Monday, September 14, 2009

Are They Nucking Futs?

When someone joins Facebook, it presents a list of members the person might know. The idea is that anyone can start out right away with a network of friends.

I discovered this about one month ago, when I first joined. My new account hadn't even been confirmed when I saw the names of a couple of dozen Facebook members to invite as friends.

I joined Facebook only because my daughter joined. Why my daughter joined Facebook is interesting.

She received an e-mail from a family friend, my wife's adult friend, "AS". The e-mail invited my daughter to view some photos that AS posted on her Facebook account. However, AS's account is not public. So when my daughter, my impressionable 11 year old daughter, clicked through to view those photos, she was directed to join Facebook. Which she did because she assumed AS wanted her to, and that it was okay.

But Facebook does not allow minors to join without some extra effort. So she lied about her year of birth. (That's regrettably something I actually told her that I did when I created an account for her on DeviantArt.) She chose 1981 as the year of her birth, making her 28, and she got on. She quickly befriended a few adult folks whom we know. I wasn't too upset about that, because she didn't use her real name or photo, and I maximized the privacy options.

Facebook's advertisements appear on the right sidebar. But they're designed to blend in nicely with the site so as to appear to be regular content. You can clearly see the word "Sponsors" above the ads and ignore them, unless you're an impressionable 11 year old.

Now for some conjecture. I assume that what happened next is that an ad for MyYearbook appeared on Facebook. It invited my daughter to join and meet her friends online. What I do know is that her e-mail account had messages from the MyYearbook accounts of sleazy, leering, shirtless 16 year old boys. And when I went onto MyYearbook (logged into the computer as my daughter), I saw that her profile page had her first and last name, plus our town and state. And it said that she was 17 years old. I nearly blew a gasket.

But I managed to calmly ask my daughter what MyYearbook was. (Had I been even calmer, I'd've said, "Hey, I heard about this neat website called MyYearbook," and she might've talked freely about it.) Anyway, she was upset when I showed her that her name and town were out there. And she asked me if I could delete it, which made me feel better. Because it's quite possible that she was upset about being caught, not about her violation of privacy. She also decided that she didn't need to belong to Facebook, either, so we closed that account, as well. An interesting side effect of all this is that she spends a lot less time on the computer.

Now back to the subject of the post. It used to be that when folks got e-mail accounts, they were very careful not to give their e-mail addresses out lest they get inundated with spam. When I created my Yahoo ID back in 1997, I used the account only as a throwaway e-mail address. I wouldn't dare send anything to a friend or put friends' e-mail addresses into my Yahoo address book for fear that Yahoo would spam them. But today, incredibly, some folks see nothing wrong with giving to Facebook their login credentials and permission to access their e-mail accounts.

Thanks to brilliant Facebook marketing, the idea seems innocent enough. Facebook offers to find your friends, which it can do most easily if you let it log onto your online accounts and comb through your address books or contacts lists. What you might not realize is that Facebook saves that data in case someone like me joins a few years later. I know. I got presented with invitations to the Facebook accounts of everyone who surrendered control of their e-mail accounts to Facebook. How else would Facebook know whom to suggest as friends?

Even scarier is when you combine the seamless advertising with this idea of gaining e-mail account credentials. That's nearly as priceless as getting credit card account information directly. If an advertisement can masquerade as a legitimate networking site and get folks to provide e-mail account credentials, it can do the following:
  • Log on to the e-mail account.
  • Search through all the messages in all the folders, including Sent Items.
  • Send out impostor e-mails based on messages in Sent Items to attract "new members."
  • Locate e-mails from financial institutions and attempt to log on to those accounts using the e-mail account credentials.
That last one is a killer. If even a tiny percentage of folks who respond to the ad use the same username and password for all their accounts, they're going to get wiped out. Is that you? Do you always use the same username and password for all your online accounts? Don't. At least use a unique password. You can use a password manager1 to generate random passwords and store them.

So I wonder about these folks who give out their e-mail username and password. Are they completely out of their minds? There's some low fruit, ripe for picking.

1Two free password managers for Windows are KeePass, and PasswordPrompter.


Rummuser said...

Scary indeed. Thank you SPOARW.

Kerry said...

I signed up for Facebook recently and appreciate this info. (and warnings)!

Hey Harriet said...

Oh gosh that's all very frightening! Thanks for sharing this story and all the info! Thankfully Facebook is something I have no interest in and haven't joined. I'm certainly in the minority though!

Slywy said...

I've been on facebook for a long time and haven't seen this behavior. The friends it suggests for me are usually people with whom I have a common friend (friends of a friend, like high school classmates), or that, too -- people from my high school or college graduation years. There may have been a few people in my network who list similar interests. I haven't seen anything beyond that, really, certainly no combing of my address book. Interesting.

Crafty Green Poet said...

It is scary isn't it. I read something about that. i have a few user names and passwords and use different combinations for different purposes. I don't use my Facebook password anywhere else.

The friends Facebook suggests to me all seem to be from mutual friends lists, or from people who are members of the same Facebook groups as me

Square Peg Guy said...

Thanks for the feedback, everyone! I appreciate it very much!