Incidents

Tim is using the new profile

Facebook has started offering a new profile*. What’s unique about this is that they offered it. In the past they had always forcibly changed it and added privacy changes, much to the chagrin of their user community and privacy advocates.

The way that this change developed was either clever marketing or social engineering, though I hesitate to have a debate on the difference between the two. When logging into Facebook, users were greeted with the news that some friends were using the “New Profile”.

This clever bit of information was there to notify the users that there is an alternative. It adds an idea of exclusivity. There is something else, and your friends are using it, but you’re not. Are you missing out? The message was then repeated as friends adopted the new profile.

Facebook has been heavily criticized in the past for forcibly changing settings and reducing their user’s privacy. Let’s not forget that Facebook is a company that sells things. It is not their main intention to ensure you make contact with old friends from school. They are there to make a profit and selling user information is one way they do that. However if users lock down all their privacy they won’t have much to sell.

Facebook has overcome this by using an opt-in strategy this time. First, they offer a new profile. The new profile is more of a personal showcase. Not entirely different, but the layout has moved around. They are quick to notify you that your privacy settings have not changed. The most interesting part is the addition of personal information links on top of the new profile:

These entice the users to add more personal data, showing more about you as a person. They also override the privacy settings in the profile management area, because hey, you changed it yourself. Did it work? I would say yes. I saw more and more friends adding birthdates, home towns, work information, and more. All of this is very sellable information to advertising companies looking to “profile” their users.

It seems Facebook has learned its lesson about forcing changes on users, and even used it to its advantage to gain more information about them. Be wary of putting too much personal information online. A lot of the info you might post on Facebook could be used for malicious purposes, such as guessing your password reset hints for other sites or targeted attacks on the company you work for. If you’re not sure, best keep it to yourself.

*not everybody is convinced about the new profile just yet

Tim is using the new profile

Your email address will not be published. Required fields are marked *

 

Reports

Lyceum group reborn

According to older public researches, Lyceum conducted operations against organizations in the energy and telecommunications sectors across the Middle East. In 2021, we have been able to identify a new cluster of the group’s activity, focused on two entities in Tunisia.

GhostEmperor: From ProxyLogon to kernel mode

While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to dub the cluster GhostEmperor.

APT trends report Q2 2021

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.

Subscribe to our weekly e-mails

The hottest research right in your inbox