Facepalm

Facebook, ever again, shows that it prefers to learn on its own mistakes rather than someone else’s. This time, it’s about storing passwords in plain text: a textbook security negligence, at different times stepped on by Equifax, Adobe, and Sony.

And this really doesn’t help in building confidence in the social network. We entrust them our most personal pieces of information, and they don’t give a damn about keeping it safe.

We have found no evidence to date that anyone internally abused or improperly accessed them.”, said Pedro Canahuati, Facebook’s vice president of engineering, security, and privacy. Given all the recent breaches in this company’s security, I can’t help translating this to human language as “we didn’t bother so we didn’t put any access control audit mechanisms in place, so whoever saw your passwords, there is no (and can’t be) any real evidence to that.”

Just a couple of days ago I was asked to send money via Facebook payment service. In the middle of the payment process I realized it is not possible to make the payment – which would have been a one-off one for me – without having Facebook remember either my card or Paypal details. I stopped, closed the Facebook tab, and paid with a different method. Glad I did.

Picture credit: Alex E. Proimos

(Don’t) Delete Facebook

Everyone’s so agitated about Cambridge Analytica and #deletefacebook as if they have never been warned about the stuff for over a decade or so. The easiest way to conceal information that makes you vulnerable (whatever that is for anyone) is as plain as – surprise! – not give it away.

It is quite amusing that Facebook and Mark Zuckerberg personally fell the biggest victims of the scandal. Not Cambridge Analytica, not Alex the intriguer, not the ‘I-did-nothing-wrong’ Alex. No, it’s Facebook.

Sorry guys, but Facebook’s role in this story is as pure as a drop of water. Facebook, openly and honestly, offers you a stage and a loudspeaker. It doesn’t force you into using them to reveal your secrets. It doesn’t force you into actually using them at all. It’s your choice whether to use the stage and  what exactly to shout into the loudspeaker – and what not to.

This is a good point to recall the next time an unknown app asks your permission to access your contacts, mailbox, or news feed. You probably don’t share everything you write on your page with your mum, so why should you share that with some s̶u̶s̶p̶i̶c̶i̶o̶u̶s̶ ̶l̶a̶d̶s̶ ̶i̶n̶ ̶g̶r̶a̶y̶ ̶h̶o̶o̶d̶i̶e̶s̶  respectable company from Cambridge?

Picture credit: https://www.freeimages.com/photo/the-missing-delete-button-1455215