Here’s how Facebook’s Open Graph search could get you in trouble

cautionHave you played with Facebook’s Open Graph search yet?

Facebook’s new search tool is now available to all American users. The rest of the world still has to request its preview here.

Your search bar is now much more prominent in the interface and you should expect it to start playing a much bigger role in how people use the site. The tool mixes a little bit of fun with a little bit of creepiness. And while it’s definitely more useful that Facebook’s old search, it could get you in some trouble.

The good news is that the search respects your privacy settings. The bad news is a lot of people don’t seem to be that careful with their privacy settings.

We tested out these searches and were shocked by how many many profiles actually came up:

Screen Shot 2013-07-09 at 5.51.30 PM

Screen Shot 2013-07-09 at 5.53.44 PM

Screen Shot 2013-07-09 at 5.55.00 PM

How do you know if you’re protected from embarrassing searches?

We’ve made it easy to check. You can use our Safe Profile Beta app and get your privacy score and recommendations now.

Or you can check manually by clicking on the lock on the upper right corner of any Facebook page for “Privacy shortcuts”.

Screen Shot 2013-07-10 at 4.41.22 PM
Click on “Who can see my stuff?” then “What do other people see on my timeline?”

You’ll see what’s available to the “Public” your “Friends” or a specific person could find as they search for you.

If you’re not happy with anything that may come up, here’s an excellent guide for locking your profile down.

Open Graph search makes the information on your “About” page as well as the privacy settings of your “Friends”, “Photos” and “Likes” more important than ever. So be sure to check out the first four sections of this guide.

And — to be extra safe — I’m going to remind you to run Safe Profile beta, again. And if you do, let us know what score you got in the comments.



[Image by Eugene Zemlyanskiy via Flickr.com]


More posts from this topic

safe harbor, U.S privacy, European privacy

The ‘Safe Harbor’ ruling divides the ‘old world’ and ‘new world’

This week's ruling by the European Court of Justice striking down the 2000 "Safe harbor" agreement between the European Union and and the United States was celebrated as vindication by privacy activists, who saw the decision as a first major international consequence of the Snowden revelations detailing the extraordinary extent of mass surveillance being conducted by the U.S. and its allies. "The safe harbor agreement allowed U.S. companies to self-certify they abided by EU-strength data protection standards," Politico's David Meyer reported. "This gave them a relatively simple mechanism to start legally handling Europeans’ personal data." That simple mechanism did not abide by the Commissions own privacy standards, the Court decided. "The court, by declaring invalid the safe harbor which currently permits a sizeable amount of the commercial movement of personal data between the EU and the U.S., has signaled that PRISM and other government surveillance undermine the privacy rights that regulates such movements under European law," the EFF's Danny O'Brien wrote. A new Safe Harbor agreement is currently being negotiated and the Court's ruling seems designed to speed that up. But for now many companies -- especially smaller companies -- and users are now in a sort of a legal limbo. And that legal limbo may not be great news for your privacy, according to F-Secure Security Advisor Sean Sullivan, as it creates legal uncertainty that could easily be exploited by government spy agencies and law enforcement. "Uncertainty is their bread or butter," he told me. To Sean, this ruling and the urge to break it represent an "old world" view of the Internet where geography was key. The U.S. government has suggested that it doesn't need to respect borders when it comes to companies like Microsoft, Facebook and Google, which are headquartered in the U.S. but do business around the world. Last month, the Department of Justice said it could demand Microsoft turn over Hotmail data of any user, regardless where s/he lives. "The cloud doesn’t have any borders," Sean said. "Where stuff is located geographically is kind of quaint." You can test this out by using an app like Citizen Ex that tests your "Algorithmic Citizenship." Sean, an American who lives in Finland, is identified as an American online -- as much of the world would be. What Europe gave up in privacy with Safe Harbor was, to some, made up for in creating a cohesive marketplace that made it easier for businesses to prosper. Facebook and Google warned that the U.S.'s aggressive surveillance risked "breaking the Internet." This ruling could be the first crack in that break. Avoiding that requires a "new world" view of the Internet that respects privacy regardless of geography, according to Sean. He's hopeful that reform comes quickly and democratically in a way that doesn't require courts to force politicians' hands. The U.S. showed some willingness to reform is surveillance state when it passed the USA FREEDOM Act -- the first new limitations on intelligence gathering since 9/11. But more needs to be done, says the EFF. The digital rights organization is calling for "reforming Section 702 of the Foreign Intelligence Surveillance Amendments Act, and re-formulating Executive Order 12333." Without these reforms, it's possible that any new agreement that's reached between the U.S. and Europe might not reach the standards now reaffirmed by the European Court of Justice.

October 9, 2015

Is protection against self-incrimination dead in the digital era? (Poll)

How to balance between privacy and crime fighting? That’s one of the big questions now when we are entering the digitally connected era. Our western democracies have a set of well-established and widely accepted rules that control what authorities can and can’t do. One aspect of this has been in the headlines lately. That’s your right to “plead the Fifth”, as the Americans say. Laws are different in every country, but most have something similar to USA’s Fifth Amendment. The beef is that “No person … shall be compelled in any criminal case to be a witness against himself,…”. Or as often expressed in popular culture: “You have the right to remain silent.” With more fancy words, protection against self-incrimination. What this means in practice is that no one can force you to reveal information if authorities are suspecting you of a crime. You have the right to defend yourself, and refusal to disclose information is a legal defense tactic. But the police can search your home and vehicles for items, if they have the proper warrant, and there’s nothing you can do to stop that. In short, the Fifth Amendment protects what you know but not what you have. Sounds fair. But the problem is that there was no information technology when these fundamental principles were formed back in 1789. The makers of the Fifth Amendment, and similar laws in other countries, could not foresee that “what you know” will expand far beyond our own brains. Our mobile gadgets, social media and cloud services can in the worst case store a very comprehensive picture of how we think, whom we have communicated with, where we have been and what we have done. All this is stored in devices, and thus available to the police even if we exercise our right to remain silent. Where were you last Thursday at 10 PM? Do you know Mr John Doe? What's the nature of your relationship with Ms Jane Doe? Have you purchased any chemicals lately? Do you own a gun? Have you traveled to Boston during the last month? Have you ever communicated with mohammad@isis.org? These are all questions that an investigator could ask you. And all may still be answered by data in your devices and clouds even if you exercise your right to remain silent. So has the Fifth Amendment lost its meaning? Would the original makers of the amendment accept this situation, or would they make an amendment to the amendment? The situation is pretty clear for social media and cloud storage. This data is stored in some service provider’s data center. The police can obtain a warrant and then get your data without any help from you.(* Same thing with computers they take from your home. The common interpretation is that this isn’t covered by the Fifth Amendment. But what if you stored encrypted files on the servers? Or you use a device that encrypts its local storage (modern Androids and iPhones belong to this category). The police will in these cases need the password. This is something you know, which makes it protected. This is a problem for the police and countries have varying legislation to address the problem. UK takes an aggressive approach and makes it a crime to refuse revealing passwords. Memorized passwords are however protected in US, which was demonstrated in a recent case. Biometric authentication is yet another twist. Imagine that you use your fingerprint to unlock your mobile device. Yes, it’s convenient. But it may at the same time reduce your Fifth Amendment protection significantly. Your fingerprint is what you are, not what you know. There are cases in the US where judges have ruled that forcing a suspect to unlock a device with a fingerprint isn’t in conflict with the constitution. But we haven’t heard the Supreme Court’s ruling on this issue yet. So the Fifth Amendment, and equal laws in other countries, is usually interpreted so that it only protects information stored in your brain. But this definition is quickly becoming outdated and very limited. This is a significant ethical question. Should we let the Fifth Amendment deteriorate and give crime fighting higher priority? Or should we accept that our personal memory expands beyond what we have in our heads? Our personal gadgets do no doubt contain a lot of such information that the makers of Fifth Amendment wanted to protect. If I have the right to withhold a piece of information stored in my head, why should I not have the right to withhold the same information stored elsewhere? Is there really a fundamental difference that justifies treating these two storage types differently? These are big questions where different interests conflict, and there are no perfect solutions. So I pass the question to you. What do you think? [polldaddy poll=9102679]   Safe surfing, Micke   Image by OhLizz   (* It is this simple if the police, the suspect and the service provider all are in the same country. But it can get very complicated in other cases. Let's not go there now as that would be beside the point of this post.  

September 30, 2015

Did a funny test in Facebook? Time to clean the permissions.

You are precious. You are very valuable. At least to companies dealing in advertising and customer profiling. The value of you and your peers make giants like Google and Facebook tick, with a combined revenue of about $78 billion. I’m sure most of you understand this value. But how many are really making smart choices to guard it? If you’re on Facebook, you may have seen posts like this: “Your Friday night. Tina wants to sleep. Jan destroys furniture. Aaron wakes up handcuffed. Wilhelm starts a drinking competition.” Clicking the image takes you to nametests.com, or a localized version in your own language. Once there you can create your own test that reveals funny things about you and your friends. It’s obvious that these test are more entertaining than scientific. And this site can’t be blamed for lacking fantasy! Who thinks you’re sweet? How many children will you have? Who should you write a love song for? Who of your friends belong in your stuffed animal collection? Stuffed animal collection! OMG. LOL. :) You can find out all this and much more with the tests at nametests.com. The site is operated by a German company named Socialsweethearts, that claim to have over 1500 tests in more than 40 languages! OK, just another funny and harmless site that creates virally spreading posts and cashes in on advertising, you might think. But let’s take a closer look at what’s going on here. Many of the test involve your friends, revealing whom would be or do something. And to provide this they must know who your friends are, right? So it’s perfectly legit when a dialog pops up asking for access to your Facebook account and friends list. Wait! This is where you should stop and think. Let’s rephrase what’s going on. You purchase an automatically generated joke about you and your friends and pay by allowing them access to your friend list and Facebook wall, including all your past, current and future posts. A good deal? No, I don’t think so. And on top of that, you pay with knowledge about all your friends too, but without asking them for permission. Ok, Socialsweethearts is a German company, and Germany has strong privacy laws. I think there is a pretty good chance that this company isn’t misusing your data shamelessly, even if they definitively has the technical opportunity to do so. But this is pure luck. I bet that virtually none of the folks using these tests actually checked the background of the company and made an educated decision to trust it. Did you? But on the other hand. Pretty much all the giants that make billions on our private data are from the Americas. Europe has totally lost this race. A German company entering the same business successfully would be bright news, sort of. Bad news for your privacy but good news from European business perspective. So don’t worry too much if you have used the services on nametests.com. But this is anyway an excellent opportunity to clean up the list of apps that have access to your data. In Facebook, go to Settings and choose Apps in the menu to the left. Now you see a list of all apps and sites that have been granted access. Some of them are no doubt legit, for example apps that should be able to post to your wall. But the permissions will stay when you stop using something. And some permissions are only needed on a one-time basis, but they will stay on the list. Nametests.com belongs to that category and should be erased. Go through the list and remove anything you don’t need. If you see something that you don’t understand the meaning of, it’s safest to remove it too. Permissions can always be added back and apps that lose their permissions will notify you and ask you to grant new permissions. Happy cleaning, Micke   [caption id="attachment_8485" align="alignnone" width="300"] This is what it looks like when nametest.com want's permission to access your data in Facebook.[/caption]   Images: Screenshots from nametest.com and facebook.com  

September 21, 2015