to loose it. Something t
  • The equation the guy proposes, looks sound. Moreover, observational data supports the equation. There is nothing overstated in that.

    Facebook is de facto the evil intermediary in between people, just like how record companies are the evil, unneeded intermediary in between artist and the fan.

  • .....the below?

    http://www.computerworld.com/s/article/9164978/Narus_develops_a_scary_sleuth_for_social_media [computerworld.com]

    Narus is developing a new technology that sleuths through billions of pieces of data on social networks and Internet services and connects the dots.

    The new program, code-named Hone, is designed to give intelligence and law enforcement agencies a leg up on criminals who are now operating anonymously on the Internet.

    In many ways, the cyber world is ideal for subversive and terrorist activiti

  • by marcosdumay (620877) <marcosdumay@@@gmail...com> on Monday February 06, 2012 @04:21PM (#38945777) Homepage Journal

    The name is "trusted middlemen", and anybody claiming it is an attack is doing yellow journalism.

    It is true that the more people you have to trust, the worse off you are. It is also true that trusting a corporation can be quite worse than trusting an individual (but then, it can be quite better in other points of views). It is also true that trusting corporations that already showed that they don't deserve any trust is even worse. But equating it to a man-in-the-middle attack is a lie. Plain and simply, a lie.

  • by sootman (158191) on Monday February 06, 2012 @05:34PM (#38946557) Homepage Journal

    Every time an article related to real-life security (i.e., fighting terrorists) appears, Slashdotters come out of the woodwork to say that there have been an average of 300 US deaths in the past 10 years from terrorism, more people die from car wrecks and smoking, etc.

    Same thing here: out of all the evil that MIGHT come from sharing on FB, how many people actually lose jobs, have government agents show up at their door, etc?* For 99.9999% of people sharing on Facebook, there might be a few somewhat-bad things that happen (most likely someone finding out more than you would have liked) but probably not too much more common than what spreads through traditional gossip anyway. I imagine very few bad-with-a-capital-B things happen. Most people will die without having experienced first-hand (or even second-hand) any disasters from sharing on Facebook, belonging to supermarket loyalty clubs, etc.

    I'm not saying there's nothing wrong or potentially bad, but like most other things in life it just won't matter to most people.

    * And in cases where it DOES happen, I'm sure most belong in the category of "you shouldn't have been doing that (or at least not talking about it)"--crimes, affairs, etc.

    • by shoemilk (1008173)

      Thank you for pointing out that /. commenters tend to have a consistant view on issues. The "anti-terrorism" *cough* fake security *cough* is really a huge erosioun of privacy and gets condemned. Facebook is a living privacy erosion monster and gets condemned. We here at /. luvs our privacy, now get the fuck off my lawn and stop peeking in my windows.

  • by joh (27088) on Monday February 06, 2012 @05:58PM (#38946815)

    The point is that more and more companies offer products that replace open protocols with open servers and clients. Email is/was SMTP with millions of servers and client applications implementing that protocol. No room to make money apart from selling bandwidth. The web as we know it is HTTP with millions of servers and clients and while there is ample room to make money it's not actually a product.

    Facebook and Twitter aren't protocols. They are products, owned and controlled by companies that does all of this to make money and to achieve this they offer what people want, not what's sound and reasonable from a technological POV.

    If you have a closer look at this you will find that there are reasons for this shifting picture: All the good old protocols were designed from a very technical point of view, or from the point of view of technical users. Email is complicated to set up, there's a reason for many people (if they still use email at all anymore) using some webmail service. It also doesn't do very much except sending messages and small files around. It offers no way to actually find people. The web (based on the Hyper Text Transfer Protocol) just transfers files containing clever markup and doesn't care for anything else. All of this fine and dandy from a technical POV but just doesn't address very much of what "normal" people actually want to do.

    I really can't be angry about what Facebook does, because: We (as geeks) just totally failed to come up with protocols and tools for an infrastructure that would've been able to address the needs of casual users. Instead we insisted that webmail is silly and a full-featured MUA the way to go. In Usenet we were fighting HTML content and fake names even as Usenet (as a communication platform) went under. And there was never anything that even tried to implement a net-wide address book or useful calendaring. All these missing things left a gaping hole that companies like Facebook just exploded into like a gas into a vacuum.

    It's easy to hate Facebook and to praise geekdom, but we just miserably failed. We were (and still are) more fascinated by the tools instead of what people might want to do.

  • by saikou (211301) on Monday February 06, 2012 @06:04PM (#38946861) Homepage

    And the public doesn't seem to care much. Remember that little skirmish about Politico.com buying analysis from FB on public and private message mentions of republican candidates to "evaluate sentiment"? A few people complained for a bit about not being able to opt-out and then it all died out (despite questions on randomization of results etc).

    Add to that clickstream selling by ISPs, and attempt to gather and sell your information pretty much by everyone (heck, yellow pages delivery opt out form demands phone number and email [hyperom.com]) and people seem to be simply tired of fighting it.

  • by mark_reh (2015546) on Monday February 06, 2012 @06:55PM (#38947359) Journal

    your loss of money on lottery tickets. It is a voluntary tax in ignorance. Facebook (and the lottery people) know that there are huge numbers of ignorant people out there who are willing to part with something valuable for something of very little (or no) value simply because they don't understand what they are parting with and what they are gaining/losing.

    Oh yeah, and Windows is malware.

Some people carve careers, others chisel them.

Working...