A Facebook Employee Asked a Reporter To Turn Off His Phone So Facebook Couldn't Track Its Location (businessinsider.com) 254
Steve Kovach, writing for BusinessInsider: To corporate giants like Facebook, leaks to rivals or the media are a cardinal sin. That notion was clear in a new Wired story about Facebook's rocky time over the last two years. The story talks about how Facebook was able to find two leakers who told a Gizmodo reporter about its news operations. But one source for the Wired story highlighted just how concerned employees are about how their company goes after leakers. According to the story, the source, a current Facebook employee, asked a Wired reporter to turn off his phone so Facebook wouldn't be able to use location tracking and see that the two were close to each other for the meeting. The Wired's 11,000-word wide-ranging piece, for which it spoke with more than 50 current and former Facebook employees, gives us an inside look at how the company has been struggling to curb spread of fake news; battling internal discrimination among employees; and becoming furious when anything leaks to the media. Another excerpt from the story: The day after Fearnow (a contractor who leaked information to a Gizmodo reporter) took that second screenshot was a Friday. When he woke up after sleeping in, he noticed that he had about 30 meeting notifications from Facebook on his phone. When he replied to say it was his day off, he recalls, he was nonetheless asked to be available in 10 minutes. Soon he was on a video-conference with three Facebook employees, including Sonya Ahuja, the company's head of investigations. According to his recounting of the meeting, she asked him if he had been in touch with Nunez (the Gizmodo reporter, who eventually published this and this). He denied that he had been. Then she told him that she had their messages on Gchat, which Fearnow had assumed weren't accessible to Facebook. He was fired. "Please shut your laptop and don't reopen it," she instructed him.
Is it me or does that company become more and more like some kind of cult?
Hydra...without the scary red skull looking guy.
"Hydra...without the scary red skull looking guy."
Are you *sure*? Have you seen what Mr. Zuckerberg looks like when he takes his face off?
Hail Facebook!
[just kidding, of course]
He will most likely look like either Nicolas Cage or John Travolta.
More like
https://www.youtube.com/watch?... [youtube.com]
Is it me or does that company become more and more like some kind of cult?
Have you seen the movie The Circle [wikipedia.org]? My first thought after seeing it was "Facebook". I find it to be extremely interesting that the wikipedia article linked above makes no mention whatsoever of the parallels. It was a really creepy movie.
At least you could then avoid it by not using Apple hardware.
I'm not seeing a downside to this.
I didn't. FB still is sending strange "Do you know...?" things to my dummy account.
That wold be better - not worse since then most of us wouldn't have to worry about FB anymore.
B.t.w, the article should have linked to the Wired article directly instead of going over the summary at Business Insider.
Considering how in accurate the accelerometers are, it sounds about as likely as that blind driving scene in Taken 2.
Before GPS they used "dead reckoning" in car map applications to take car speed and direction and map it to somewhere on the map. It could take a little while but eventually works. You draw a line with turns while driving, and the longer and more turns, the more you whittle down the possible matches.
GPS speeds this up but doesn't replace it.
That shit's not even accurate or stable enough for determining which way I'm holding my phone.
Facebook creeps me out (Score:5, Insightful)
But one source for the Wired story highlighted just how concerned employees are about how their company goes after leakers. According to the story, the source, a current Facebook employee, asked a Wired reporter to turn off his phone so Facebook wouldn't be able to use location tracking and see that the two were close to each other for the meeting.
And people wonder why I don't want to have anything to do with Facebook. If Facebook really is tracking people's location with that amount of accessible detail then I will never ever have an account with them and I will block them by every means I have available.
Re:Facebook creeps me out (Score:5, Informative)
Block as much as possible (Score:5, Insightful)
They don't need you to have an account with them in order to track you.
Which is why I make heavy use of various ad blockers and privacy guarding software to prevent as much of that as possible. I'm well aware they try to track me but I try to not make it easy for them. For example on my current browser I have Privacy Badger, Ublock, and Adblock Plus as well as some stuff to block flash. I'll use every tool I can find to give them the figurative (and literal) middle finger.
Re:Block as much as possible (Score:5, Informative)
Ghostery (Score:2)
I would recommend Ghostery as well.
I tried it but it caused more problems than it solved. Not sure what the flaw was but it made things work VERY slowly when they worked at all. Maybe they've fixed the issues since I tried it last. I liked what it did but it just didn't work very well for me.
Re:Block as much as possible (Score:5, Informative)
A few years ago Ghostery got bought out and changed their policies to "block all but our partner trackers"...they're useless now.
Re: (Score:2, Informative)
Re: (Score:2, Insightful)
Props to you for valuing your privacy. However, many of your friends, family, co-workers, etc, likely use Facebook, and in doing so may reveal much about you. It's a difficult problem to work-around, since many don't see anything wrong with taking and sharing pictures of others (ie. family at a gathering, friends at a party, etc).
Furthermore, many phones and various internet of things that may be in your vicinity are likely running dodgy apps eavesdropping on conversations. And then there are smart-speakers
I resent having to police my friends (Score:4, Insightful)
However, many of your friends, family, co-workers, etc, likely use Facebook, and in doing so may reveal much about you.
I've had this exact argument with several people. Some of them couldn't wrap their head around the fact that I: A) didn't want to be on facebook, B) resented them posting information about me without my permission, and C) resented that I had to police them from doing so which is difficult since I don't want to use Facebook in the first place. Even if I liked what Facebook offers (I don't) I still don't trust the company to be responsible with information about me.
I worry about my daughter because in her generation it's kind of hard to have a social life without using some social networking systems that often don't care at all about respecting privacy.
Yeah, that ought to work real well with JavaScript disabled.
Re: Facebook creeps me out (Score:2)
You don't need it, but that's how they do it. If they decide to use other methods you can adapt to block those too, but right now it's unnecessary. Wow.
Please, do tell.
Load a 1px image from the adserver's domain. It's the oldest trick in the book.
No shit. Show me an example of any site doing that for Facebook, without using JavaScript.
You know where that comes from ? Yep, this websites main page.
:-D
That's funny. It's actually in the "noscript" section of the site meaning the jackasses intentionally put it there to track people with scripts disabled. Thanks, now I have a good reason to go and block the entire LinkedIn domain.
Anyway, LinkedIn isn't Facebook
:)
And I must say I'm a bit miffeled about your "without using JavaScript" addition. Almost as if you have zero idea about how an IMG tag works
...
If you look around you'll see that Facebook primarily tracks people through their stupid social media plugins for websites, which rely on JavaScript. They also do some tracking via ads which, again, depend on JavaScript.
Is it possible to track p
ETag tracking doesn't need any of these methods.
And I make it my game to dis-track them. With a combination of blockers and deliberately feeding false information, you can pretty quickly create a totally bogus profile of yourself. And my "targeted" ads (the ones I allow to pass to gauge my success) sure reflect that...
Re:Facebook creeps me out (Score:5, Interesting)
That part they can do for their own internal use by correlating any public data.
They have his location data, his Google Chat data (hangouts?), and other stuff.
... what? Hold on, something is wrong here. People require some measure of privacy, and the capacity to peer into private conversations on other platforms is simply unacceptable.
We'll have to start a regulatory push to provide capacity for non-breakable end-to-end encryption in text messaging and private messenger applications, perhaps as a legally-recognized implication of using the words "secure", "private", or "privacy" to describe conversations over these mediums. So "Facebook Messenger" can tell Facebook everything you say, in plain text, on their servers, as long as it's not described by Facebook as "Secure" or "Private"; whereas a messenger such as WhatsApp using double-ratchet end-to-end can claim your conversations are "Private", so long as the application is designed with the good-faith intent (meaning yes, you have to use secure protocols and encryption algorithms) to ensure no entity besides the communicating parties can read the messages.
Re:Facebook creeps me out (Score:5, Interesting)
I own and operate a small business. I occasionally run my business name through google just to see what turns up about it.
Imagine my surprise when I discovered that my business has a facebook page! According to facebook's help pages, I believe that the facebook page was automatically created when people "check in" (whatever that means).
I can apparently claim that page if I send facebook some documentation to prove that I own my business. But I can't delete it.
I have zero intention of claiming that page and rewarding facebook for their slimy behaviour in setting it up behind my back, though. And why would I want to intentionally forward even more information to facebook to prove that I own my business?
Re:Facebook creeps me out (Score:4, Insightful)
Of course they are, and whether you realise or not, you gave them permission when you installed the app
... because that thing wants access to pretty much EVERYTHING. And you can bet your ass they're mining your phone for all sorts of stuff you aren't aware of.
From this: [guidingtech.com]
Fuck that.
And, just as bad, so many websites have embedded links to Facebook in their page that they track much of where you go
... if you have an account they match it up, if they don't, they do anyway.
My browsers all block Facebook outright, because I simply do not trust Facebook even in the slightest.
Facebook exists to collect your data and monetise your life, and I refuse to accept that. If you have the app installed, you've given the ability to read everything you do.
How is anybody even slightly surprised by this?
Re: Facebook creeps me out (Score:2)
Most of that is only Android. You can turn off the few things that FB has access to very easily in iOS.
Re: (Score:3)
Never installed the app (Score:2)
Of course they are, and whether you realise or not, you gave them permission when you installed the app
... because that thing wants access to pretty much EVERYTHING.
Except I've never installed their app on any phone I've ever owned. Never will in the future either. So I just need to block them through the browser which is enough of a challenge as it is.
Re: (Score:2, Interesting)
Putin has stated that the Americans have created a better KGB than the KGB ever could have.
Re: (Score:3)
Wait, what? (Score:5, Insightful)
Re:Wait, what? (Score:4, Insightful)
Did I already mention that cult-like behaviour?
Re: Wait, what? (Score:5, Informative)
There's generally no way to prevent any app from accessing your location on Android
Of course there is. Install LineageOS, which comes with privacy guard. Or, if you want to keep your current ROM, install the XPosed framework. XPosed with XPrivacy is especially great because you can feed apps fake location data. Back when i still had Facebook they thought I was in the middle of the pacific ocean one day, and in the Arctic the next.
Re: Wait, what? (Score:2)
Lineage has run on every device I have wanted it on, including 5 different phones and 3 different tablets. It's true that it's not available for every device but that has no been an issue for me.
XPosed should run on every device out there, so if Lineage isn't available for your phone then give XPosed a shot. You still have to be able to root your device, though, which may be a show stopper for many people.
If you care about privacy my suggestion would be to select your device based on it's ability to imple
There are actually a few phones that flat-out can't be rooted. They tend to be either obscure or marketed as security-hardened, though.
The wrong kind of comforting (Score:5, Insightful)
I have little sympathy for FB users that get burned but it's even less for those evil enough to work there.
facebook can see gchat? (Score:5, Interesting)
So was he stupid enough to be using gchat on a corporate device or are Facebook guilty of hacking?
Yeah, I'm assuming Google are innocent (on this occasion).
Yeah, there’s an unexplored story there too...
Re:facebook can see gchat? (Score:5, Insightful)
I hope it was a corporate device, potentially signaled by the "Please shut your laptop and don't reopen it" line. Otherwise that would be a shocking level of collusion.
Uh, if the level of collusion is that high, the scary part is realizing the device owner no longer matters.
"Please shut your laptop and don't reopen it"
Sounds like a line from Manna.
Anyway, even if the messages were sent from a corporate device, are employers in the US allowed to read those? Here in Europe, many countries uphold the right to privacy even on corporate devices. An employer may monitor traffic to allow them to enforce company IT policies, but no further. They can check if you are sending or receiving emails, and they may have an automatic system scan them for virii, but they are absolutely forbidden to have any corporate humanoid peruse
Re:facebook can see gchat? (Score:4, Insightful)
Buahahahahaha, this is the US we are talking about. There are no privacy protections. If a company employs you, they basically own you. They can look at absolutely anything they want if you're on a corporate-owned device. You are basically locked into a company because if you leave somewhere you no longer have health insurance and your company may blacklist you so you can't find a job elsewhere. Only laws that benefit corporations are ever passed as the governmental officials are owned by the corporations. Companies can do anything they want, down to regulating what activities you do when not at work or dictating when you piss. They can fire you at any time for almost any reason. The only exception is for certain protected classes (rage, gender, religion, etc.) but if they are firing someone for being black they just say "they aren't a team player" or "didn't align with our corporate culture" - it doesn't really matter as long as you don't mention their protected class and cite something sufficiently nebulous. The only real protected class is the US is profit.
Re: (Score:3)
Which means this employee/contractor/w.e was smart enough to disable the phone location tracking, but not smart enough to not use a company device? What?
The article talks about one employee who (from the sound of things) used a corporate laptop. It talks about another different employee who asked the reporter to switch off the reporter's phone. I think you're conflating the two?
Re: (Score:2, Insightful)
So was he stupid enough to be using gchat on a corporate device or are Facebook guilty of hacking?
It was a corporate laptop.
Only a facebook owned and provisioned device would have access to the things he was taking screenshots of.
Their devices are no doubt setup to perform CA-cert MitM recording, as well as MitM all other traffic as well. They would have the chat logs that way.
I would like to think that facebook has their devices locked down to the point it either wouldn't have been possible to copy the screenshots off of it to another device for sending, but I can't say if that is true or not.
To be ho
My guess is that the corporate laptop included trusted root certificates to allow them to MITM TLS connections. It's common practice in order to perform traffic scanning.
Not surprising (Score:4, Insightful)
99% of the time, the more powerful an entity becomes, the more it will exert it's power to keep (and usually increase) said power. It doesn't matter if that entity is a company, a government, or an individual.
FEARBOOK (Score:2)
NT
He should have followed his own advice (Score:5, Interesting)
...and shut his own phone down.
It's good that Facebook lost over 2 million 17-25 year olds last year and will lose even more this year.
It's becoming the GrannyBook, the over 55 years are joining mostly, which is poison for the young generation.
...and shut his own phone down.
It's good that Facebook lost over 2 million 17-25 year olds last year and will lose even more this year.
I thought most insidious part of the problem is that they don't lose anyone, even if one naively thinks one's account is "deleted", The best one can hope for is to never have signed up in the first place.
...and shut his own phone down.
It's good that Facebook lost over 2 million 17-25 year olds last year and will lose even more this year.
I thought most insidious part of the problem is that they don't lose anyone, even if one naively thinks one's account is "deleted", The best one can hope for is to never have signed up in the first place.
Reminds me of: I am altering the deal, pray I don’t alter it any further. -- Darth Vader
even without FB (Score:5, Interesting)
Just bought a new ZTE phone from Cricket Wireless... I found out that every cricket phone comes preloaded with a Wifi Manager application that is supposed to transition you between wifi and cell data automatically. If you agree to the EULA, it collects data about your phone and wifi and location and moves you between open wifi and data networks. Well this sounded like a bad idea so I reset the phone and didn't accept the EULA this time.
Turns out that the data collection happens whether or not you accept the EULA. GPS info if you leave it on, WIFI SSIDs, cell locations, IMEI, Phone ID, data traffic levels...
The offending app was from smithmicro and could not be disabled. I ended up in debug mode on adb shell and was able to uninstall the package for current user (not something Joe schmoe's grandma will do).
My point is, you may think that no one is watching so long as you remove FB or other apps, but your location data and patterns is more valuable than the $50 the company gets for selling you service.
Android development (Score:4, Informative)
While doing Android development i find it disturbing to say the least that while debugging my extremely basic app (think hello world) I see calls to Facebook and Amazon urls in my console logs.
WTH is up with that, I'm just a novice?
Re: (Score:3, Insightful)
Check what libraries you're including. Nothing is free...
Do you have any Facebook or Amazon applications installed on your phone?
Google reads your Gchat msgs .. (Score:2)
Well, a big fucking DOH!
--
sig: I'll bet you're the kind of guy that hangs round Reddit fapping off over pictures of furries and yellow-scaled wingless dragonkin
Why was location turned on? (Score:2)
Police work now vs then (Score:2)
Police 2017: The criminal doesn't have a Facebook account, nor smart phone, nor credit card.......we are totally baffled.
Dim witted leaker got what he deserved (Score:2)
Put your real phone in your girlfriend's purse, ask her to go shopping and then to a movie while you to meet this reporter.
If such basic precautions are not taken, why blame facebook?
High time for federal regulation (Score:3)
Aaaand this is just highlighting why Facebook needs to be federally regulated. They have every right to fire a leaking employee, but I am pretty sure that how they figured it out is a violation of a number of laws. Even if they have access to said information for advertising purposes through the employees Facebook page, there is a whole different set of regulations as to what an employer can do to spy on an employee, especially on their days off...
It is high time the technocrats running Google, Facebook and Twitter go the hard slap down of federal regulation. They are just companies and they have been abusing their increasing power for far too long already.
Trump wishes, but he won't get out this easily!
Traffic analysis (Score:5, Interesting)
Facebook probably will have some way to see you are using a covert app, and probably be able to see other people who are using the app at the same time. Likewise google, may verywell be the DNS that originates this. And finally how can you be sure that Signal or Skype doesn't share it's transaction analysis with its "partners and customers" as the EULA you didn't read might say. And perhaps the person you are talking to is also taking notes in google docs, etc..
De-anominization isn't that hard. More to the point, you can't really know ahead of time if is. And finally, your early contacts with a reporter probably don't happen via covert channels. Few people plan ahead like Snowden.
Not to mention Ad malware (Score:3)
I keep finding some as malware like Spigot or Conduit has wormed itself into my broswers. The way that crap works is it's capturing and editing all your transmissions and receptions to analyse content, inject ads, and to track correlations across sites. So even if you think you are clean you may not be and even if you are using your personal computing devices they very well can correlate you back to your work devices just by the websites you visit.
I really really hate these adware companies. They are lik
Re:Traffic analysis (Score:5, Interesting)
Re:Traffic analysis (Score:4, Insightful)
Leaving smartphone at home sounds like an idea, though..
check movement sensors of smartphone
check gps data of car
check financial transactions of credit cards
check laptop activity
and that's only for that person. There's all the public monitoring of people movements.
Re: (Score:3)
I suspect you could probably run a specialized service for it--a virtual tour, where you take a certain number (quota decided on what would look 'right' for a bus to avoid being given away by density) of phones on a nice drunkard's walk tour of the area with maybe a bit of effort to hit the tourist spots. You'd have to keep the identities of the 'tour leaders' secret, of course, but...
P2P is the least anonymous (Score:2)
if you are P2P with no intermediary to tumble the connections then every router, gateway, backbone, and ISP knows exactly who is talking to who.
Re: (Score:2, Interesting)
Some people, including myself, believe that it is not only morally justifiable, but morally imperative, to leak evidence of wrongdoing, particularly at massive scale.
It's just you. Whistle-blowing isn't "leaking".
"Lately it seems like it is acceptable to leak company/government secrets is not considered doing something wrong."
It's you.
I was always acceptable to leak 'secrets' of corrupt and criminal companies or government.
They just became more corrupt and criminal lately.