Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Facebook Privacy Security News Your Rights Online

Facebook Adds Malicious Link Protection 113

wiredmikey writes "As any IT security department knows, social networks pose a significant threat to users across the board as they blindly click links which often lead to spam or other malicious sites that could result in malware infection. In a move to further protect users of the world's largest social networking site, Facebook is adding a new feature to help protect users from links to these malicious sites. Starting today, when a Facebook user clicks on a link it will be checked against a database from Websense in an attempt to determine if the link is malicious. If the link is determined to be risky, the user will be given the choice to continue at their own risk, return to the previous screen, or get more information on why it was flagged as suspicious."
This discussion has been archived. No new comments can be posted.

Facebook Adds Malicious Link Protection

Comments Filter:
  • by tech4 ( 2467692 ) on Monday October 03, 2011 @09:34AM (#37588932)
    Sure, it might be used for blocking malicious links now.. but what about when competing social networks, like Diaspora, emerge? Looking at Facebook's history I'm sure they will use it to block users moving to Diaspora and reading about Diaspora. It will be used as an opinion suppression tool.
    • Re: (Score:2, Interesting)

      by Anonymous Coward

      Or, to use a simple comparison to something that both exists NOW and ISN'T a Duke Nukem Forever-like vaporware joke (both in persistent nonexistence AND inevitable lack of impact if/when it finally is released), links to Google+ streams.

    • Apparantly Suckerborg himself donated to Diaspora to help fund its development. Would be interesting to see his motivation there. Was he simply donating to a "good cause"?

      • Re: (Score:3, Insightful)

        by Anonymous Coward

        He was basically laughing at the idea that Diaspora would turn out to be anything but a never-left-the-ground wankfest for the RMS-style dot communists.

        G+ probably has him worried. Diaspora is a joke.

        • by Anonymous Coward

          the majority of the population wouldn't be able to type Diaspora when drunk, even if they could remember it, which they won't because it has no meaning to them in the first place like a large number of stupidly named OSS applications.

          It's doomed from the start simply due to those factors which is as tragic as it is maddening. It's obvious some people know nothing about 'selling' their product, even when it's a free one.

        • by Rich0 ( 548339 )

          Yup. I just took a look at diaspora and the instructions seem barely usable for setting up a server.

          I got to about the second line of the install script and it died since it wasn't running as root. If they need some ruby libraries installed they should supply a list so that they can be installed using your package manager, not tell you to use some 3rd-party package manager that will stick who-knows-what in your root filesystem. Or, they should just have it install stuff into their own directory tree.


    • by Anonymous Coward

      but what about when competing social networks, like Diaspora

      Diaspora is a competitor to Facebook like Miss Ruth's Finishing School for Girls is a competitor to the State University of New York. Sure, they occupy the same generic space. Sure, they are both institutions of 'higher learning'. However, they don't attract the same kind or number of people and never will.

      I know you people have this dream where every large company goes bankrupt and the underdog wins. When that happens, the underdog becomes the company you want to destroy. You're being anti-success, and t

    • I don't know how to break this to you, but there are other social networks. Some of them even existed before Facebook!

    • by Goaway ( 82658 )

      Wait, you still think Diaspora is ever going to amount to anything at all?

    • Speaking of this, I was on Facebook the other day, and a friend was telling me about Facebook censoring links about Facebook. This particular link was an article about someone trying to put a gay kiss photo on Facebook and them getting all uptight about it (removing it). The weird thing was whenever the guy tried to post the link, it would disappear.

      So there seems to be something about it. Makes me a bit uneasy that FB would do something like that. The link to Diaspora worked, however. Not sure what exactly

    • That's quite unlikely. Facebook's biggest threats are as a monopoly or for "unfair business practices." Doing something like you describe would just open them up to tremendous liability. Google is being scrutinized right now for the same behaviors: are they unfairly favoring their own links against competitors. Just b/c they can do something technically doesn't mean they can do it legally. I think it is highly unlikely that FB's spam link protection tech would ever be used for anything other than spam prote

    • by kesuki ( 321456 )

      fighting malware and virii are a lot like fighting real diseases as soon as something is cured some new disease tends to come along. lets put it this way, i once heard of a server being hidden in a wall, just to protect it from accidental resets because it was vital to booting the whole college network. the thing is that admin moved along and the next guy didn't have a clue when the server used up its lifespan, the next guy spent weeks trying to fix it. eventually tracking down the box from its ethernet ca

    • Sure, it might be used for blocking malicious links now.. but what about when competing social networks, like Diaspora, emerge? Looking at Facebook's history I'm sure they will use it to block users moving to Diaspora and reading about Diaspora. It will be used as an opinion suppression tool.

      I remember a while ago when the lamebook website (posted screencaps from Facebook that were amusing) was in legal arguments with Facebook over trademarks, links to lamebook on Facebook did not auto link properly.

      I think they also don't auto link (or hinder posting) any link that has the word "torrent" in it.

      Both of these might be out of date now, so I don't know if they still do it.

  • by scxw65d ( 50032 )

    Ignoring potential future abuses, wouldn't it make more sense to disallow the posting of likely-malicious links? The vast majority of users won't read the warning text and will just click through.

    • If they did that, they would have no excuse for intercepting and tracking the links you click.

  • by Sockatume ( 732728 ) on Monday October 03, 2011 @09:42AM (#37588994)

    I've yet to have a relative's computer contract a virus because of a Facebook link, but it seems that every other day they've got some Facebook app spamming everyone on their friends list because of the promise of free online poker or whatever. When does Facebook intend to do something about that? Ever?

    • It is to add Malicous Link protection, which is the issue you are discussing.
      • I'm talking about malicious links inside Facebook; Websense identifies malicious links outside facebook.

    • Funny thing that. Now with the new news feeds...if I use anything other than the default, all the stupid apps I told it to block updates from for EVERYONE have come back. Great. Because now when I look at the "Work Friends" list I want to see a wall of this crap. It took me like 10 minutes to hide all the new things that showed up there. I wish they'd do what Google+ does and put it in a separate area so I can NEVER EVER GO THERE.
    • by Lehk228 ( 705449 )
      They will collect their cut of the profits
  • it will be checked against a database from Websense database to in an attempt to [emphasis added]

    Guys, come on!

    In all seriousness, this'll be helpful for home users much more than it will in the office. I'm just surprised they've taken this long to do it; they've MITM'd every link for at least a year and a half.

  • Google+ (Score:3, Informative)

    by Oswald McWeany ( 2428506 ) on Monday October 03, 2011 @09:44AM (#37589010)

    Let me guess... Google+ is listed as a malicious website.

  • Facebook and their omnipresent Like buttons is the largest source of intrusive monitoring on the web. I highly recommend the antisocial [adversity.uk.to] subscription for adblock, it's not only reduced the amount of information leaking to google and facebook but it's also improved average page load times by about 40-50% (guestimation).
  • You could put up 10 warning screens like that and people will still go "BUT I WANNA SEE THE CUTE THING MY FRIEND SAW"
  • That should do it.
  • Am I the only one that think it is a little fishy that they are not checking the links when they are published, but only when user are clicking on them. So instead of doing one check per link they think it is better to do million checks... or this is just another excuse to track which user are clicking which links... but I guess that is just me being paranoid.

    • First, it's better to check each time -- because a link that was just dandy when published could become malicious over a few days' time. If it only checked once, that'd be an easy way to circumvent the system.

      Secondly, of course Facebook is tracking who clicks on what. And if you don't think any other major site is doing the same, including every search engine result on Google (not just G+), then you are in for a shock.

  • by Anonymous Coward

    This has been occurring on the mobile version app for at least a week now, and it doesn't check.. every damn link you hit does the "this is an external site.. do you want to continue" crap. Its annoying. *IF* it only did it with suspect links like Google does with its search results or chrome does when it detects something, that'd be ok... but its done it for every damn link so far.

    Not to mention I can't stand websenses listings (old employer used them and stuff was incorrectly classified all the time)

  • So Facebooks goal is to secretly collect data on you, then sell that data to whomever will pay the most, often criminals and totalitarian governments, and they are now offering protection against links that may lead to sites that do the very same thing? Thanks Facebook!
  • by CuriousGeorge113 ( 47122 ) on Monday October 03, 2011 @10:20AM (#37589336) Homepage

    This sounds a lot like the 'Safe Browsing' feature already built into Chrome. It provides a warning screen on a suspicious page, and then allows the user to continue, or to go back.

    As long as there is an opt-out setting, I really don't see what the big deal is. Am I missing something?

    • by Anonymous Coward

      is the service they use for similar features for security online!

      I supplement BOTH of those browsers "built-in features for security" (Opera also has a urlfilter.ini/filter.ini file for this locally also) with HOSTS files (vs. host-domain name based threats, which can & DO get "recycled" by malware makers), + firewall rules tables (for IP address based known online threats (these don't last that long usually & cannot be recycled/reused by malware makers as easily)).

      * I do this, for BOTH better onlin

  • Since social networking sites pose a significant security risk, facebook will of course block other social networking sites.
    For your safety.
  • This is actually an issue they should have addressed a long time ago. Lots of people have their accounts hijacked and then they start sending out malicious links. And the bots are getting better at faking normal people.

    I like saying "Boo Facebook" as much as anyone, but they need to do this. I don't believe this particular initiative is meant for political censorship. They already have those capabilities. I think the only thing they really gain from this partnering is the ability to block malicious lin

  • Of course this tells them which links you click on. And if Chrome does this, too, then google is not only aware of your searches but also the links you click on outside their domain.


    • Exactly. The content containing the link is already on their servers. The could check it there and annotate. What they want is to know if you've clicked it.

  • for five minutes. After that, the malware writers will identify the Facebook servers and show them a different page.
  • then you have much bigger problems than Facebook.

  • Quote from article: "Starting today, when a Facebook user clicks on a link it will be checked against the Websense database in an attempt to determine if the link is malicious."

    So... Do the malicious links people post always end up in the WebSense malDB before anyone views them?
    Or... Does the hosting provider of said malicious link take the "site" down first?

    All I read is another FUD-calming act. Read: "Look what we've done to make our site better for you to belong to today!"

  • So Facebook is going to block links to sites that are full of spam, or attempt to take all of your personal information in order to make money from it...
      So, as best I can tell, Facebook has deemed Facebook.com to be a malicious link...

  • Hey guys, just want to let you know that the Link Protection is easily broken [slashdot.org]. So much for protection, eh?

Any sufficiently advanced technology is indistinguishable from a rigged demo.