Opinion

Facebook and the never ending talks about privacy

As each day goes by, I see more and more people complaining when it comes to Facebook and privacy:


I’d like to make my friend list private. Cannot.

I’d like to have my profile visible only to my friends, not my boss. Cannot.

I’d like to support an anti-abortion group without my mother or the world knowing. Cannot.

And these are things that get shared while Facebook is being conscious and while their users have previously agreed to this.

It gets even worse. Let’s think of all the information that can get leaked without anybody wanting it, neither Facebook, neither the users. Let’s take a look at the latest publicly disclosed Facebook vulnerability. Yes, livechat sessions potentially exposed to attackers. Friend lists and other personal data that could get compromised. Pretty bad.

You’re not under control, no matter how much you would like to be. Try to imagine for a moment that everything would be perfect. Facebook would have 100% accurate and customizable privacy controls and only your few really good friends will be able to access your phone number or the pictures of how you got drunk during last night’s party. Also, the social networking platform itself would be technically flawless, with absolutely no vulnerabilities. I know, it’s an utopia, but we have to push things to the extreme. Even in this heavenly world where everything is perfect, imagine one of your trusted Facebook friends gets infected and his account gets compromised. From this point, everything that you carefully shared previously can potentially reach any audience. And it’s not even your fault.

The solution is simple. Just delete your account. Problem solved. Simple, huh? Yes, but let’s face it, we’re not going to do this anytime soon. We’ll continue to complain, only to go back home and log-in to Facebook once again.

I propose something different. And I’m always giving this advice to anyone who asks me about privacy and social networks: as long as you have a social networking account, make sure you behave thinking that sooner or later, the things you do online can be seen by anyone. Expect the best, but think of the worst. Don’t upload a picture, don’t post a link or a comment unless you are prepared to take responsibility for your actions. I know it might be hard to decide, but if in doubt, just don’t do it. Don’t do it unless it’s something that you’re ready to share with any person from your past, present or future life. Be honest to yourself first and you won’t have any problems. I think it’s common sense.

Facebook and the never ending talks about privacy

Your email address will not be published. Required fields are marked *

 

Reports

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Lazarus covets COVID-19-related intelligence

As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that the Lazarus group is going after intelligence that could help these efforts by attacking entities related to COVID-19 research.

Sunburst: connecting the dots in the DNS requests

We matched private and public DNS data for the SUNBURST-malware root C2 domain with the CNAME records, to identify who was targeted for further exploitation. In total, we analyzed 1722 DNS records, leading to 1026 unique target name parts and 964 unique UIDs.

What did DeathStalker hide between two ferns?

While tracking DeathStalker’s Powersing-based activities in May 2020, we detected a previously unknown implant that leveraged DNS over HTTPS as a C2 channel, as well as parts of its delivery chain. We named this new malware “PowerPepper”.

Subscribe to our weekly e-mails

The hottest research right in your inbox