Linked by Thom Holwerda on Wed 19th May 2010 09:52 UTC, submitted by Nitrodist
Internet & Networking If there's one subject that's really hot right now on the web, it's privacy. There's the whole Facebook saga, and especially the company's CEO, Mark Zuckerberg, seems somewhat averse to the concept of privacy. We also have a much smaller issue with the Chrome web browser, where someone found out zoom settings are stored somewhere, even when in incognito mode. It turned out to be a feature (sort of) but it does highlight how important the concept of privacy on the web has become.
Order by: Score:
Open source?
by hornett on Wed 19th May 2010 10:05 UTC
hornett
Member since:
2005-09-19

The power of open source. Try this with Safari, Opera, or Internet Explorer. This is one of the main reasons to use an open source browser.

Can you get the complete source to Chrome then? I thought you could only get Chromium. Who knows what Google is putting in their binaries.

Reply Score: 1

RE: Open source?
by vaette on Wed 19th May 2010 10:15 UTC in reply to "Open source?"
vaette Member since:
2008-08-09

How do you know that the binary .deb packages on Ubuntu actually match up to the source they claim to have built them from?

Even if you compile the code yourself, do you actually read it through and verify its correctness?

Even if you do read the source and verify that it is correct, and then build the binary yourself, how do you know that the compiler doesn't add a backdoor to the binary?

Ken Thompson actually implemented exactly this trick on an early Unix box. The compiler was patched to detect two special conditions: if it was compiling a new version of the compiler it would add the patch to it as well. If it was compiling the "login" program it would add a backdoor to the binary. Read about it here: http://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf

If you are going to start doubting everything you really very quickly have no leg to stand on anymore.

Edited 2010-05-19 10:15 UTC

Reply Score: 1

RE[2]: Open source?
by Thom_Holwerda on Wed 19th May 2010 10:18 UTC in reply to "RE: Open source?"
Thom_Holwerda Member since:
2005-06-29

It's not about checking everything. It's about having the ability to check (or raise a racket and have someone else check it for you) in case you do notice odd behaviour. Had this behaviour been spotted in Safari, Opera, or Internet Explorer, you wouldn't have been able to do anything about it, nor would you have had the ability to look up what was really going on.

Reply Score: 2

RE[3]: Open source?
by vaette on Wed 19th May 2010 12:29 UTC in reply to "RE[2]: Open source?"
vaette Member since:
2008-08-09

The point of Ken Thompsons trick though is that you can't really be sure that you can check what is going on with Chrome any more than with IE even if you build Chrome yourself, unless you assume that your compiler is trusted. So you have to trust something. It is all relative of course, some things being more and less likely than others, but you are basically in a situation where you will have to trust other parties.

Reply Score: 2

RE[2]: Open source?
by hornett on Wed 19th May 2010 10:50 UTC in reply to "RE: Open source?"
hornett Member since:
2005-09-19

How do you know that the binary .deb packages on Ubuntu actually match up to the source they claim to have built them from?


You can rebuild the .debs from the deb-source package, and you can then verify that your binaries are exactly the same as those built by Debian (or whoever).

You can't do this with Chrome as you don't have the complete source to binary which they release, only the parts released as Chromium. Thus, you have no way to verify if extra code has been inserted into the binaries.


Ken Thompson actually implemented exactly this trick on an early Unix box. The compiler was patched to detect two special conditions: if it was compiling a new version of the compiler it would add the patch to it as well. If it was compiling the "login" program it would add a backdoor to the binary. Read about it here: http://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf


That's brilliant!

Edited 2010-05-19 10:53 UTC

Reply Score: 3

RE[2]: Open source?
by WereCatf on Wed 19th May 2010 10:55 UTC in reply to "RE: Open source?"
WereCatf Member since:
2006-02-15

Even if you do read the source and verify that it is correct, and then build the binary yourself, how do you know that the compiler doesn't add a backdoor to the binary?

It'd be REALLY hard to sneak such an addition to the compiler. First of all, compiler source repositories are really damn well guarded because they are so important to not only regular geeks, but also to companies themselves.

Secondly, distros themselves also do regular checks on their compilers exactly because enterprises depend on them. Especially enterprise-oriented distros can't let such things sneak up on them.

So, yes, it'd would be possible to add backdoors to code which didn't have it before if the compiler was compromised. But getting the compiler compromised is the hard part.

Reply Score: 3

RE[3]: Open source?
by vaette on Wed 19th May 2010 12:26 UTC in reply to "RE[2]: Open source?"
vaette Member since:
2008-08-09

So the dozens of oddball distro vendors are trusted to turn out a good binary but Google is not? The point is that you necessarily trust someone, since there is no way to be absolutely sure about anything.

It is all relative in the end. Personally I don't even worry much over IE's inPrivate mode either, since I think Microsoft has learned their lessons, and even at the worst of times weren't really spying on their customers. I don't really trust facebook though since I have a problem with their motives and know that they have the means to do bad things with my information.

Reply Score: 1

kragil
Member since:
2006-01-04

I find it incredibly ignorant and short-sighted that people think they be on Facebook and as long as they don't post stupid stuff they will be fine.

They won't. There are lots of ways that your friends, your network of friends or all the "Like" buttons on the net can compromise your privacy. There is even more (Gaydar etc.)

The naiveté concerning FB an the net is really astonishing.

Reply Score: 3

Thom_Holwerda Member since:
2005-06-29

I find it incredibly ignorant and short-sighted that people think they be on Facebook and as long as they don't post stupid stuff they will be fine.

They won't. There are lots of ways that your friends, your network of friends or all the "Like" buttons on the net can compromise your privacy. There is even more (Gaydar etc.)

The naiveté concerning FB an the net is really astonishing.


You don't get it. There IS no private stuff about me on Facebook. None. So there's nothing to compromise. Everything I have on Facebook is something that others may know. In fact, it's all information you could get even if I did not put it on Facebook. Where I went to high school, for instance, can be found quite easily... On the site of my high school.

Get it?

Reply Score: 1

kragil Member since:
2006-01-04

You have 0 friends?

Reply Score: 2

WereCatf Member since:
2006-02-15

You have 0 friends?

Does it matter? Most people do not have the need to hide the fact that they are in fact friends with someone. Atleast to any normal, sane person it is perfectly fine if people know who they are friends with.

Of course, it tells a little about that person, but then again, it doesn't tell anything that matters.

Reply Score: 2

kragil Member since:
2006-01-04

Mistaken again:
http://www.boston.com/bostonglobe/ideas/articles/2009/09/20/project...

I could write pages and pages about this stuff, but I won't.
A Microsoft researcher summed it up better than I ever could. If you really interested read these links:

http://www.zephoria.org/thoughts/archives/2010/05/14/facebook-and-r...
http://www.zephoria.org/thoughts/archives/2010/05/15/facebook-is-a-...

Most people don't want to see that that they are loosing privacy by being on Facebook, no matter how they use it. The amount of ignorance is about it is probably just human

EOD for me.

Reply Score: 3

Thom_Holwerda Member since:
2005-06-29

EOD for me.


That's convenient, isn't it?

The simplest remedy against Facebook's lax privacy policy is to only pt stuff on Facebook that even the most random stranger may know about you. You might not like that such a simple solution to this problem exists, but that doesn't make it any less valid.

"EOD"ing this discussion just because you have no answer to that is weak. At least you can just admit that the best way to deal with internet privacy concerns is to never put anything on the web that you would otherwise never tell even a random stranger. That doesn't excuse Facebook in any way - but I cannot change Facebook or any other company, I can only change myself and my behaviour to deal with the reality that companies will abuse my rights as much as they can, simply because that's in their nature.

As for your gaydar thing - if that project reveals me as being gay, then it apparently isn't working very well, since I'm not gay. I'm confident enough not to let something like that bother me. If it would bother you, then you have problems that far exceed just privacy concerns.

Edited 2010-05-19 11:21 UTC

Reply Score: 1

kragil Member since:
2006-01-04

OK, so your assumption is that you and all your friends and their friends and their friends only put completely harmless stuff on FB and that all that stuff can't be correlated to reveal stuff about someone that he doesn't want to be in public?

Good luck with that, but I guess math is against you here.

Reply Score: 2

WereCatf Member since:
2006-02-15

Mistaken again:
http://www.boston.com/bostonglobe/ideas/articles/2009/09/20/project.....


Bah. That's just one of those I-use-lots-of-numbers-to-make-false-assumptions-and-declare-them-true- to-get-headlines. You just can't find out someone's sexual orientation by looking at his or her friends; people associate themselves with people whom they like hanging out with, not only whom they want to shag with.

Reply Score: 1

kragil Member since:
2006-01-04

It might not work every time, but I tend to believe MIT researcher more than you.
And I am sure FB can tell if you are gay or not just by looking at your friends and your logs on the site. Or how you are likely to date next etc.

I am not gay (I didn't think pointing that out was necessary) but there are valid reasons for people to keep that info private. Especially in the US.

And anyways, the gaydar thing is just one example there are lots and of other examples.

Mmmkay?

Reply Score: 2

WereCatf Member since:
2006-02-15

It might not work every time, but I tend to believe MIT researcher more than you.

Even geniuses are wrong sometimes as history has proven.

And again, as they themselves say in the article they can guess things about a person to a degree, they can't guarantee they are correct. As such their results might or might not tell about you. Such educated guesses are mostly useful for advertising purposes, nothing else.

Reply Score: 2

Tuishimi Member since:
2005-07-06

You said "shag"! ;)

Reply Score: 2

WereCatf Member since:
2006-02-15

You said "shag"! ;)

I could've used the f-word, I know, but I don't like to swear :/ It's rude, it's something I don't wish to teach to children, and given the audience here being mostly children or childish...... ;)

Reply Score: 3

Thom_Holwerda Member since:
2005-06-29

You have 0 friends?


No. But the stuff I share with them on Facebook is the stuff I am comfortable with EVERYONE knowing - friend or no. In other words, the stuff on Facebook is stuff that even complete strangers may know.

I don't know how I can make this any clearer.

Reply Score: 1

righard Member since:
2007-12-26

I think he meant that even though you do not put any personal info on Facebook; people can still see who you are friends with.

I agree with your usage of Facebook. I don't get the users on Facebook that are complaining about the way the company treads that privacy while at the same time putting all things they want to be kept private on the web.
There are even people like my sister that use Facebook (well she used Hyves) as a email address.

Reply Score: 2

Diaspora
by palraabjerg on Wed 19th May 2010 11:20 UTC
palraabjerg
Member since:
2010-01-14

Found in the Gizmodo article:
http://joindiaspora.com/

Finally a social networking concept I might actually join and support. No putting personal information on a private company server. At least not if you don't want to. I guess you could still setup a company to offer Diaspora seeds, but you have a real choice not to.

A lot of naysayers on this one seems to think that this is just like any other Facebook/MySpace upstart, and that they're just going revert to the evil ways of Facebook when offered enough money. But honestly, no, they really seem to want to do this the right way, by making it extremely difficult to impossible for any one company to just harvest or exploit all the personal info on the network.

If this works out as I understand it, you could market something like Diaspora + SheevaPlug for a completely home-run seed.

Not saying this will supplant Facebook anytime soon, but maybe some of us non-Facebook extremists will have a realistic privacy-retaining alternative ;)

Reply Score: 2

RE: Diaspora
by kragil on Wed 19th May 2010 12:30 UTC in reply to "Diaspora"
kragil Member since:
2006-01-04

Yeah, they have the right goals.
( Actually they have Eben Moglens goals http://www.youtube.com/watch?v=QOEMv0S8AcA excellent talk btw ).
Even is Disapora fails it seems they push will OStatus in the right direction (encryption) and people will be able to share private stuff on the internet with a lot more privacy than they have now (realistically mostly none).

The problem with most open social standards at the moment is that they are done be exhibitionists.

Edited 2010-05-19 12:49 UTC

Reply Score: 3

Paranoia - Too Much or Not Enough?
by deathshadow on Wed 19th May 2010 13:26 UTC
deathshadow
Member since:
2005-07-12

In the case of the Facebook one, it seems a bit queer that anyone would expect security on a site who's primary purpose is to share information about yourself with the world... As such I can see why Zuckerberg would shoot down a lot of 'security' proposals. So long as someone else can't log into your account, that should probably be the be-all end-all of security it needs...

I like the booth at a restaurant analogy, just because you invite people to your booth doesn't mean the people in the next booth over aren't going to hear you. We've gone too far with the "go ahead and share details about yourself" with ego-stroking sites like Twitter, Facebook and mySpace (in case you couldn't tell, I don't "get" this whole social networking craze)- and then we're supposed to feel bad when somehow 'personal' information is leaked off those sites? BULL.

Great example in the news recently with the psycho kid just happens to commit suicide from 'cyber-bullying' when it was probably the REAL bullying at school, complete lack of parental interaction, and behaviors permitted that would have gotten your ass whipped even by a teacher when I was in school... or at least gradeschool - this whole limp wristed "don't upset the children" nonsense started showing up just as I was finishing high school in the 80's - I feel bad for the thin skinned wussies we've churned out since.

Bullying occurs most in forced social situations where the bullied cannot flee - Cyber bullying? That's BULLSHIT. I got a solution for that one, it's called go to another website - It's called turn off the damned cell phone and go outside and have a LIFE. The recent little miss national news media frenzy from the Commiewealth is a great example of this - on article literally said:

The digital abuse allegedly began after disagreements involving a romantic relationship at school, and escalated into non-stop text and Facebook harassment from multiple people in the weeks leading up to her death


Nonstop-texts? TURN IT OFF. That thing does have an off button, the ability to block texts from people you don't want to get texts from, etc, etc... Oh noes, she might shut down and stop using Facebook - her life is over...

I've got a great solution if your kid is being the victim of cyber bullies, take away the cell phone, monitor their internet use, teach the kid it's not OK to give away every personal detail about yourself online and take them to go climb a mountain or to Six Flags. In other words, BE A ****ING PARENT.

The general public does not practice enough paranoia when it comes to volunteering information on the internet. If they did most online scams wouldn't even exist and things like "security" on Facebook would be non-issues.

BUT

On the flip side of the coin we have the fringe whacko's tossing a tippy over "Oh noes, Chrome is storing my last used zoom value"... MEIN GOTT. That this is even considered an issue shows such severe levels of clinical paranoia that ANYONE who really thinks this was a big deal.. do us all a favor and seek professional help. 100% swing to the opposite extreme!

Though you have to read between the lines, since this massive non-issue is magically turned into open source propaganda; as if magically the people who notice real issues can fix them... When it's more like people dicking around fixing non-issues that are 'popular' while REAL issues (like say CAPTION having incorrect width when you pad a table, word-spacing ignored on whitespace between inline-level containers, incorrect height if you try to use baseline) go unfixed for years after being discovered while you end up having coders dicking around with meaningless trash like making a new skin for every release.

The real truth of open source - if it's not flashy or trendy, or won't make a splash in the headlines it'll never get fixed. Hey Mozilla, how's 915 coming along?

Reply Score: 3

AnyoneEB Member since:
2008-10-26

In the case of the Facebook one, it seems a bit queer that anyone would expect security on a site who's primary purpose is to share information about yourself with the world... As such I can see why Zuckerberg would shoot down a lot of 'security' proposals. So long as someone else can't log into your account, that should probably be the be-all end-all of security it needs...

I like the booth at a restaurant analogy, just because you invite people to your booth doesn't mean the people in the next booth over aren't going to hear you. We've gone too far with the "go ahead and share details about yourself" with ego-stroking sites like Twitter, Facebook and mySpace (in case you couldn't tell, I don't "get" this whole social networking craze)- and then we're supposed to feel bad when somehow 'personal' information is leaked off those sites? BULL.

Although Twitter, Facebook, and MySpace do allow you to make everything you post world viewable, a lot of people expect to be able to use it to share photos, event invitations, and just general life updates and banter with their friends, not the whole world.

People should be able to hold discussions and share photos, etc. with their friends without the whole world being able to listen in. The fact that it is on the internet shouldn't change that.

Reply Score: 1

Delgarde Member since:
2008-08-19

In the case of the Facebook one, it seems a bit queer that anyone would expect security on a site who's primary purpose is to share information about yourself with the world...


Because the purpose *isn't* to share information with the world - if users wanted to do that, they'd just setup a fully-public blog, or use Twitter or something. The purpose of Facebook (for it's users, at least) is sharing information with one's circle of friends, and there's an expectation that it's not visible to random strangers outside of that circle - any more than sending email or SMS to those friends would be.

You're right, posting things to it that you wouldn't want *everyone* to see is stupid. But the expectation, from their earlier policies, is that information sharing is limited to your specific list of friends by default - it's the changes to that policy that are upsetting people...

Reply Score: 2

jaklumen Member since:
2010-02-09

Thank you, drill sergeant, at ease.

The world isn't the armed forces, though. It may be cathartic for you, but accusing people of being wimpy, effeminate, or slacking may not get the results you want. It's ironic, too, when talking about bullying.

It seems apparent that manners and protocol need to be emphasized again, and that the rules need consistent updating to apply to online circumstances. Whether the plug is pulled or not doesn't negate the need; the need was always there. In times past these rules kept kings, nobles, and soldiers from killing each other outright-- recent news just seems to indicate they apply to so-called peons and plebians, too. Literally, sometimes.

It's also pretty effete to just browbeat the parents. Any good teacher I've met (and I was taught this when I was trained as a teacher, as well) will admit freely that their students success depends largely on efforts at home. It's a foundation, no doubt, but it doesn't cancel out the role of the school. I've heard moans and groans from kids worldwide about "Internet Safety" classes, but I think they need to be there. Ideally, teachers, parents, and other elements of society should equally contribute to this effort, but the reality is that their participation will vary. Pointing fingers and laying blame to individual elements is imprecise at worse and ineffective at best.

Reply Score: 1

...
by Hiev on Wed 19th May 2010 13:43 UTC
Hiev
Member since:
2005-09-27

Is all about false spectatives, facebook has never claimed to give you the maximun privacy, when you use facebook you know what you get, but with Google, always claiming that takes your privacy serious is a let down.

Reply Score: 2

RE: ...
by jaklumen on Thu 20th May 2010 01:05 UTC in reply to "..."
jaklumen Member since:
2010-02-09

Tsk, hardly.

Facebook has been deliberately vague. They've been playing a shell game, and even the aware have been duped. One of the best articles I read on the subject suggested Facebook has been walking a dangerous middle ground in semi-privacy. And they've never been clear about what's private and what's not.

I've heard Thom's "treat all the Internet as explicitly public" dozens of times from various people over several years. Erring on the side of caution is fair enough, but it's simply wrong to assume everything everywhere in cyberspace will be up for equal grabs. It's not.

Mark Zuckerberg seems to be a white-collar sociopath some stripes of hackers have been, based on what many have demonstrated for the media over and over again, often with just as little lack of conscience. I sincerely doubt he gives a shit about people in general; like those hackers, he's just going to do whatever he figures he can get away with. The only real difference, I think, is his opinion about freedom of information involves corporations and making some cash. It's within the rules for Madison Avenue and Hollywood, but I think he cares very little about the end user/consumer.

Yeah, I quit. I wound up losing access to family and friends I will never hear from any other way. But that's just it. I don't hear from them otherwise. Those that matter keep in touch by other means; those that don't care-- they won't. It became increasingly obvious to me that Facebook matters very much to public figures and merchants, but I'm not really within either of those two categories, and so I decided I really wasn't going to miss much.

Reply Score: 1

Sharing information
by spinnekopje on Thu 20th May 2010 10:37 UTC
spinnekopje
Member since:
2008-11-29

For a lot of users facebook only groups the information available about you. It just makes it a lot easier for companies to use that information. Whether that bothers you depends on yourself.

The privacy setting on a browser is a usefull feature, but I think a lot of people forget that your browser is not the only place where the information passes..
I do like it because those sites aren't listed in the history which prevents them from accidentaly showing up when you want to show something to other people.

Reply Score: 1