Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

SRA 472 Final Project Presentation

No description
by

Zachary Palladino

on 29 April 2010

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of SRA 472 Final Project Presentation

SRA 472 Final Project By:
Zachary Palladino
Alex Cala
Patrick Ringler Facebook Privacy Changes From February 14, 2008 To October 14, 2008 Facebook is the world’s largest online networking website. From its conception as a social networking site for students at Harvard to the giant that it is now, Facebook has been successful the entire way. Background With this success, there has been growth, from new implementations, to new privacy settings, there are daily changes with Facebook. We will map these changes, and stress how they affect the privacy and security of the users, the website itself, and the internet. Part 1
February 14 - April 5
Between these dates there were some interesting and relevant changes that took place in the Facebook: #1
Application
Spam Some of these problems included applications that forced individuals to invite a certain number of friends, multiple unwanted notices/advertisements/solicitations from applications, etc. People were mostly concerned about intrusiveness. Facebook went ahead and implemented features to combat this:
They allowed users to opt-out of application features that they had already added, made it explicitly clear to application developers that they could not force users to invite friends, allowed users to block applications, and limited the communications that could be sent by applications (Jeffries).
Also, in mid April, Facebook added an “ignore all invites from this friend” option that allows one to do just that, ignore invites from any overzealous friend who wants to invite you to everything (Whitnah). In late April 2008 the Facebook blog addressed the growing issue of phishing. Facebook did not have any radical changes related to phishing.
They did suggest that users:
reset their passwords
report phishing occurrences,
and submit reports about any possible phishing attacks however.
Mostly though, they just reminded users of the tell-tale signs of phishing, such as:
odd communications,
outside log-ins, and
spam (McGeehan). #2
Phishing #3
Privacy Options In mid-March 2008, Facebook implemented new privacy changes that impacted the Facebook network vastly.

The most recognizable change was the new interface. The “Who can see this?” tab
is Located in your privacy options.

This pull down tab is located on nearly every piece of information on the site. You can exclude certain people, or only allow one person to see your information:
“Friends of Friends"
All Friends
" Some Friends”

This had a huge impact on privacy because one could now truly have control over the privacy of their information (Gleit). #4
Importing “a new way to share with friends” Importing allowed users to import their information from other sites (namely Flickr, Picasa, Yelp, and del.icio.us at the time) to their Facebook profile.

While this allowed for increased sharing of information, now there was another website that your information was linked to.
There are many possible issues that come into play when sites are being linked together.

If privacy policies do not match up there can be discrepancies that can lead to many issues.

Sites can share information that has been specified not to be shared on the other site, leading to issues. (Wang). Part 2
April 6 - July 20 On April 06, 2008, Facebook.com announced in a press release:

“This week, Facebook is rolling out Facebook Chat, a new way for users to communicate with their friends in real-time. Facebook will show users which of their friends are online when they are, so that they do not need to create or maintain a separate buddy list. Users also do not have to worry about any additional installation or set up. Facebook Chat works directly in the browser. Just as other features on Facebook have allowed friends to communicate more efficiently than before, we hope Facebook Chat will make it easier to connect instantly.” This new way of communicating with friends marked a milestone for the site, as well as a significant change in the privacy implications that once comprised Facebook.

According to a blog article from Facebook released shortly after the new application, it is evident that the cause of this new feature was done in order to allow a more efficient way for users to communicate.

However, with this new feature also came new privacy concerns The Significance of Facebook Chat The first big problem that arose from the implementation of chat was the fact that anyone you are currently friends with could view your availability through the dock.

This could easily be addressed by choosing the “Offline” option. The problem with choosing this is that once you select this option, you have no way of communicating with other friends using chat. The solution to this problem came in the form of “Friend’s lists”.

The main idea behind these lists would be the fact that you could comprise groups of friends based on areas such as colleagues, employees, college friends, etc.

Then, once these lists are created, you can now choose the group you want to appear available to, and the group you would like to appear offline to. The second big problem with Facebook chat comes with its rapid popularity among users.

This can be summed up greatly by speakers at the "Black Hat Technical Security conference".

They claim that a great privacy catastrophe arises due to user-generated applications, combined with users that are aching for interaction among their peers, and because of this they sacrifice a great deal of trust. In one study conducted by researchers at theagarwals.net, many privacy flaws in the chat application were exploited.

One angle that the researchers took in exploiting these flaws, was the use of a “Man-in-the-middle” attack.

This specific type of attack involves the usage of a “sniffer” used by a hacker, which allows them to view the contents of the conversation between two unsuspecting users.

Once the hacker has established the contents of the chat, they can then communicate back to one of the users, posing as their original friend they are speaking to. The consequences of this attack taking place can range from being very minimal to very severe.

For example, one conversation that was hacked into could be a harmless interaction asking another user of how they are doing on that particular day.

A more severe case could be the exchange of private financial information or geographic locations of individuals or assets. Calvin: hey





Calvin: i need your help urgently

Calvin: am stuck here in london




Calvin: yes i came here for a vacation
Calvin: on my process coming back home i was robbed inside the hotel i loged in




Calvin: can you loan me $900 to get a return ticket back home and pay my hotel bills




Calvin: can you loam me now
Calvin: i want you to loan me $900
Calvin: i promise i pay you back




Calvin: you can have the money send via western union

Calvin: you can have it send online now www.westernunion.com




Calvin: i came here for a vacation and i was robbed by some gang






Calvin: Shawnee Mission Northwest High '01

Calvin: it seems you dont to help




Calvin: am in a hot sits here and you asking me silly question





Calvin: am dead here

Evan: holy moly. what's up man?





Evan: stuck?








Evan: ok so what do you need







Evan: i think so. that really sucks







Evan: well maybe i don't know that's a lot of $

Evan: what do you want me to do











Evan: damn how did you get stuck there






Evan: ok well i want to help you, since we're friends
Evan: ok one question
Evan: what was the name of our high school mascot?
Evan: hello?
Evan: cal?

E


van: what of course i do want to help






Evan: what is hot sits






Evan: i hope you die there
YOU HACKER
good luck finding someone stupid
bye now One example of this occurring in the real world, comes from an article by BusinessInsider.com.

Although, the actual concept of using a “man-in-the-middle” attack was not used, a very similar approach was taken.

According to the reports, a scammer located in Nigeria was able to hack into an unsuspecting user’s Facebook account rather easily. Once inside, he was able to determine who was the immediate friends of the victim and then contacted them via Facebook chat, trying to trick them into wire transferring money. Other than the implementations of chat to Facebook, other key changes occurred to the social networking site that had an effect on the privacy of its users.

One major change involved the core design of the user’s profile, and was announced on July 21, 2008.

One feature added to a user’s profile was the fact their “Wall” now was used to display more than just interaction between friends. The “Wall” would now include things such as:
status updates
pictures/videos added
comments to other’s walls
pictures, and
many other alarmingly private things The privacy problem’s with this new profile design is rather obvious to observe.

Any interaction a user has between themselves and another user, was now being displayed on their personal profile for all to see.

This could pose many problems for a user in regards to their significant other, employers, employees, family, and even other friends.

Any small interaction committed could be viewed even if you intended for this to be kept private. The simple fix to this problem was the addition of a catalogue of settings that could prohibit stories from being posted to your profile.

The problem with this (which I have somewhat of personal experience with) is the fact that others are now aware that you are blocking information from being shown, and now suspect that you are guilty of some form of foul play.

This can pose problems for people who work strict jobs in which employers prohibit users from committing acts on Facebook that hurt the company’s reputation, as well as ruining relationships with family and significant others. Part 3
July 21 - October 14
On July 28, 2008 Facebook launched a program called Facebook Connect

This program allowed websites which signed up for the program to allow users to sign in with their Facebook accounts (Perez, 08).

This program, its proponents said, would help lead the way to a more connected internet with user’s Facebook accounts serving as its basis.

It also became a source of worry for many people concerned about their privacy (Snipe, 08). Many users were skeptical from the start, using Facebook’s seemingly dearth of concern for people’s privacy in past cases as a worrying trend (Perez, 2008).

One area that did end up raising major concerns was the fact that the individual websites which were signed up to the service got free reign in deciding what parts of your information to display, if you chose to log in with your Facebook account.

Thus if you were to sign in with Facebook Connect on a site, which put a lot of information down by default, anyone who looked at that site could link your information up with whatever the website felt like displaying, whether that is your name, picture, instant messaging services or any other feature (Snipe, 08). Another problem faced was that many people just did not want their real name from Facebook associated with what they posted online.

This led to many people not using the feature at all and what could, so far, be viewed as a failure of the program to be users’ “universal” log-ins across the internet. A feature that Facebook introduced previously to this time period, the Live Feed, also faced a lack of user choices on its introduction that continued into this period (Kinkaid, April 14, 2008).

Live Feed was designed to be a way to more easily get and receive status updates from your friend’s accounts.

It automatically sent information from users who had activated the application to other users, depending on the privacy choices of the original user. Facebook faced significant criticism from users, upon the feature’s release due to the fact that the amounts of information being released, and users’ comparative lack of control over what was sent out.

However these criticisms have gradually been sidelined over time as more and more users became used to the system and eventually became irrelevant as Facebook released additional user choices (Mueller, 2009). Other issues with the service were closer to the standard problems associated with new programs, such as the case of a misleading dialogue box which originally misled certain users into thinking that certain updates had been deleted from their friend’s news feeds when in reality it had only been deleted from their own (Kinkaid, April 14, 2008).

This problem, unlike the “all or nothing” approach of allowing one’s information to be released via the news feed, was fixed, though it took over four months to do so with the problem being first discovered in January but fixed only in April of 2008 (Kinkaid, April 18, 2008). One outside force which allowed Facebook to more strongly protect its users was the Keeping the Internet Devoid of Sexual Predators (KIDS) Act of 2008. This act, which was signed into law by President Bush on October 13, 2008, mandated that sexual predators register their e-mail addresses and instant messaging service accounts in a national database, which could then be used by social networking websites like Facebook to block registrations from the sexual predators (Kelly, 2008).
Facebook, which immediately announced support for the program, used it to help update its own checks against sexual predation among its user base. Unfortunately the KIDS Act restrictions were and are easy for sexual predators to get around via secretly creating new e-mail and IM addresses and then not releasing that information to the government (MonsterMart, 2008). This era was an important time for Facebook as it entered a period of sustained growth that has continued to the present.

Nothing symbolizes this better than the registration of Facebook’s 100 millionth user account on August 25, 2008, an accomplishment which took nearly five years to make possible (Kirkpatrick, 2008). Part of this huge growth that Facebook was and is to this day experiencing is due to its constant introduction of new features and continued innovation to bring about better user experiences.

Yet at the same time its willingness to bow to its user base when they demand action on issues has also played an important role in the site’s continued good public reputation.

When a site as large and innovative as Facebook is involved in a situation there are bound to be a few screw-ups along the way yet the company has, it would seem, done its best to protect its customer base to the extent that they require. Conclusion Overall, it is easy to see all the changes that Facebook has gone through during this time period.

Be it updated privacy settings, Facebook Chat, or Facebook Connect, there are always changes that affect the users of Facebook.

It behooves those who use Facebook to keep a keen eye on how the website changes over time, because their privacy and security change with it. Facebook is an excellent site for social networking, however one must be vigilant in order to make sure that they are using Facebook in a way that protects their information and privacy. The End Calvin: hey

Evan: holy moly. what's up man?

Calvin: i need your help urgently

Evan: yes sir

Calvin: am stuck here in london

Evan: stuck?

Calvin: yes i came here for a vacation
Calvin: on my process coming back home i was robbed inside the hotel i loged in

Evan: ok so what do you need

Calvin: can you loan me $900 to get a return ticket back home and pay my hotel bills

Evan: i think so. that really sucks

Calvin: can you loam me now

Evan: well maybe i don't know that's a lot of $

Calvin: how can you loan me?

Evan: what do you want me to do

Calvin: i want you to loan me $900
Calvin: i promise i pay you back

Evan: how do you want me to loan it to you?

Calvin: you can have the money send via western union

Evan: oh yeah that's true

Calvin: will you go and send it now

Evan: well i don't know

Calvin: you can have it send online now www.westernunion.com

Evan: damn how did you get stuck there

Calvin: i came here for a vacation and i was robbed by some gang

Evan: ok well i want to help you, since we're friends

Calvin: ok. Thanks

Evan: sure thing man
Evan: ok one question

Calvin: are you sending it now?

Evan: what was the name of our high school mascot?
Evan: hello?
Evan: cal?

Calvin: Shawnee Mission Northwest High '01

Evan: what? i know

Calvin: it seems you dont to help

Evan: what of course i do want to help

Calvin: am in a hot sits here and you asking me silly question

Evan: what is hot sits

Calvin: am dead here

Evan: i hope you die there
YOU HACKER
good luck finding someone stupid
bye now

Read more: http://www.businessinsider.com/2009/1/nigerian-scammers-still-roosting-on-facebook#ixzz0mUvNv89g
Full transcript