Alan Burlison's Work Related Ramblings

All | General | Java | NetBeans | Perl | Solaris
« Previous month (Nov 2007) | Main | Next month (Jan 2008) »

20080118 Friday January 18, 2008

Facebook faces privacy questions

Just noticed this report on the BBC News website:

Facebook is to be quizzed about its data protection policies by the Information Commissioner's Office.

The investigation follows a complaint by a user of the social network who was unable to fully delete their profile even after terminating their account. Currently, personal information remains on Facebook's servers even after a user deactivates an account.

Facebook has said it believes its policy is in "full compliance with UK data protection law".

"We take the concerns of the ICO [Information Commissioner's Office] and our user's privacy very seriously and are committed to working with the ICO to maintain a trusted environment for all Facebook users and ensure compliance with UK law," said a statement from the site.

That'll be me they are talking about...

Posted by alanbur ( Jan 18 2008, 11:27:21 PM GMT ) Permalink Comments [1]

20080115 Tuesday January 15, 2008

Number problems

I've just been looking at my son's maths homework, which is from the CGP Year Six Maths Workbook - Year Six in the UK is kids who are 10 to 11 years old. Here's the question:

a) How many hundreds in 4695?

I can think of four possible answers, depending on how you interpret the question:

  1. 6, i.e. the hundreds digit of 4695 is 6
  2. 600, i.e. the hundreds component of 4695 is 600
  3. 46, i.e. 100 goes into 4695 46 times, with 95 left over
  4. 46.95, i.e. 4695 ÷ 100

From previous experience with these books, it could be any of the first three possibilities, although the last one is an equally valid interpretation. No wonder the standard of maths in UK primary schools is so poor, if they have to use such frankly awful source material. Here's another example, from the next page:

Solve this problem.

17 × 6 + 98 ÷ 25 × 301 - 21 + 113 =        

If you think the answer is 1376.92, i.e. (17 × 6) + (98 ÷ 25 × 301) - 21 + 113, you'd be wrong. The answer they seem to be expecting is 2500, i.e. ((((((17 × 6) + 98) ÷ 25) × 301) - 21) + 113). I know that's the case because the kids aren't allowed to use calculators, so the answer will be an integer value. So much for the rules of operator precedence...

p.s. Thanks to @kangcool for spotting the maths error in the original version ;-)

Posted by alanbur ( Jan 15 2008, 09:25:41 PM GMT ) Permalink Comments [3]

20080104 Friday January 04, 2008

Facebook: and so it begins...

I just came across this security advisory via The Register. A malicious Facebook application is using social engineering techniques to persuade people to install spyware/adware on their machines:

What happened is reasonably straightforward, sadly. The tremendous success and lightning fast expansion of Facebook (which, albeit resorting to debatable strategies as noted in a previous roundup, is undeniable) empowered the social networking giant with an impressive user base. Needless to say, in a digital world where web traffic equals money, such a user base attracts spammers, virus/spyware seeders, and other ethic-less online marketers like honey would attract flies.

I'm absolutely certain that this is just the first swell of an approaching tidal wave of Facebook malware. It isn't even a particularly clever example - it would be far more effective to use a Facebook application to harvest personal information whilst apparently offering a useful service, and then use the data elsewhere and/or at some time after the application was harvested. That would make it far more difficult for people to draw the connection between the harvesting app and the subsequent misuse of their personal data.

Currently there are more than 12,000 Facebook applications registered in Facebook. All you need to add an application to Facebook is an API key, and you can get one of those in seconds from the Facebook site, with no checking whatsoever by Facebook. The only mechanism Facebook seems to provide to 'protect' its users from malicious applications is a requirement that developers click on a checkbox to agree to Facebook's Developer Terms of Service. There's no vetting of the person applying for the API key, or of any applications they write.

After my previous experience of fighting with Facebook to get my account closed I'm not in the least bit surprised at their cavalier attitude to Facebook application security. I'm also doubtful that they have the resources necessary to vet 12,000+ applications even if they wanted to, and even if they did there's nothing to stop someone registering a benign version of the application and then activating the malign part after the application has been accepted.

I wonder if there's a need for an application that shows people just how much information they are agreeing to hand over when they install a Facebook application?

Posted by alanbur ( Jan 04 2008, 12:12:44 PM GMT ) Permalink Comments [0]