Sunday, July 1, 2012

Facebook login a good idea?

Kaptain Kangaroo wrote this little epistle on the dangers of using Facebook logins on other websites:

We have all heard about the dangers and privacy concerns on Facebook. Yes, even criminals in jail have Facebook pages.

However, with all the privacy controls, one can pretty much “lock-down” his profile and avoid unwanted snooping. You can protect your intimate data on Facebook and avoid publically publishing your personal data, opinions, photos, or pictures.

In other words, when on Facebook.com, you have a great deal of control in an environment that is fairly harmless. Now, think a little bit differently.

The trend out there is to link your Facebook profile to your activities outside of Facebook.“Offsite [of Facebook]” you are asked to use your Facebook account to log into almost every site these days. Some maintain it helps to make sure your identity is who you say you are, some claim it helps to integrate their site with your Facebook profile, and finally some, not naming names, wish to rid the earth of trolls.

This is exactly the kind of situation that you want to avoid. It is dangerous on many levels.

First and most likely, you will use your username (real name) and your password you use for Facebook. Not a big deal, unless you consider how many “off-Facebook-sites” now have your login credentials. This opens you up to immense privacy control issues.

Secondly, your Facebook information is now open to sites you must trust; you assume their security is tight. If you think every site uses NSA encryption to protect their site, think again. Many sites never change their login id from “admin”. Any breach of any site you provide your Facebook credentials with is now an open window into every site associated with your Facebook account; it is a cascading event.

Finally, let’s take a logical step forward from here, your accounts linked to your Facebook account, somewhere, somehow, contain enough personal information, passwords, usernames, etc. to snoop around your bank accounts, your credit accounts, your online anything accounts. Then there are the cellphone numbers. How many people post their cellphone numbers on their Facebook pages?

Using your Facebook ID to become a member of a site is risky and dangerous. If you must sign up for a site using a username and ID, DO NOT use your Facebook ID and password, create a new/unique account. Avoid linking your personal information with every site you join and if they don’t offer a way to create a unique user identity. Drop them. In the end, the risks of your privacy are too great to leave it in the hands of those who would not respect your privacy by denying you the opportunity to safeguard your personal information and identity.

17 comments:

Ironghost said...

Or, like half of the CL commentators, just make a fake facebook page.

KaptKangaroo said...

It is the only way to secure yourself in this beautiful mess we call the Internets.

Shadowfax said...

I fail to see how a facebook profile and login can be linked somehow to a bank account. Are you sure the sky is falling?

Anonymous said...

Butt Head said: "The Great Corn Hool-lee-O" is on facebook".

Anonymous said...

This is a blog. If people want to sign their names let them. If they want to be anonomous then that is okay too. I'm for anonimity. I posted something on an Ole Miss message board that the a few people didn't like. They thought they had me ID'ed and tried to get some poor guy fired. I know a guy who actually did get fired after he was correctly ID'ed. The silly thing is these "flames" offended only a few and they were documented facts quoting John Vaught. Yeah, yeah, we all know that Johnny Vaught wasn't loyal to the rebs.

KaptKangaroo said...

SFX - why not share your real name then?

KaptKangaroo said...

Let me see.... I am going to assume you actually read the post sfx. I have your name, can guess you email, and I know your dogs name now. Oh isn't that your security question for retrieving your password across the Internet.

Shadowfax said...

yada yada. Still, at the end of the day, there is no way to gain access to personal or banking information by knowing a facebook name, real or fake. I didn't realize anybody did their banking on facebook or would include their bank routing and account numbers in their facebook profile. But, I guess a few of you dumbasses might. PS: I don't own a dog but I have one horse and two renters.

Anonymous said...

Good post, Kapt.

Shadowfax said...

Yet it's still alarmist with no backup provided. Kaptain has failed to show any relationship between a Facebook account, posting to blogsites using that account and personal/private or confidential information held by the participant either on Facebook or otherwise.

Nobody puts confidential information on Facebook profiles and nobody includes bank records in any media accessibly by or through Facebook. Nor does Gannett have access to Facebook profile pages or passwords. When a site requires you list your email address and a password, they are not asking for your email account password. They are asking for a password you want to enroll at THAT site for future use. If you list your email password, it's at your own risk.

If I'm inaccurate, perhaps the Kangaroo will provide other discussion for our education. Otherwise, he's only lobbed a smoke-bomb under the bathroom stall wall.

AnonymousPrime said...

I would suggest reading this primer on oAuth, which is what FB (and Google) use to authenticate with 3rd party sites.

http://lifehacker.com/5918086/understanding-oauth-what-happens-when-you-log-into-a-site-with-google-twitter-or-facebook

In short, it explains how using an oAuth service to login to 3rd party sites does not expose your login credentials to theft.

Anonymous said...

All this paranoia and they are still logging in. Just throw your damn computer away.

Anonymous said...

Having over a decade of experience with ecommerce over the Internet; kapt hasn't scratched the surface, although his concern is well founded.

KaptKangaroo said...

For those who claim to think they know it all, maybe take the time to read what was written. Think LinkedIn breach, then you can read this: Facebook Breeach

KaptKangaroo said...

Shadowflop has yet again refuted the knowledge by providing no insight other than, "it's not true, waaaaaaa, I'm telling you, waaaaa, look at me!"

Anonymous said...

First and most likely, you will use your username (real name) and your password you use for Facebook.

Only idiots use their real names on Facebook and only numbskull dumbshits assume that everyone on Facebook is using their real name.

Anonymous said...

Your point?


Recent Comments

Search Jackson Jambalaya

Subscribe to JJ's Youtube channel

Archives

Trollfest '09

Trollfest '07 was such a success that Jackson Jambalaya will once again host Trollfest '09. Catch this great event which will leave NE Jackson & Fondren in flames. Othor Cain and his band, The Black Power Structure headline the night while Sonjay Poontang returns for an encore performance. Former Frank Melton bodyguard Marcus Wright makes his premier appearance at Trollfest singing "I'm a Sweet Transvestite" from "The Rocky Horror Picture Show." Kamikaze will sing his new hit, “How I sold out to da Man.” Robbie Bell again performs: “Mamas, don't let your babies grow up to be Bells” and “Any friend of Ed Peters is a friend of mine”. After the show, Ms. Bell will autograph copies of her mug shot photos. In a salute to “Dancing with the Stars”, Ms. Bell and Hinds County District Attorney Robert Smith will dance the Wango Tango.

Wrestling returns, except this time it will be a Battle Royal with Othor Cain, Ben Allen, Kim Wade, Haley Fisackerly, Alan Lange, and “Big Cat” Donna Ladd all in the ring at the same time. The Battle Royal will be in a steel cage, no time limit, no referee, and the losers must leave town. Marshand Crisler will be the honorary referee (as it gives him a title without actually having to do anything).


Meet KIM Waaaaaade at the Entergy Tent. For five pesos, Kim will sell you a chance to win a deed to a crack house on Ridgeway Street stuffed in the Howard Industries pinata. Don't worry if the pinata is beaten to shreds, as Mr. Wade has Jose, Emmanuel, and Carlos, all illegal immigrants, available as replacements for the it. Upon leaving the Entergy tent, fig leaves will be available in case Entergy literally takes everything you have as part of its Trollfest ticket price adjustment charge.

Donna Ladd of The Jackson Free Press will give several classes on learning how to write. Smearing, writing without factchecking, and reporting only one side of a story will be covered. A donation to pay their taxes will be accepted and she will be signing copies of their former federal tax liens. Ms. Ladd will give a dramatic reading of her two award-winning essays (They received The Jackson Free Press "Best Of" awards.) "Why everything is always about me" and "Why I cover murders better than anyone else in Jackson".

In the spirit of helping those who are less fortunate, Trollfest '09 adopts a cause for which a portion of the proceeds and donations will be donated: Keeping Frank Melton in his home. The “Keep Frank Melton From Being Homeless” booth will sell chances for five dollars to pin the tail on the jackass. John Reeves has graciously volunteered to be the jackass for this honorable excursion into saving Frank's ass. What's an ass between two friends after all? If Mr. Reeves is unable to um, perform, Speaker Billy McCoy has also volunteered as when the word “jackass” was mentioned he immediately ran as fast as he could to sign up.


In order to help clean up the legal profession, Adam Kilgore of the Mississippi Bar will be giving away free, round-trip plane tickets to the North Pole where they keep their bar complaint forms (which are NOT available online). If you don't want to go to the North Pole, you can enjoy Brant Brantley's (of the Mississippi Commission on Judicial Performance) free guided tours of the quicksand field over by High Street where all complaints against judges disappear. If for some reason you are unable to control yourself, never fear; Judge Houston Patton will operate his jail where no lawyers are needed or allowed as you just sit there for minutes... hours.... months...years until he decides he is tired of you sitting in his jail. Do not think Judge Patton is a bad judge however as he plans to serve free Mad Dog 20/20 to all inmates.

Trollfest '09 is a pet-friendly event as well. Feel free to bring your dog with you and do not worry if your pet gets hungry, as employees of the Jackson Zoo will be on hand to provide some of their animals as food when it gets to be feeding time for your little loved one.

Relax at the Fox News Tent. Since there are only three blonde reporters in Jackson (being blonde is a requirement for working at Fox News), Megan and Kathryn from WAPT and Wendy from WLBT will be on loan to Fox. To gain admittance to the VIP section, bring either your Republican Party ID card or a Rebel Flag. Bringing both and a torn-up Obama yard sign will entitle you to free drinks served by Megan, Wendy, and Kathryn. Get your tickets now. Since this is an event for trolls, no ID is required. Just bring the hate. Bring the family, Trollfest '09 is for EVERYONE!!!

This is definitely a Beaver production.


Note: Security provided by INS.

Trollfest '07

Jackson Jambalaya is the home of Trollfest '07. Catch this great event which promises to leave NE Jackson & Fondren in flames. Sonjay Poontang and his band headline the night with a special steel cage, no time limit "loser must leave town" bout between Alan Lange and "Big Cat"Donna Ladd following afterwards. Kamikaze will perform his new song F*** Bush, he's still a _____. Did I mention there was no referee? Dr. Heddy Matthias and Lori Gregory will face off in the undercard dueling with dangling participles and other um, devices. Robbie Bell will perform Her two latest songs: My Best Friends are in the Media and Mama's, Don't Let Your Babies Grow up to be George Bell. Sid Salter of The Clarion-Ledger will host "Pin the Tail on the Trial Lawyer", sponsored by State Farm.

There will be a hugging booth where in exchange for your young son, Frank Melton will give you a loooong hug. Trollfest will have a dunking booth where Muhammed the terrorist will curse you to Allah as you try to hit a target that will drop him into a vat of pig grease. However, in the true spirit of Separate But Equal, Don Imus and someone from NE Jackson will also sit in the dunking booth for an equal amount of time. Tom Head will give a reading for two hours on why he can't figure out who the hell he is. Cliff Cargill will give lessons with his .80 caliber desert eagle, using Frank Melton photos as targets. Tackleberry will be on hand for an autograph session. KIM Waaaaaade will be passing out free titles and deeds to crackhouses formerly owned by The Wood Street Players.

If you get tired come relax at the Fox News Tent. To gain admittance to the VIP section, bring either your Republican Party ID card or a Rebel Flag. Bringing both will entitle you to free drinks.Get your tickets now. Since this is an event for trolls, no ID is required, just bring the hate. Bring the family, Trollfest '07 is for EVERYONE!!!

This is definitely a Beaver production.

Note: Security provided by INS
.