Just out of interest, as I've never come across many examples, can anyone give me some rock solid examples of what scary stuff facebook / a 3rd party could do with my data?
I'm in the UK. I post an update roughly once ever 3 months, usually a photo from my phone. I have around 100 friends. I'm tagged in a handful of photos, some geotagged. None of any particular interest. My about me section has some basic information on my home city. I do however have chat history with a few people.
My privacy settings are all on the maximum, so no one public can see anything without being my friend, nor am I in search results. I block facebook outside of facebook.com.
I always feel like if a corrupt entity (lets say the government) wanted to 'take my freedom' then my email, skype, public paperwork (property ownership records etc) and bank statements etc would be of much greater benefit? Most of the 'facebook data is bad' stories at the moment seem to revolve around people with poor privacy settings and job interviews etc.
If your of the mindset that if the current government collapses and you end up with an extremist regiem in place, then a list of people you met over the last few years might be useful. But I'm not really in that camp, and my email address book or skype logs would be more accurate anyway.
I'm not saying facebook data isn't a bad thing; I'm just wondering what concrete things could happen?
It's just that the arguments generally presented seem to be able to be applied to skype, forums, blogs, email... pretty much having an IP address, or even a mobile phone. I'm just generally interested in what makes facebook specifically so bad to me personally - beyond it's obvious size and centralisation.
The riots one is an interesting example. Do you have any links to examples of people arrested as a result of just having a facebook account? Not just as a result of posting pictures of themselves doing something illegal or organising illegal activity publicly; in which case the medium is unimportant.
Facebook is way more powerful for surveillance because it's a centralized network of people you are connected to and information about yourself. Connections are explicit and easier to track and store and once it's in Facebook it's in forever. While similar surveillance is possible with the other technologies, they aren't in an easily accessible database that can allow extraction of data by interested parties. And it doesn't help that the very company holding all of the data has had a lot of privacy issues in the past.
Plus just because surveillance is possible by other means does not make Facebook ok, it's just the scariest for some people at this point.
The social graph is the holy grail of intelligence analysts and law enforcement. I believe for many years they've been trying to do this themselves, but it requires a massive collection system, along with an equally massive backend database to house all of this information. And it is tough to normalize a person when they have multiple shards of identity.
Now, we just give it to them wholesale. In this way, the tech that empowers us may eventually be used against us. It is terrifying enough that I would prefer a more analog future.
(Apologies for the throwaway account, but I'm not naive.)
"... Just out of interest, as I've never come across many examples, can anyone give me some rock solid examples of what scary stuff facebook / a 3rd party could do with my data? ..."
The biggest problem isn't just finding one piece of evidence a user has revealed, it's inference of collective data. Because access can be made at so many levels on Fb via the API you can infer information from the data alone. [0], [1] Data mining of server logs and inference poses the biggest potential threat.
Well, besides your data being sold to advertisers (which may give you a creepy feeling but not much more), the friend list for most (all? I'm not that familiar with Facebook) Facebook users is public, and a lot could be learned from that alone.
By canvassing you friends list, and your friends' lists and the way different lists intersect, it's often very easy to know who are your, say, school friends, and who are your work friends. It is also quite easy to find out who your close friends are, and whom you only know in passing or have fallen out of touch with.
Using that information, I could introduce myself (online or offline) as a friend of one of your not-so-close friends. Then, it would be quite easy to gain your confidence. I could use you trust to get something directly out of you, or I could gain your trust just enough to friend you on Facebook (under a false identity) and pass your information (which is no longer so private) to a third party that has hired me to follow you.
Facebook doesn't sell any data to advertisers. It allows advertisers to display an advert to a group of users based on broad demographic and interest information, without divulging information about the user. In some ways, this is similar to deciding to show a particular advert in "Time" rather than "People" in the more physical world.
I realise some people (possibly including you) say "your data is being sold to advertisers" when they know how it works, but it is surprising how many people say the same thing and don't.
That sounds like a lot of work. If I really am set on going after you, I can mug you in front of your house, or burn your house, or do another number of things. Setting your Facebook privacy to maximum won't protect against that.
I'd like to hear an example where you don't have to assume an aggressor with supernatural motivation to go after me, the random stranger.
I have read about people doing such things as 'proof of concept' type attacks indeed. However it requires that you have your privacy settings to public.
No information on my profile is public. You must set your friends to public, mine are set to 'me only', so even my friends can not see them (always wondered why anyone would set it to anything else!). Were you to friend me I would not accept as I don't know you. So this attack would not work.
It highlights the point about 'public' facebook data though, which many users are very lax with, but provided you take the steps to contain your data is not a concern. This is more about social engineering than facebook doing any scary with your data on a 3rd party / government level. The same 'job interview' situation can arrise from a blog, a forum or any service with public URLs.
Keeping your friend list private even from your friends is indeed the first necessary step to reduce the risks Facebook poses. On any other setting, whatever other data you keep "private" on Facebook is pretty much public.
Note, however, that this information may leak if you let other services access this information to build their own friend lists.
I'm in the UK. I post an update roughly once ever 3 months, usually a photo from my phone. I have around 100 friends. I'm tagged in a handful of photos, some geotagged. None of any particular interest. My about me section has some basic information on my home city. I do however have chat history with a few people.
My privacy settings are all on the maximum, so no one public can see anything without being my friend, nor am I in search results. I block facebook outside of facebook.com.
I always feel like if a corrupt entity (lets say the government) wanted to 'take my freedom' then my email, skype, public paperwork (property ownership records etc) and bank statements etc would be of much greater benefit? Most of the 'facebook data is bad' stories at the moment seem to revolve around people with poor privacy settings and job interviews etc.
If your of the mindset that if the current government collapses and you end up with an extremist regiem in place, then a list of people you met over the last few years might be useful. But I'm not really in that camp, and my email address book or skype logs would be more accurate anyway.
I'm not saying facebook data isn't a bad thing; I'm just wondering what concrete things could happen?