I do very openly use Facebook, with a high degree of self-censorship of course. I came to the game late and leery, and still have grave doubts about Facebook. Are they really looking out for my best interests? Because we all should clearly understand that any corporation is bound by corporate law to maximize profit, regardless of the costs or benefits to users or the public. Do you, for instance, really believe that Bank of America has your best interests at heart? Because, although legally a corporation is a “person,” it has no heart. Nor can it be imprisoned for crime. Awfully convenient, isn’t it?
So, about cookies: these little bits of user information have long been suspected of a potential for evil. This has been mostly unjustified. However, you do have to be aware that Facebook can access Facebook.com cookies from any site that displays a Facebook button. Which makes for a magnificent way for Facebook, and its affiliates, to track you as you move from site to site. Maybe that doesn’t bother you.
Maybe it should.
See this story at http://extragoodshit.phlap.net/?p=148138:
Facebook tracks sites you visit even after logging off
NEW YORK: Facebook has reportedly admitted tracking which sites its users visit even after they log off, thanks to plug-ins and cookies.
Facebook, which has more than 800 million active users, also keeps close track of where millions of non-members of the social networking site go on the web, even after they visit a webpage for any reason only once, USA Today reported.
No problem, right? Except that Facebook has become a prominent target of attacks, like the recent porn-storm that swept some users’ pages:
http://www.computerworld.com/s/article/9221904/Facebook_users_reel_from_porn_spam_attack
But hey, you can always request your data from Facebook, and see exactly what they’re keeping, right? Well, no, not really. You used to be able to, but now you get much less, because they claim some data is their intellectual property:
Apply trust analysis to this situation. Remember, any one answer can be grounds for complete non-trust.
Symmetry: Does Facebook allow you to gather data about its functions and processes? Actually, that would be a violation of your Terms of Service.
Transparency: If you’re providing complete data, will you or nil you, is Facebook required to do the same? Ha, ha ha ha!
Integrity: Meaning, do the rules of the game change mid-play? Only every time Facebook changes its Terms.
Consistency: Is Facebook consistently safe, secure and considerate in its practices? Good grief, how can you even ask?
I’ll leave you to ponder the remaining trust parameters. See this article on InfoSecIsland for a good, and simple, example of trust analysis:
https://www.infosecisland.com/blogview/14652-Broken-Trust-Part-1-Reflections-on-RSAs-SecurID.html
The one that finally wins out, however, is:
Value of Reward: Is what I get from Facebook worth what they’re gathering on me? So far, I keep deciding in the positive. It’s looking like a potential bargain with the Devil, though. Good thing I like those shared photos and stuff.