Category Archives: Facebook

Facebook App Privacy Concerns Are Bullshit

There seems to be a lot of kerfuffle and whatnot about the privacy concerns of the Facebook Messenger App on Android phones going on at the moment. Mainly it seems to be fuelled by this piece of shitehawk “journalism” by the Huffington Post: http://www.huffingtonpost.com/sam-fiorella/the-insidiousness-of-face_b_4365645.html

Please bear in mind that The Huffington Post is owned by AOL, who have a long-standing mardy about Facebook.

So, what are the concerns? Well allegedly Facebook can spy on you constantly, use your phone to send text messages and make calls, yada yada yada be evil. Here is a screencap of the entire list (from that site – taken 13/01/2015)

hufpoand

Notice how it is in text format, and not a screencap. Now, there is a screencap of the current permissions (actually its two screencaps stitched together…

full perm list

Should you be scared that it can access your microphone and camera?

Firstly, due to the way Android handles permissions, you have to allow access to things all the time for an App to work. iOS does it differently, only requesting access as and when it is needed.  So on an Android device you have to agree in advance to let it use your camera, but on an iPhone you can opt to use the App but not let it access the camera. I know which model is better, but I am never, ever, EVER going to make any public statement that I agree with anything that Apple have done. Blame Bono for that.

Secondly, do you really know what all those permissions mean? No? Well I’m going to tell you. With pictures. Try not to fall asleep at the back!

Starting at the top…

huff1

  • “directly call phone numbers” – well you know that bit in the App where you can telephone people? Have a guess why it needs to do this.
  • “read phone status and identity” – well the two come bundled together. It has to know about your phone and whether ot not you are on a call or not just so that it doesn’t fire up and bombard you with voice calls from Dickhead Dave while you are trying to order a pizza.

huff2

I’ll lump all the above into one. The app (yeah bollocks to capitalisation now) allows you to send and revieve SMS/MMS messages. So it needs to be allowed to do just that.

huff3

You know how you want to do that chatty with live video and sound? Just try to work out why the app needs to use your camera and microphone.

huff4

Just like Facebook posts, messages say where you are. If you don’t like it, turn Locations off in your device settings.

huff5

You want to contact people don’t you? No? Oh just delete the app, get rid of Facebook entirely, and go and live in a cave. You could always use Google+.

Hang on, why does it read the call log? Maybe, just maybe, its so that when you start a new conversation it will prioritise those contact’s names in the list as you ham-fistly bash at the screen with your knuckle trying to spell N I C K.

huff6Really, have a guess on this one. Did you go with “so it knows who I am”? Yes? Well you’re not having a prize.

huff7

Want to save that pic of a dog in Darth Vader costume that Alan The Muppet just sent you? Well you’ll need this.

The same goes for if you want to send your home-made pornographic version of “The Wrong Trousers” to someone.

huff8

Do you want to connect Facebook to your Twitter, Instagram, Swarm, etc accounts?

huff9Right… so here we go…

  • “change network connectivity” – this basically allows the app to determine if you actually have a valid connection or not. Its a badly worded phrase in the Android permissions list really. Panic Not.
  • “download files without notifications” – Do you really want to have to agree to see every picture that you are sent?
  • “full network access” – It is a communications app. It will need it.
  • “receive data from internet” – How do you think message are received.
  • “view network connections/ view Wi-Fi connections” – bundled in with the above “change network connectivity”

huff10

Can we guess this one?

huff11

This is just so that Chatheads can piss you off by floating on your screen in the most inconvenient place possible.

huff12

  • “control vibration” – buzz your phone if it is on silent
  • “prevent tablet from sleeping” – keep the screen turned on if the app is active
  • “change your audio settings” – actually is should be called “check your audio settings”. It is used to determine whether your device buzzes or bings.

huff13

Well it does need to know if the contacts list is synced and up to date or not.

huff14

“install shortcuts” allows the app to put those really annoying “Chatheads” on your home screen,

and finally…

“send sticky broadcast” – this is where it all gets a bit complicated.

A “sticky broadcast” is a parcel of information concerning your identity, location. recent activity, blood pressure, IQ, heart rate, and whether or not you smell of almonds. It is broadcast to the CIA, MI5, Mossad, WASP, Interpol and the ISPF.

Or, it could just be a method of inter-process communtication.

So thats that. Nothing sinster going on at all. Whats more sinister is that Google track your every move and action, that you’ve agreed to this, and furthermore seem quite happy about it.

 

Fake News on Facebook

There seems to be a spate of fake news sites going around Facebook at the moment. By that I don’t mean sites that are posting fake news, such as Toytown News, but posts that seem to link to legit news articles but then throw you off to something else.

I’m not going to give any direct links, but Bellingham tributes linking to UKIP hates sites is a particularly vile example.

So, how does this happen? Well to put it simply, when you post a link on Facebook, the site trawls the link to grab a picture and some text details. For example:

fakenews-eg1Note the “WWW.SYFY.CO.UK” text in the bottom left corner of the image. Most people wouldn’t pay attention to it, but that shows what website the post will actually link to.

The good news is that you can’t hide the destination site, but the bad news is that you can confuse people about it.

People don’t pay attention, and generally only scan “unimportant” information, so if the text at the bottom left says something like “news” or “feed” they are inclined to trust it.

So I registered a domain name to test this out.  I figured that it would have to include the word “news”. So, being a bit of a sick puppy (and a Chris Morris fan) I tried to get newsfelch.co.uk. Sadly, it was taken, so I got felchnews.co.uk. (As an aside, I will probably use this to post news articles about a fake village somewhere in the the Staffordshire Moorlands. If I can be arsed.)

Anyway, back to the fake news thing. Nothing makes a fake story looks real like the logo of a reputable news organisation. so I used this:

bbc-newsNext, you need a title. I went with my long held belief that you can use modern cleaning fluids to get rid of a body. Hence: “Cillit Bang Used to Disolve Corpses”, including a deliberate spelling mistake.

Next, some flavour text that will show up under the link. I decided to make it contradictory and nonesensical yet still grammatically valid, so:

According to South Lancashire Police, several corpses have been found completely disolved in Cillit Bang, leaving no traces whatsoever.

Ignoring the fact that there is so such organisation as “South Lancashire Police”, if no traces have been left, then nothing can have been dicovered? Obvious, right? Erm, no. But I’ll get back to that.

So, how does our fake news link look now?

fakenews-eg2It all looks legit doesn’t it, well apart from the “felchnews” bit that nobody pays attention to?

And here is the HTML to do it:

<html>
<head>
<title>Cillit Bang Used to Disolve Corpses</title>
<meta name=”description” content=”According to South Lancashire Police, several corpses have been found completely disolved in Cillit Bang, leaving no traces whatsoever.”>
<meta name=”keywords” content=”According to South Lancashire Police, several corpses have been found completely disolved in Cillit Bang, leaving no traces whatsoever,humor, prank”>
<meta name=”author” content=”News Editor”>
</head>
<body bgcolor=ffffff>
<center>
<img src=”/assets/bbc-news.png” width=1 height=1>
</center>
<center>
<font size=+10>Don’t be so fucking stupid! </font>
<center>

</body>
</html>

Clearly this just links to a site that says “Don’t be so fucking stupid!”, but with a little bit of javascript or the right HTML you can immediately bounce the browser the somewhere else.

I suppose, really, that this post could be condensed down to “be careful what links you click on”, but really, if you haven’t worked that out by now then you have no fucking business owning a PC/tablet/smartphone.