Cryptographic Tools To Keep You Hidden On Facebook 148
Al writes "Many people reveal way too much personal information on social networking sites — something that can easily lead to identity theft or unwanted attention from employers etc. Technology Review has a story about several cryptographic tools that can be used to hide your activity on Facebook, from both untrusted users and from Facebook itself. Urs Hengartner, an assistant professor of computer science at the University of Waterloo, developed a Firefox plugin that obfuscates anything marked with '@@' on Facebook and only reveals the correct information to trusted users who have the right keys. The sensitive data itself is even stored on an outside server so that even Facebook cannot access it. The piece mentions two other projects, NOYB and flybynight, that also aim to make personal information more secure on Facebook."
Excellent Example! (Score:5, Insightful)
Dubbed FaceCloak, the tool assures its users that sensitive data stays private, Hengartner says. "If you have a particular illness, you might want to allow only your friends to see that," he says.
or alternatively, you might keep that shit off Facebook
Re:Excellent Example! (Score:4, Funny)
This is Web 2.0. Common sense has no business here.
Re:Excellent Example! (Score:5, Insightful)
Re:Excellent Example! (Score:5, Insightful)
Re:Excellent Example! (Score:5, Insightful)
I had no need for FACEBOOK either until a few months ago. A very dear friends lost her husband to a car accident. they had moved years ago but we tried to keep in touch. To disseminate information about the accident and subsequent hospital updates (he lived for about a week after the accident) etc. she decided it would be easier to post the info on FACEBOOK where all her friends could see it at once rather than fielding umpteen calls an hour. I created an account and was able to follow the status as well as provide long distance support via posts to her wall. What I also found was that there were lots more friends I had lost touch with long ago I was able to reconnect with. Several of which have renewed friendships and communicate via FACEBOOK daily even though there is little chance we will get to see each other any time in the near future.
Re:Excellent Example! (Score:5, Funny)
This is slashdot, which runs on pure elitism. You say there are real reasons to use facebook?
HERETIC! BURN HIM!
Re: (Score:2, Interesting)
Re:Excellent Example! (Score:4, Informative)
Re: (Score:3, Interesting)
Re: (Score:2)
Constitutes, even.
Re: (Score:2)
Re: (Score:2, Funny)
Facebook turned me into a Newt! ... I got better ...
Re: (Score:2)
Dude. Someone _died_ here. Where's your compassion?
Wait, I'm being insensitive to the one guy on /. that was -not- the butt of my joke? How so?
Re: (Score:2)
I found it quite humorous actually but appreciate the sentiment twitchingbug. Of course it would be funnier if it weren't so full of truth ;)
Re: (Score:2)
Why are you YELLING at us every time you say FACEBOOK? ;)
Re: (Score:2, Funny)
He is so excited about FACEBOOK that he can't control it.
Re: (Score:2, Funny)
Friends And Colleagues Enlisting to Become Overlord's Orgasm Kittens?
Re:Excellent Example! (Score:5, Insightful)
I really don't know why this concept is so hard for people. My mother told me once when I was very young something very simple. "If you don't want someone to read it don't write it down." was what she said.
You know she was right. Its completely fool prof, nobody can find your not so well hidden diary, nobody can guess your cipher key that is weaker than you imagined, nobody can crack you later found to be flawed cipher, nobody can reproduce it in the clear accidentally or otherwise.
If its truly private it does not belong on the Network at all Facebook or anyplace else encrypted or not.
Re: (Score:2)
The real problem is, most people are unable to tell what information is something that they shouldn't want someone to read. It could be something I posted once, and regret doing later. It could be that circumstances change over time to make previously unclassified information highly sensitive. Most of all, it could be information that is harmless to me, but highly sensitive to someone that I know. So your mother may be right, but I don't see how she is relevant here on the internets.
Re: (Score:2)
I really don't know why this concept is so hard for people. My mother told me once when I was very young something very simple. "If you don't want someone to read it don't write it down." was what she said.
You know she was right. Its completely fool prof, nobody can find your not so well hidden diary, nobody can guess your cipher key that is weaker than you imagined, nobody can crack you later found to be flawed cipher, nobody can reproduce it in the clear accidentally or otherwise.
If its truly private it does not belong on the Network at all Facebook or anyplace else encrypted or not.
And don't forget about the best kept secret. It is the one that you keep totally to yourself. You think you have trust in another. Sure for a while, but change in relationships do happen and then the cat is out of the bag. Much like having personal info entrusted to a bank/hospital/company. What happens when that institution goes out of business? Where is your data now? Laws governing handling of that data are great, but really worthless once the personal data is compromised.
And yes, I too warn all folks ab
Re: (Score:2)
Re: (Score:2)
I think it's funny how many of them use their pets/childs names or birth year as passwords to their on-line bank account. ...and then take a "quiz" where they fill in their pet's name and birth year to see what their porn star name is, or something.
Re: (Score:1, Insightful)
And also, people need to remember that the government has / will have access to that information very easily!!
Re: (Score:2, Insightful)
Dave says: Oh no! How did you get Herpes ?
Finish the example (Score:2)
Dave says: Oh no! How did you get Herpes ?
John says: @@jhdajksdhasjkdhask
Dave says: Oh
I'm sorry, but maybe I'm missing the point... (Score:5, Insightful)
If I don't want something on Facebook, I don't put it on Facebook. There! Problem solved!
Why do I need a tool to encrypt data so only selected people on Facebook can see it? Isn't that what PGP email is for? So I can send out information to specific people and (in theory) only those people can see it?
And, additionally, if I don't trust Facebook with a bit of information, what in the hell makes you think that I'd trust a completely unknown third party who is building specific plugins so they can collect things I don't want on Facebook on THEIR SERVERS?
Sounds to me like someone is saying "post all your blackmail-worthy thoughts here. I'll keep 'em safe! Trust me!" in their best used car salesman voice.
Re: (Score:3, Interesting)
Re:I'm sorry, but maybe I'm missing the point... (Score:4, Funny)
Or "encrypting" a billboard using those 60's-looking inkblot things that can only be seen using special polarized/colored "decoder glasses".
People know there's a message there, they know you're trying to hide it, so why bother all your "semi"-friends with tons of postings like:
@@rA3wrAw#FraW3rar3awra3WFaW#fFRAw3WF3Aw#F#:aw#:Rfa
Which, before decoding, can be read as
@@NANNER NANNER NANNER YOU CAN'T READ THIS BECAUSE YOU'RE ONLY A DEMI-FRIEND NOT A REAL FRIEND. TRY TO DECODE THIS ASSHAT! OR FIND THE SERVER IT'S COMING FROM AND HACK THEM FOR SERIOUS BLACKMAIL FUN AND PROFIT! :)
Re: (Score:2)
"Does anyone make billboard covers?"
YES! And, for a limited time only, for $19.95 plus S&H, we will ship you, not one, BUT TWO! billboard covers! Act now, pick up the phone and call 1-800-SUC-KERS! Credit card customers get this ADDED PREMIUM OFFER - - - yada yada yada.
Actually, I think you can get anything you can imagine if you watch enough late-night television.
Re: (Score:1, Interesting)
I actually liked most of the summary but the last bit. I think it would be quite cool to post encrypted messages on facebook. Prepend them with some kind of header. Write a Firefox Extension that recognizes this header, runs that through pgp and presents you the clear text.
Actually it would be even more cool if HTML had a tag to mark encrypted text. Either you have the correct key and see the text, or you don't and see some placeholder.
No third parties involved at all. I think that would be really awesome.
Re:I'm sorry, but maybe I'm missing the point... (Score:4, Interesting)
I have a hammer. It's a nice hammer. I use it to bash things. Nails, sheet metal, inanimate objects that make me angry, etc.
I have a screwdriver, it's a nice screwdriver. I use it to loosen or tighten screws. It also makes a decent primitive prybar for light jobs.
I have PGP email. It's nice PGP email. I use it to send secure encrypted communications to a list of recipients that I control.
I have Facebook. It's a nice Facebook. I use it to say anything that I think my friends and the general public might want to know about my pathetic existence.
I also have Pidgin. It's a nice Pidgin and has the Encryption module. I use it if I need to say something "off the record" quickly to a trusted pal.
I would no more use my Facebook to send secure messages to my friends than I would use my hammer to loosen a screw, or my screwdriver to pound sheet metal into shape.
My point: Right tool for the right job.
Maybe I'm being pedantic or unimaginative, but I can't see a single reason why I'd want to post stuff to Facebook and have it only visible to certain people. Other people are just going to see I'm hiding something and either be honked off they are not included or try to hack it. And if I'm going be (IMHO) stupid enough to post it, there's no way in hell it's ending up as cleartext on ANY server run by ANYONE I don't personally know so I can personally go down and personally yell at them if the data ever got out.
Re: (Score:2)
um..yeah - you just resent it.
Are you going to try to tell me it's easier to log in to facebook and add someone to the authorized list than it is to forward them an email from my Sent box?
Re: (Score:2)
To come back to your tools analogy:
You use a hammer for nails and a screwdriver for screws. Additionally you can use gloves to protect your hands. For some reason you are trying to argue that gloves shouldn't be used with hammers.
No, he's saying that the protection needs to be at the beginning of the process, by filtering what information is released in the wild.
No encryption is guaranteed to be unbreakable at a future date.
I give you my personal guarantee that no one will ever be able to decrypt information you haven't shared.
Re: (Score:2)
They also won't be able to decrypt information you shared but failed to encrypt.
I'm not sure why people are missing the point that there is an opportunity cost to not sharing information. Why use email or communicate with ANYONE if you are that worried about the information getting out?
Re: (Score:2)
> The difference is that a website is persistent and an email is transient.
What makes you think so? An aweful lot of people use e-mail via websites and even if not, how can you be sure that your 'transient' e-mail hasn't been stored somewhere in full over the last ten years?
Re: (Score:3, Interesting)
Re: (Score:3, Insightful)
If I don't want something on Facebook, I don't put it on Facebook. There! Problem solved!
No, you can not predict what information may put you in trouble in the future. Something that looks harmless at present may bite you in the ass in the future (e.g. during job search etc.). So, if you have encrypted your posts right from the beginning, then you don't have to worry about the future.
Re:I'm sorry, but maybe I'm missing the point... (Score:5, Insightful)
OK, fair enough. But that means I'd have had to think ahead enough to know what might possibly be incriminating down the road. Because if I encrypt EVERYHING, then I have to give EVERYONE I want to be able to read it a decryption key, which means those decryption keys are going to be about as secure as a "don't steal this" sticker on a bicycle.
Facebook already has a "hide information" where you can select who sees what. If you don't trust Facebook, you're probably better off putting nothing at all there. Putting encrypted data there only means it's obvious you are hiding something.
Plus, you're still posting the data unencrypted to a central server, just not one owned by Facebook. Do you trust THEM?
Someone, other than you, is in control of that data. If you think it could be incriminating, perhaps you should think twice about posting it.
Re:I'm sorry, but maybe I'm missing the point... (Score:5, Informative)
"A false sense of security is far more dangerous than a real sense of vulnerability."
Re: (Score:2)
"A false sense of security is far more dangerous than a real sense of vulnerability."
True, perhaps, for the person in question, but maybe not so true for everyone else.
People tend to be better behaved and more predictable when they feel secure, but when they feel threatened, they don't just go cower in a corner; they lash out. Some more dramatically than others.
From a societal perspective, it may be better that people have that false sense of security.
Re: (Score:2)
Re: (Score:2)
get. out. of. my. head. :)
Re: (Score:1)
I have friends who only communicate reliably by facebook. I tried communicating by email, but they don't check their email often enough for that to work. Monthly is a fair description.
I personally view this as a way that after I have set it up on both ends (because they won't be able to), I can communicate to people I currently can't without giving my information to Facebook. I don't have a facebook account right now because I don't trust facebook.
Re: (Score:2)
You have friends who only communicate by Facebook, but you don't use Facebook because you can't trust it.
With respect, the solution is not to take that same information and throw it on yet another server run by yet another unknown third party.
"Give your information, or give it not, there is no 'trust'."
Or... (Score:2, Insightful)
FTA:
the tool assures its users that sensitive data stays private, Hengartner says. "If you have a particular illness, you might want to allow only your friends to see that
What ever happened to calling people?
Re: (Score:1)
What ever happened to calling people?
But but but, then how can these evil service providers justify rate hikes to coincide with their CEO's pay raises? You think that CEO makes money off your phone call? Sure he might make a few fractions of a penny, but anything that gets you texting more increases that fraction to a whole. Anything that increases texting volume justifies further rate hikes!
It's almost as if the CEO's of these companies have discovered a business model based off a highly proliferated internet meme involving gnomes and under
Re: (Score:2)
Re: (Score:2)
Even facebook has semi-private tools like chat and messages. Just use either of those instead of a wall post/status update.
Re: (Score:2)
Re: (Score:2)
Did you tell her "YES"? Because that's clearly the right answer under the circumstances.
Re: (Score:2)
Re: (Score:2)
Maybe you shouldn't post every detail of your life on a website.
Many of us are fortunate enough to have friends who *are* actually interested in the details of our lives. I don't run a blog of my day-to-day life because I'm fully aware that the Internet community as a whole doesn't care. I do, however, run a fairly active commentary on my day-to-day life through my Facebook status, where the people on my friend-list who do care comment.
What ever happened to calling people?
Because I don't want to call all
what if ... (Score:1)
Re: (Score:3, Funny)
Crytographic Tools.. (Score:1, Interesting)
The best tool: Don't use facbook?
Not on Facebook, but on an obscure website? (Score:5, Insightful)
I think I'll just stick with having my facebook profile as only a mask of myself, and not my entire life. Thanx
Re: (Score:1)
If it's implemented as a Facebook extension, I imagine the server can easily be run on a server of your choice, so instead of $EVIL_CORPORATION you can run it on your own server, or at the very least the hosting provider you are paying to take care of your data.
And most of this is concept stuff anyway. Implementation for pictures would be really nice, though the program currently pulls random text off the internet to obfuscate the fact that it's not showing you the real text. That sort of scheme would be m
Re: (Score:2)
> by Anonymous Coward
> What are people so afraid about anyways with respect to privacy? There seems
> to be sooo much fear and baseless paranoia around the idea of privacy. What
> information are people trying to protect and why?
Now THAT is ironic! :-)
And, dear AC, just to be clear...I fully support your right and use of
anonymity for no other reason than...BECAUSE! By keeping up and defending your
rights, I defend my own!
Re: (Score:2)
> Don't expect **anything** you place on a facebook account to be secure - ever.
Don't expect **anything** you place on *the Internet* to be secure - ever (unless encrypted). There...fixed that for 'ya!
All this hiding (Score:3)
can't I just not use facebook?
Re: (Score:2)
missing a p (Score:1)
What's a crytographic??
Like this? (Score:1, Funny)
Name: £Ã[ÃÅ'ÃÂÅMýQÂÂÂâéâ(TM)Ãoe8h
Sex: â"ÃZÃÅ"Ãoeâ"f
Relationship: ÂVŽüâÃâÂYÂf
Status: â"?Ã`ÃâéÂÂYÃŽÃN©Ã"ÃÂ2ÂÃ...$ÃÂqX£â¦ÃOE¾¦1f
Interests: Ë'Ã]ÃÅ"Ã
Re: (Score:2, Funny)
Interestingly enough, this is considerably more legible than a typical facebook profile.
Re: (Score:2)
TMI. <shudder />
Oh ya? Facebook can fix this (Score:5, Insightful)
I agree with everyone else. If you don't want Facebook knowing all your dirty little secrets don't post your dirty laundry online. Once its online it will NEVER go away... Google Cache, The Wayback Machine [archive.org] and other caching services will leave a digital trail of your stink for ever. Long after that nasty rash goes away.
Cryptography is unneeded in this case ... (Score:1, Insightful)
If you don't want to be seen in public ... DON'T POST YOURSELF OR YOUR LIFE ON A WEBSITE DESIGNED TO SHOW YOURSELF OR YOUR LIFE TO THE PUBLIC!
You don't need cryptography, you need to close your web browser.
As Bruce Schneier says, you can't use cryptography to fix stupidity, sorry.
Idiots.
Re: (Score:2)
I agree. This tool is completely redundant. The only people who would want to keep their data private on Facebook are the ones who didn't put their information on it in the first place.
Re: (Score:3, Insightful)
But think of the drama opportunities! (Score:2)
Re: (Score:2)
"Social networking sites are all about the drama."
Yes, imagine the pure torture someone would go through...
Post Header: "That Skanky Ho, Wendy, is at it again!"
Only Wendy finds out that SHE can't read the rest of the post...In fact, nobody but the poster can.
Teen Girls(between the ages of 10 and 12) around the world now have a new weapon with which to inflict great emotional distress on their anti-peers. I expect the carnage to be widespread and most gruesome (left, left, right, left, left...)
Secretly to save Facebook (Score:1)
Some Facebookers accept any friend requests they get, no matter who it is or if they know them.
Some Facebookers ta
Re:Secretly to save Facebook (Score:5, Interesting)
Some Facebookers accept any friend requests they get, no matter who it is or if they know them.
Amazingly so, in fact. A friend of mine had his shop broken into last week. He offered a reward for anyone who could ID the guy caught on CCTV, found out the guy's Facebook ID through it and successfully got himself added as the burglar's friend. He's now passed the name, photographs and location on to the police.
Fake datas. (Score:4, Interesting)
Hmm, I used fake datas like names on FaceBook. Then, a few weeks later, my account got disabled. I e-mailed to ask what's up and the customer support told me that I was using a fake name/datas. They wanted proof like a driver license to get back on. Frak that. MySpace, Friendster, etc. had no problems!
Re: (Score:2)
You have to be more subtle with your fake info.
I used all fake info and they didn't complain.
Instead of saying you name is "Fuck Facebook" try "Joe Smith", etc.
Re: (Score:1)
Re: (Score:2, Funny)
Rusty Shackleford.
Re: (Score:2)
Bulk McLargeHuge.
Re: (Score:1, Troll)
Good point.
Or non-Caucasian names like, say, "Barack Obama".
Re: (Score:2)
It's subtle, but it's not very funny. I usually try to use something like Mike Litoris, if "real" name is required.
Re: (Score:2)
Ubeen Hadd was my fave.
And I still use socks@white.gov as an email.
I haven't checked lately to see if mail to that address bounces now, or generates an Out of Office message...
Re: (Score:2)
I did! It wasn't John Doe, John Smith, etc. Lame. Whatever, don't need it and tired of moving to new social networks!
Another useless application that will never fly (Score:3, Insightful)
There are 3 Major flaws in this:
Those concerned with what strangers see on Facebook don't put information they don't want strangers to see on Facebook.
Those who use Facebook in such a manner aren't the type who have the time to install tools, run them, send the key to their friends, and then append @@ to everything they want hidden.
Facebook already provides the means to keep your stuff secret to just your friends, and its easier to close off your profile to the public then it is to Encrypt random Data.
Re: (Score:2)
Doesn't even concern Facebook? (Score:1)
The sensitive data itself is even stored on an outside server so that even Facebook cannot access it.
(emphasis mine)
So... um... if the data's not stored on Facebook, why is Facebook a part of this equation? Why not just advertise a generic centralized cryptographic system they're running and apply it generally? Or do they really need the publicity that badly that they're just whoring on Facebook's privacy issues?
Come to think of it, if Facebook isn't even involved, why even bother with a central server? I'd think it'd be far more effective to make an interface to some sort of distributed network of enc
ROFL (Score:2)
The sensitive data itself is even stored on an outside server so that even Facebook cannot access it.
So, Facebook doesn't have access to it but someone else does. Oh yes this is SOOOOO much better.
Re: (Score:2)
Obviously, all you have to do is put data in the outside server that's encrypted in some other way. Then Facebook just has a link to data that's really just a link to somewhere else. See? Problem solved.
Hides the info from Facebook and their partners (Score:2)
Many people are saying... if you don't want it seen then don't post it. I don't mind my friends seeing my status (or whatever) but I don't want the Facebook Company or their partners (ie Microsoft) seeing my profile. Sounds like this plugin might solve that problem.
Re: (Score:2)
So don't fill it out. There's no Facebook law saying you have to give them that information - you fill in as little or as much as you want. This is for the diminishingly rare case where you want to post "sensitive" information you want your select friends (with whom you share your crypto key outside of facebook) but which you don't want facebook to know about and you don't want searchable in their database by other users (i.e. where you went to high school so your old buddies can find you).
I can't really fi
Target audience.. (Score:2)
I'm sure this is a nice thing for some selected folks (mostly geeks) who know:
1, What security is.
2, How to use it.
For the rest (99.9+%) of the facebook / twitter crowd this will mean nothing, because they can't even understand the first concept, let alone the second..
Filter @ characters (Score:2)
Re: (Score:1)
Similar social site that NEVER shares your info (Score:2)
Re: (Score:2)
Re: (Score:3, Funny)
They can filter out annoying people! Can I get one of those for real life?
NO.
Re: (Score:2)
Neither does /dev/null, and it doesn't have the network vulnerability.
My favorite emoticon (Score:2)
@@"||
Ooh Ohh! I have a good one! (Score:2)
Don't use facebook? And if you do, don't put sensitive information on it?
You call yourself nerds? (Score:2)
What is the matter with you people? You call yourself nerds? You have no imagination!
Somebody has come up with cool tech which could let you do things with FaceBook (or any other site) that you couldn't before.
Imagine posting secret documents in a public place and only letting some people see it. This person has made that easier with an @@ plug-in. I think it's cool.
(I'll go read the article now.)
Re: (Score:3, Informative)
Items that make the front page from the firehose are tagged 'story' so that when viewing from the firehose, you can see that the item has posted to the front page.
It's a functionality kludge (surely there's a better way to indicate item status) but then again, so is much of the slashcode.