Facebook's Graph Search: Kiss Your Privacy Goodbye 245
Nerval's Lobster writes "Software developer Jeff Cogswell is back with an extensive under-the-hood breakdown of Facebook's Graph Search, trying to see if peoples' privacy concerns about the social network's search engine are entirely justified. His conclusion? 'Some of the news articles I've read talk about how Graph Search will start small and slowly grow as it accumulates more information. This is wrong—Graph Search has been accumulating information since the day Facebook opened and the first connections were made in the internal graph structure,' he writes. 'People were nervous about Google storing their history, but it pales in comparison to the information Facebook already has on you, me, and roughly a billion other people.' There's much more at the link, including a handy breakdown of graph theory."
Re:Yeah, right (Score:5, Informative)
As soon as you saw (not clicked!) the Like button, for that matter.
Re:Yeah, right (Score:5, Informative)
Exactly.
My use of facebook is as follows:
Register account, to keep someone else from using my name (it happens, I've had internet stalkers for over a decade that have done things like register domains, show up at my door, etc).
Disable everything that it's possible to disable. Set to notify me by email of private messages, just in case. Disable ability to tag me in photos, post on my wall, etc, etc.
Put up a user photo on account that says "I DO NOT USE FB. SEND ME AN EMAIL AT >email addy".
Never touch Facebook again.
Do not enter your real name on a social network. (Score:5, Informative)
Do not enter your real name on a social network, use a Psuedonym, call yourself something else like you would on IRC, AIM, YIM, etc. Only friend people who you know on their Psuedonym. People. Quit. Putting. Your. Real. Name. On. Accounts.
Re:Garbage in, garbage out (Score:5, Informative)
I have been peppering my FB check-ins with places that I have been to, noting events that never took place, mixed in with real check-ins. I have set my "Lives in" city to somewhere different every day this year. Unless you know me, good luck figuring out what on my FB page is real and what isn't.
The thing about Graph search, is your friends know you, and they, (presumably), are not engaged in such useless attempts at deception. So regardless of what YOU say or do, Facebook will not be fooled. They will know exactly who you are and where you are, just by mining your friends, your IP address, etc. (I mean, seriously, you can't have imagined this would really work, did you)?
Even if you never signed up for facebook, you are likely already in their database.
Re:Yeah, right (Score:2, Informative)
HOSTS is an awesome method for blocking sites like Facebook, shame it doesn't handle wildcarded domains last time I checked.
Re:I actually doubt FB can tell who I am. (Score:5, Informative)
Too bad. They know exactly who you really are, and your current, (and probably all past) addresses. Your spouse and family log in from the same public facing IP addresses, you all visit the same restaurants together with your portable devices. Your friends have your pictures, and facial recognition will peg you.
You are fooling no one but yourself.
Re:So what (Score:4, Informative)
I don't think its their own posts most folks are worried about, or object to Facebook using,referencing,indexing etc.
All but the dumbest among us (seems there are lots of really dumb folks though) know not to put anything on Facebook we'd be upset about someone reprinting on a billboard next to the interstate with attribution.
The issue is really all the other photos people post and tag, the fact they can tag you when you don't even have an account. The fact that they are using facial recognition and what really are some pretty smart algorithms to know when someone mentions John Smith, just exactly which one they are talking about. Coupled with the location information attached to much of these things as meta data Facebook likely has a better idea of where you are at this very moment than many of our intelligence agency do and probably could figure it out faster too. That is what people have problems with.
Now this search feature is going to make the last part more and more available to well anyone who happens to be interested and is willing to endure viewing an ad for "attractive singles in their area".
Re:Yeah, right (Score:5, Informative)
Yeah, as much info I have in there is fake, I can't convince my friends who grew up with facebook in college to fake everything. They know things, I show up in pictures, I get invited to events, ect. The fake stuff makes it more difficult, but not impossible. Its like a single DES encryption. Just really there to deter those with out the motivation to crack.
Re:I actually doubt FB can tell who I am. (Score:4, Informative)
http://panopticlick.eff.org/
This will show you that logged in FB or not, your browser signs your unique presence for you. No really, you don't even need to have an account on FB to be known by FB. Now add the data collected by other sites and I'm quite sure that FB could automatically fill in your first name field and last name field for you during the account creation.
Re:Yeah, right (Score:5, Informative)
Not its not an awesome method.
You're right it does not support wildcards so putting www.facebook.com in there does nothing top stop, the java script on every other site out there from posting to trackyourass.facebook.com
I makes things point to a resource that won't answer so unless you take additional steps like running a httpd that will generate a 404, so it can make things dirt slow.
Lots of pages are designed (badly) and need images to exist or the layout breaks, or is messed up otherwise.
So no your hosts file is not an awesome method. A proxy like privoxy for example though there are other good ones starts to come closer to something that might be a decent solution. It could at least serve dummy images, use regular expressions to strip posts, and gets inside iframes to .*facebook.(com|net); .*fbcdn.com and others. etc.
Really people STOP using your hosts file. Its like the worst possible answer.
Re:What does FaceBook have? (Score:4, Informative)
I believe that by "standard browser" he means any browser which does any of the following:
- Javascript
- Cookies
- Flash
If your browser does any of those, you are being tracked every time you open it. You don't even need a facebook account and you don't need to use google. If you wish to stop being tracked, you will have the install at least the following extensions for your browser:
- NoScript (for malicious javascript)
- Ghostery (for cross-site tracking)
- CS lite (for flexible cookie management)
- BetterPrivacy (for Flash-based cookies)
- AdBlockPlus (for more tracking)
- https anywhere (for man-in-the-middle snooping)
- FireGloves (for browser fingerprinting)
and configure all of them to only use a whitelist, and explicitly disable Facebook, Google, Twitter and anything similar. Then you'll need to restart your browser at regular intervals to deter session cookies. You'll also need to reconnect to your ISP regularly to thwart IP-based tracking.
Yes, there used to be a time when using the web was easy. Now Facebook and Google have turned it into THIS.