amelierosalyn

Skip navigation

Facebook knows all about you... Even if you don't know about it.

I might be late to this but it's something I discovered recently.

Let's take a fictional character and call them Joe Bloggs. Joe doesn't subscribe to all that fancy schmancy internet nonsense and has no clue what a 'Facespace' or a 'MyBook' is. He checks his email every now and then and might browse the web from time to time, but that's all he really does on the internet.

So imagine his surprise when he gets an email from some Facebook thing telling him he should sign up, because all his friends are on it. He'd dismiss it, only - it really is listing all his friends. How can Facebook know who his friends are? How does it know that Jane Bloggs is his sister and John Bloggs is his father? How does it know so much about him when he knows nothing about it?

The answer is that Facebook collects emails and search habits. You know that 'enter your email details to search your contact list for friends on Facebook' feature? Be careful with it. Facebook keeps all the addresses it finds and associates them with you. If you've got those email addresses in your contact list, they must be your friend, right? Repeat this for all the other members on Facebook who are doing the same thing and Facebook can build up a pretty good picture of who you are.

Facebook also allows you to list various family members on your profile, and if said member doesn't have a Facebook profile, it asks for their email address. Facebook then knows when someone invites you to Facebook that you're the brother of X and the father of Y and whatever else.

Facebook's privacy has come under fire recently and I'm not surprised - I admit to using the email search feature when I first joined Facebook and nowhere do I remember it saying it would collect all my contacts' email addresses and retain them in order to guilt-trip other people into joining. I had another look at it recently (without actually entering my details, of course) and I still didn't see it. Admittedly, I have not read their very long and very complicated privacy policy in some time so it is likely to be mentioned there.

Am I going to delete my Facebook profile after this? I'm not sure. It is a great way to keep in contact with people I haven't spoken to in years but if it's profiling me behind my back, I'm not sure I agree with that. Facebook are by far not the first or only company to do this, of course, but they are so far the most high-profile and media attention-worthy. With millions and millions of members, they can make some hefty $$$ from all this if they really wanted to (and there are rumours that they do want to. Imagine what advertisers could do with that data!). Then again, if I did delete my profile, Facebook never really deletes a profile in case you want to reactivate it. So they've got my info anyway, whether I gave it to them or not, and whether I want it there or not. Fun.

Scary stuff, if you ask me.

Reverting to Safari 3 from Safari 4 on Mac OS X 10.5

Did you make the same mistake I did, and update to Safari 4 when it was offered as a Software Update, then found some things didn't work any more, or you just plain don't like Safari 4? If so, here's how to revert back to Safari 3.2.3 on Mac OS X Leopard.

  1. Remove your existing Safari installation. Drag /Applications/Safari.app to the Trash, and rename the ~/Library/Safari folder (where ~ is your home folder, e.g. /Users/your-username) to something else (you're essentially making a backup here). It is important that you empty the Trash after doing this, as I found my 'new' Safari copied itself to my Trash folder.
  2. Rename ~/Library/Preferences/com.apple.Safari.plist and ~/Library/Preferences/com.apple.Safari.RSS.plist (if you have it - I didn't, but then I wasn't subscribed to any feeds) to something else (backups again - these files contain your bookmarks and RSS feeds so if you don't want to lose them, don't skip this step)
  3. Edit /System/Library/Frameworks/WebKit.framework/Resources/Info.plist and replace all instances of the number 5530 with 5525. Please note: you may need to modify the file's permissions in order to be able to edit it. This can be done by right-clicking it, selecting Get Info, and modifying the permissions at the bottom - you need to give your username read and write access.
  4. Download Safari 3.2.3 and install it (you will be asked to reboot afterwards)
  5. Hey presto, you have Safari 3 again! Replace the files from step 2 (you may need to remove the new files created by Safari 3). Some people have said this doesn't seem to work for them, and if it doesn't for you or screws up your Safari, you might need to open the files and add your bookmarks back in manually... It seems there might be an inconsistency in the XML but I haven't looked into it in too much detail.

There you go, just thought I would share :P

Instructions for Tiger (Mac OS X 10.4)

Edit: I have been asked for instructions for Mac OS X 10.4 (Tiger) - unfortunately, I don't have access to that version, but I'm told the instructions do work, except that the following modifications are to be made:

PHPAskIt is insecure!1!1!zomg!11

I came across a couple of websites discouraging the use of PHPAskIt because it uses a database and therefore absolutely must be insecure.

One such example states:

PHPAskIt isn't completely secure, either. It uses a database so I woulda thought that was more INsecure than the flat file of Waks Ask & Answer script.

Another says:

PHPAskit is just as insecure [as Wak's Ask&Answer] only people think it's secure because it's not flat file.

And so on, and so forth.

For the record, there is no difference in security in using one method or another, as long as they are both done properly. Wak's Ask&Answer and CuteNews (flat file scripts) aren't. PHPFanBase and SimpleDir (MySQL scripts) aren't either. Jem's Bella~ series and FlatPress however, are flat file scripts and they are fine. Similarly, WordPress and PHPAskIt are MySQL scripts and they are absolutely fine.

Yes, it's true that hackers discover more and more vulnerabilities in scripts and programming languages all the time, so those scripts may not always be secure in their current versions so it is very important to keep your scripts up to date. But to say a script is insecure because of the method of storage that they use is stupid and shows complete ignorance. If you are going to say a script is insecure, don't just back it up with "well I looked it up online and it said it was insecure". People seem to like publishing fake reports of insecurities (probably where all this is coming from, actually... PHPAskIt had a nice security hoax published about it - and in case you're still living in the dark ages it was wrong) so "looking it up online" isn't always the answer.

If in doubt, ask someone who knows what they're talking about. :)

Older Entries | Newer Entries