Delete your facebook account NOW!

[sammyboyfor]

https://www.tomsguide.com/us/faceboo...ews-26868.html

Why Facebook's New Scandal Is the Worst of All
by PAUL WAGENSEIL Mar 27, 2018, 1:32 PM

Forget Cambridge Analytica. The latest Facebook scandal is worse.

The social network silently logged Android users' call and text histories, didn't tell anyone about it, got caught and now claims that Android users consented to it all along and that every other online service does it too. (Hint: They didn't and most don't.)

Getting the full picture from Facebook about this practice has been like trying to keep up with a game of three-card monte. The company has been telling part of the truth, then another part of the truth, all while reassuring the public that this highly invasive practice exists for the sake of users who, even if they didn't know it was happening, would have been happy about it if they had.

Facebook could be given the benefit of the doubt about the Cambridge Analytica mess, which might charitably be seen as the result of naiveté and shortsightedness. But the deliberate deception that Facebook is currently engaged in regarding the call-logging controversy should persuade users to never trust anything from the company again.

People are asked if they want to upload their contact lists, not their entire call and text histories. There's a big difference between the two.
To catch you up on this brouhaha, several people discovered last week, after downloading their Facebook data in the wake of the Cambridge Analytica publicity, that Facebook had secretly logged calls and texts made from their Android phones. These users didn't remember having given Facebook apps permission to do so.

You didn't know you wanted this
When asked about this, Facebook stated that users had in fact consented to sharing their call and text logs when they agreed to let Facebook see their phones' contact lists. The users weren't informed of that when they installed the apps, but Facebook insists that they should have known.

"The most important part of apps and services that help you make connections is to make it easy to find the people you want to connect with. So, the first time you sign in on your phone to a messaging or social app, it's a widely used practice to begin by uploading your phone contacts," read a statement released by Facebook.

MORE: How to Download Your Facebook Posts

"Contact uploading is optional. People are expressly asked if they want to give permission to upload their contacts from their phone — it's explained right there in the apps when you get started. People can delete previously uploaded information at any time and can find all the information available to them in their account and activity log from our Download Your Information tool."

Frankly, that's bogus. People are asked if they want to upload their contact lists, not their entire call and text histories. There's a big difference between the two.

The police normally go to the phone companies when they want to find out when certain calls or texts were made. If I were a cop, I'd get a warrant for a suspect's Facebook records first.
How this was even possible
Furthermore, Facebook doesn't collect text and call logs on iPhones. The only reason it could do so on Android devices, and in some instances still does, is because Android's privacy policies were initially terrible and apps could do almost anything they wanted.

Under Android's old rules, when you gave an app permission to read your contact list, it could also then read your call and text logs. You just didn't know about it.

Google changed this rule in 2012 with Android 4.1 Jelly Bean, but there was a catch. To keep older apps running properly, Android supported the old permissions model for legacy apps until late 2017.

Facebook has some of the best coders and security experts in the world, but for years it seems to have made sure that updates to its Android apps preserved the older software function that enabled it to read user call and text logs. And indeed, several people with devices that never had run older versions of Android nevertheless found that Facebook had their call and text logs right up until the fall of 2017.

What exactly gets collected
To be clear, logging the calls and texts doesn't mean Facebook has the contents of those communications. It has only when they were made, which phone numbers were involved and how long calls lasted.

But that's plenty. This is metadata, the same kind of information that Edward Snowden revealed the NSA had been collecting from Verizon. Metadata can reveal when you called your mother, when you texted your best friend or when took a call from someone with whom you've been having a secret affair.

The police normally go to the phone companies when they want to find out when certain calls or texts were made. But the phone companies keep such records for only a few months. Facebook seems to have been keeping them for at least three years. If I were a cop and I knew this, I'd get a warrant for a suspect's Facebook records first.

MORE: How to Stop Facebook from Sharing Your Data

Facebook now says that call and text logging is only available, and has only ever been available, for Facebook Messenger and Facebook Lite for Android.

That contradicts what several users have found. Sean Gallagher at Ars Technica, whose article on this issue is well worth reading, is sure he'd never installed either app, because neither shows up in his "Installed" list in Google Play. He had installed the regular Facebook app in 2015, and lo and behold, call and text logs show up in his downloaded Facebook files.

There's an enormous breach of trust here. You don't know what else the company might be doing behind your back.
Dancing around the truth
Sean's article got a lot of publicity over this past weekend, and in response, Facebook put up a blog post that seems to dance around the truth.

"Call and text history logging … helps you find and stay connected with the people you care about, and provides you with a better experience across Facebook," the post said.

"We introduced this feature for Android users a couple of years ago. Contact importers are fairly common among social apps and services as a way to more easily find the people you want to connect with. This was first introduced in Messenger in 2015, and later offered as an option in Facebook Lite, a lightweight version of Facebook for Android."

Contact importers are indeed common among both Android and iOS apps. But as far as we're aware, uploading users' call and text histories is not. And we're pretty sure that this practice was in the regular Facebook app as well.

Facebook also insists that it doesn't share or sell the call and text logs with third parties. But it hasn't answered why — and we've asked — why it needs the logs at all.

How to make sure your calls and texts aren't logged
The good news is that this logging no longer occurs in the regular Facebook app for Android. Users of Facebook Lite and Messenger for Android can opt out of it — here's how to do it for one, and for the other— although in the case of Messenger, stopping the logging will also stop the syncing of contact lists.

But that doesn't come close to mitigating the enormous breach of trust that Facebook has committed here. You don't know what else the company might be doing behind your back.

If you haven't already done so, delete the Facebook apps on your phone. Use the mobile browser to access the Facebook mobile website in an incognito or private browsing tab, and use Signal, Apple Messages or WhatsApp (owned by Facebook, but less intrusive) as your messaging client.

On the desktop, use a private browsing or incognito window to access Facebook. Otherwise, it'll just track your movements across the internet.

You could just delete your Facebook account, but that's impractical. Instead, take the above steps to minimize what you give to Facebook.

[sammyboyfor]

I also encourage everyone to read https://sams.guide/showthread.php?t=627638

[sammyboyfor]

From our ex resident hacker - icedpinata
Samster

Join Date: Sep 2016

Location: dun tell u
Posts: 98
My Reputation:
Points: 1951 / Power: 2

Re: To all the Victims and potential Victims of "scandals".
Whenever data comes off your PC and onto any online service, don't think it's safe. For every widely publicised data breach there are countless others that remain underground.

Epoch had an un-patched SQL injection for years that very few are aware of. Unless the database is dumped into public view, they'll keep quiet about it. So far for Epoch it's worked and they've avoided the fallout. It's the same corporate risk management strategy that other companies have used and continue to use.

Dropbox were aware of their leak years ago and admitted to it, but somehow neglected to mention that passwords had also been stolen. That was until recently when they were caught out. Similar risk management strategy but in this case it failed.

To be fair Dropbox did introduce a CAPTCHA system at time of the initial leak. They knew hackers would use the stolen passwords to access accounts using automated bots. Unfortunately the idiots managed to cock up it's implementation and didn't fix it until the next year. How much material was stolen in the meantime? Your guess is as good as mine. Again, Dropbox have been pretty quiet about it.

Over the last year iCloud has had a bug with photos/ videos that was only just patched the other month. Depending on your iPhone settings, if you took a photo and then deleted it, your phone would have no trace of it and it would be inaccessible by any normal means. However that photo data would remain on iCloud servers for months accessible to hackers using specialised tools. Apple have been pretty quiet about it so far. Unless it blows up in the media, they'll keep quiet about it.

Yahoo, 500 million accounts breached in 2014. That data has been in the hands of hackers for that long. Girl has an old Yahoo account. She last used it to forward some work documents to a new Gmail account she made that uses the same password. Wakes up one morning to find that her complex iCloud password doesn't work anymore. She resets it using her Gmail and doesn't worry too much about it. Six months later some random messages her on Facebook to tell her that her tits are out on the internet.

Just a few examples out of countless vulnerabilities, many of which are never discovered/ disclosed.

It's true security is getting better, but so are the hackers.There is a breed of 'hacker' out there that is truly dangerous, they operate on human factors. I'm aware of the official Dropbox press releases, but there are rumours that the employee concerned was deceived/ manipulated into handing over their confidential information by one such operative. This information was then used to mount additional attacks. Even with a physically secure system, your data still isn't safe.

I could write a whole book about this stuff. Most people in their own lines of work are aware of bad practices, cock ups and all sorts of stupidity that customers never see. Cyber security is no different. Hackers have literally walked off with databases worth millions and the team have been like, oh shit, I hope no one notices. They also get to hear the rumours that no one else does.

The bottom line: any time you take a photo/ video using a modern device and that data is transmitted over the internet, you have no idea who will have access to it. There are many un-patched vulnerabilities out there, most of them you'll never hear about. You'll just sit there wondering how you got hacked.

'Check if you have an account that has been compromised in a data breach':
https://haveibeenpwned.com/

This is a useful site, but then it only has known breaches, most are never made public.

[Big Sexy]

Support... that is why i never have and never want any social media account..

but i reckon most people using that already know of the risk and dont give a damn..
so they are fine with that...

[GeylangWanderer]

Too many gossip news and videos on facebook and facebook comes pre installed in android phones too

[CheeHongGan]

That is why never reveal too much about your personal date online .

[sionglim]

Keep this thread updated now n then.
I dont put name, age ,job ,edu, all blank.
They asking for photo, ignore them.

[Lorres]

I never use facebook. I have a acct but zero entry.
Despite all the invitations from friends and sniggers, I refuse to use it.
A "private" setting means nothing in this high tech age.
I am a nobody, but my private life is..... private.
I dun even like taking BF/GF we-fies. Imagine, GF-A upload we-fie pic and seen by GF-B....

[MoeLanYong]

Boss,
TL;DR. First time you so naggy. One just needs to delete Facebook apps or change the apps privacy settings. I did that when the Cambridge Analytica scandal surfaced. No need delete FB account. In any case, I don't see the big deal. If FB wants my birthday and which secondary school I went to, I will be more than happy to provide them.

[sammyboyfor]

Quote:

Originally Posted by Lorres

I never use facebook. I have a acct but zero entry.
Despite all the invitations from friends and sniggers, I refuse to use it.
A "private" setting means nothing in this high tech age.
I am a nobody, but my private life is..... private.
I dun even like taking BF/GF we-fies. Imagine, GF-A upload we-fie pic and seen by GF-B....

The issue is not the information that you upload to facebook but the fact that your facebook is capturing data from other apps on your phone.