Should you delete your Facebook account? Yes, if you can #Facebook

This past week many of us learned a lot about Facebook’s data collection, sharing and business practices.

After much review I concluded that Facebook is unsafe for all of us to be using. If possible, we should delete our Facebook accounts. If we cannot delete our account, then we should take steps to protect our data.

This first post is an overview of Facebook’s data collection. Follow up posts will discuss how to minimize this data collection and sharing, particularly for those of us who may not be able to delete our Facebook account.

How bad is Facebook’s Data Collection?

Facebook’s data collection practices are highly invasive, collecting vastly more data than any of us realized.

  • Facebook collects everything you have posted online. We expected this, of course.
  • The actual “secret sauce” of Facebook, however, is “Likes”. Each time you click “Like” on a friend’s post or page, Facebook uses that to interpret aspects of your interests and behavior. “Like” buttons are a psychological mind trick that tricks us into unwittingly giving information about ourselves to Facebook. Their goal is literally to get inside our minds. Twitter, Instagram and Youtube also data mine “Likes” as part of their spying on us.
  • Facebook tracks you across web sites, logging what web sites – even what pages – you have visited. Facebook does this using Facebook web site logins, “Likes”, and “Share” buttons on other web sites. Recommendation: Do not use the Facebook option to log in to non-Facebook web sites.
  • Using hidden pixel bit images and online advertising networks, Facebook logs your visits to web sites where you had no relationship with Facebook.
  • Facebook tracks purchases you make at retail stores, completely off line and having nothing to do with Facebook. Facebook does this by purchasing data from retail store data aggregators – using your email address, phone number or credit card number as a database identifier. Facebook combines this purchased data with data that Facebook’s own spying operation has collected. Many retail stores encourage you to obtain their “free” loyalty card that supposedly gives you occasional discounts. By giving them your phone number or email address, these cards are used to track your store purchases. Retailers sell this data to third party companies that maintain databases about your store purchases.
  • Facebook’s Android app was – for many years – recording information about every phone call and text message you sent and received – and stored all of this in Facebook’s archives. Facebook has not said what this data is used for. At a minimum, it could be used to make “friend” suggestions on Facebook. Worse, by analyzing the to/from phone numbers used, Facebook could detect that you are making visits to doctors or mental health professionals and make guesses as to your physical and mental health. That information could be sold to insurance companies or recruiters who may seek to avoid someone with health issues.
  • Facebook apps (presumably including Messenger, WhatsApp and Instagram) also track your Location. Every where you have traveled has been logged by Facebook. The Instagram app also requests permission to access your phone, SMS and contact list. Instagram has no bona fide need for this information.
  • 41% of the top 2,500 Android apps in the Google Play store include embedded Facebook tracking features. Trying to avoid Facebook tracking is difficult.
  • Not only does Facebook track what posts you have made, Facebook logs posts you started to type but then abandoned.
  • Facebook uses software to analyze all of this data to create a model of you and your behavior. Literally, a computer simulation of you. Facebook’s goal is to identify how you can be persuaded to buy something or to advocate for someone else (such as a politician). By identifying your “hot buttons”, Facebook knows how to influence your behavior (and has done tests and written research papers about how they manipulate people). Propagandists and advertisers know that people who are in an emotional state (happy or sad) or more receptive to their messaging. By identifying your “weak spots”, propagandists and advertisers are more likely to influence you. Facebook makes money by selling this data (or sometimes even giving this data away intentionally or accidentally).
  • Facebook’s spying has been associated with manipulating elections in many countries around the world.
  • The effect is that Facebook is a platform for surveillance and propaganda messaging. So is Google, by the way.

Facebook’s business is spying on every aspect of your life, and then sharing the “model” of conclusions that Facebook has drawn about each of us, with third parties.

Third parties use that “model” to create highly optimized advertising – and propaganda – to deliver to each of us, individually, to persuade us to buy something or to adopt someone else’s agenda.

In some cases, the data collected by Facebook is even used against our best interests. Facebook allows advertisers to target ads by racial preference, sex and age. Real estate advertisers have targeted specific racial groups (e.g. whites) as a way to avoid getting applicants from the non-targeted group. Employers, including high tech employers like Facebook, have targeted tech job ads by age – such as age 24-35, thereby avoiding having older applicants be aware of job openings and hence, no applicants from older workers. Unaware of these job openings, older workers do not even apply. In this way, they discriminate against older workers. Finally, nursing jobs are typically targeted at women only – a field where in the U.S. 89% of all registered nurses are women.

These ads are not just those that appear on Facebook – Facebook’s ad networks displays 44% of all advertising on the web (as of 2017). This means Facebook’s ad network is used to secretly discriminate against tens of millions of people every day.

We have zero control over the data that Facebook has collected on us. Even if we delete individual items, they retain the deleted items in the Facebook archive. Worse, deleting items on Facebook is very difficult. For example, go to your Activity time line and delete 100 posts – you have to select each post, one by one, click 3-4 mouse clicks to delete each individual post. This is ponderous considering that most users have been using Facebook for years. Lacking a bulk delete/edit or bulk change privacy of past posts feature, Facebook becomes a “write only” memory system from which data can generally not be removed. This is by design – Facebook intentionally makes it very hard to remove old items we have posted or shared.

Further, data is placed in different silos. “Photos” contains albums – you can delete entire albums, fortunately. But the photos posted on your time line can only be deleted by going to the Activity time line and deleting them one by one. Then there is a section called “Events”. Any time you clicked on Interested or Going, Facebook logged that. Stuff is hidden all over the place so that Facebook can claim they allow you to delete things while simultaneously making it as difficult as possible to find where you can delete it.

I concluded Facebook is generally unsafe for everyone. Realistically, deleting your account may not be something you can do – at least not right now. However, there are steps you can and should take to protect your personal information. I will discuss those steps in another post soon.

Personally, I have removed myself from about 90% of the Groups I belonged to on Facebook, unliked all of the Pages I had liked, deleted all of my photo albums, and have turned off nearly all Notifications. I will also be deleting 2 or 3 of the 4 pages that I run on Facebook and unfriending those friends that I have had little or no interaction with. I will no longer post anything to my personal page nor will I ever again click “Like”.

I plan to keep this App Inventor programming page on Facebook as perhaps my only activity on Facebook. However, if that should change, I will let you know and provide you with an alternate – at a minimum, you can always visit our web site directly at https://learn2c.org.

On App Inventor topics, I have been working on something – its not ready yet – but some stuff on Fusion Tables and also perhaps how to resurrect the old TinyWebDB type simple cloud-based database. We will see how this turns out!

Update on Meltdown-Spectre security vulnerabilities

Anti-virus software makers are detecting malware that attempts to exploit the security vulnerabilities identified as Spectre and Meltdown. Since code must execute on the computer to exploit these vulnerabilities, anti-virus software is being updated to detect such malware attacks. Of course, some such malware may yet get through our defenses and could end up on machines.

Source: Meltdown-Spectre: Malware is already being tested by attackers | ZDNet

My view is that for most of us, its just another form of malware. We all need to be pro-active about avoiding malware by taking appropriate steps such as installing code we know to be good, using anti-virus software, and keeping our systems generally update. Meltdown and Spectre are just two more exploits that hackers can use.

Is your computer now protected from Spectre and Meltdown security vulnerabilities? 

Steve Gibson of Gibson Research Corporation has provided a downloadable program that says whether or not your Windows PC has been updated with fixes for Spectre and Meltdown. The program also offers, if possible, options to disable the security protections (such as you find the updates cause your computer to run slower).

Go here to read about and download the utility program: GRC | InSpectre  

Intel says: Stop installing Intel SPECTRE/MELTDOWN firmware updates

Intel says it has identified a problem with its firmware update that was causing Intel processors to become unpredictable. Intel is now telling customers to discontinue Intel processor firmware updates until they release and fixed update soon.

Root Cause of Reboot Issue Identified; Updated Guidance for Customers and Partners

By Navin Shenoy

As we start the week, I want to provide an update on the reboot issues we reported Jan. 11. We have now identified the root cause for Broadwell and Haswell platforms, and made good progress in developing a solution to address it. Over the weekend, we began rolling out an early version of the updated solution to industry partners for testing, and we will make a final release available once that testing has been completed.

Based on this, we are updating our guidance for customers and partners:

  • We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior. For the full list of platforms, see the Intel.com Security Center site.
  • We ask that our industry partners focus efforts on testing early versions of the updated solution so we can accelerate its release. We expect to share more details on timing later this week.
  • We continue to urge all customers to vigilantly maintain security best practice and for consumers to keep systems up-to-date.

I apologize for any disruption this change in guidance may cause. The security of our products is critical for Intel, our customers and partners, and for me, personally. I assure you we are working around the clock to ensure we are addressing these issues.

I will keep you updated as we learn more and thank you for your patience.

Navin Shenoy is executive vice president and general manager of the Data Center Group at Intel Corporation.

Source: Root Cause of Reboot Issue Identified; Updated Guidance for Customers and Partners


Note – Intel processor firmware updates are generally provided to end users (people like us) by the manufacturer of our computer or system motherboard. Many of us have probably not seen this firmware update yet. The Intel firmware updates are separate from operating system updates that have been created for Android, Linux, Mac OS X and Windows.

High level look at the SPECTRE exploit

In early January, two security exploits were revealed, both of which take advantage of ways that processors work to improve their performance. This video looks at the SPECTRE exploit; the other exploit is called MELTDOWN. Rather than speculative execution, it exploits a feature of Intel processor known as “out of order” execution to gain access to protected system memory. MELTDOWN is not covered in this video, however.

 

High level overview of compiling a program into executable instructions

A high level look at the concepts of compilers, interpreters, byte codes and Just-in-Time compilation, as ways of converting our programs into executable programs or machine instructions processed by the CPU.

The first video provided a high level look at computer system architecture.

The second video introduced the concepts of the CPU or processor.

This video introduces the conversion of our high level programs into machine executable code. Note that this video does not cover specifically how App Inventor blocks code is converted into an executable program.

The fourth video, relying on the information covered in the first 3 videos, will explain the ideas behind the SPECTRE exploit.

 

Brief Introduction to Computer System Architecture

App Inventor is a “high level” programming language. That means we create programs without having to know about the underlying operating system or hardware components of our device. The software engineers that create operating system software are “low level” programmers who must be familiar with the details of the hardware.

To understand the SPECTRE and MELTDOWN exploits, we need to have a basic understanding of computer systems – particularly the CPU or processor – and how it operates.

This video is a high level, simplified introduction to the basic elements of a computer system. I emphasize “simplified”! I have an Intel processor manual from a couple of years ago that has over 3,400 pages!

A future video will look at how high level programs are converted into “machine instructions” that are processed by the CPU. After that, we will look at how SPECTRE works to read memory that should be protected.

Be sure to Click Subscribe on Youtube!

In the above video, I did not define “RAM” memory and what it means. RAM means “Random Access Memory”. A typical modern PC has 8 to 16 gigabytes of RAM memory. Many smart phones have 4 to 6 gigabytes of RAM memory. While both RAM and FLASH are types of memory, they are not the same thing.

This short video introduces types of memory used in computers, smart phones and electronic devices including ROM, PROM, EPROM, EEPROM, FLASH, RAM (both DRAM and SRAM), and a brief history of the now very old “magnetic core” memory.

The major difference between ROM, PROM, EPROM, EEPROM/FLASH is that these memories retain their stored values even if power is turned off.

RAM memory, however, loses its content if power is turned off. Some times a battery backup unit is attached to RAM to keep the memory “alive” even if the overall system power is turned off. RAM memory is otherwise fast to use and has become remarkably inexpensive.

“DRAM” means “dynamic RAM” and “SRAM” means “static RAM”.

Most of our devices use DRAM because it is cheaper and each bit takes up less circuit space (than SRAM) so more memory can be packed into a smaller space. The reason it is called “dynamic” RAM is because the memory must be continuously refreshed. Each bit is stored as a tiny capacitive charge. Because the charge slowly bleeds off, the charge must be periodically refreshed – if not, the values stored in memory will gradually fade away (so to speak).

A special circuit continuously reads and then rewrites each bit so that the charge stored at each bit location is refreshed and does not fade away.