Creepy Facebook surprise

Calboner

Superior Member
Verified
Gold
Joined
Aug 16, 2007
Posts
9,024
Media
29
Likes
7,717
Points
433
Location
USA
Verification
View
Sexuality
100% Straight, 0% Gay
Gender
Male
facebook is sneaky. it's suggested friends to me that have been people i've interacted with on other "adult" sites. instagram did the same thing.
That's exactly what I was talking about in my original post. The the most plausible explanation that I ever found, at least as far as my own case is concerned, is this one:
If I understand this correctly, all that has to happen for Facebook to know that I visit this site is for me to click on a link on this site to a page on Facebook--which I have most likely done at some point. If my LPSG friend has done the same thing, Facebook may eventually put us together under "People You May Know."
Following the instructions on this page and some pages in the Mozillazene site that confirm them, I've modified the controls in my browser to stop sending the "referer" (sic) of my originating Web page when I follow links.
*Post-NSA scandal bump*

How shocking to discover in 2013 that we're being watched by corporations. This sort of thing would never have happened in 2012. :rolleyes:
Silly Wuzzy: don't you know that surveillance done by corporations is part of FREEDOM®?

Fuzzy's explanations of technical points in this thread (I've been re-reading through it) have been useful.

And I'll just cite this cartoon ("You're not the customer: you're the product") again for anyone who missed it the first time.
 

petergroot

Superior Member
Account Deletion Pending
Joined
Jul 28, 2007
Posts
5,201
Media
83
Likes
8,615
Points
443
Location
Australia, Cuba
Sexuality
90% Straight, 10% Gay
Gender
Male
I have just come across this thread and it is very creepy indeed.
I was on face book a good few years ago for a period of 3 weeks and realized the benefits to me was nil, and the risks to me was infinite so I disabled the FB account. Which was a lot more difficult than it was to open it.
All so-called social media is risky.
And although I would like to think Yahoo/gmail is safer, I know I am living in a dreamworld. THEY have us by the short and curlies.
The pig cartoon says it all.
 
Last edited:

Jimmyd312

Sexy Member
Joined
Mar 2, 2009
Posts
94
Media
0
Likes
48
Points
93
Location
florida
Sexuality
99% Gay, 1% Straight
Gender
Male
I have nothing to hide. So I don't care.

As for Calboner's original post, sounds to me like cookies and the computer needed to be cleaned up. Not just the browser but the hard drive as well.


Yeah, some Germans in the 1930's didn't care either because they thought they didn't have anything to hide. Just saying.
 

Calboner

Superior Member
Verified
Gold
Joined
Aug 16, 2007
Posts
9,024
Media
29
Likes
7,717
Points
433
Location
USA
Verification
View
Sexuality
100% Straight, 0% Gay
Gender
Male
Yeah, some Germans in the 1930's didn't care either because they thought they didn't have anything to hide. Just saying.
FYI:
Godwin's law (also known as Godwin's Rule of Nazi Analogies or Godwin's Law of Nazi Analogies) is an assertion made by Mike Godwin in 1990 that has become an Internet adage. It states: "As an online discussion grows longer, the probability of a comparison involving Nazis or Hitler approaches 1." In other words, Godwin said that, given enough time, in any online discussion—regardless of topic or scope—someone inevitably makes a comparison to Hitler or the Nazis.

Godwin's law - Wikipedia, the free encyclopedia
 

Fuzzy_

Legendary Member
Joined
Nov 1, 2011
Posts
4,253
Media
0
Likes
1,105
Points
258
Location
Wuziland
Gender
Male
Reports: NSA has cracked much online encryption - CNN.com

From the article:
The U.S. National Security Agency has secretly succeeded in breaking much of the encryption that keeps people's personal data safe online, according to reports by The New York Times, The Guardian and ProPublica.

The reports, produced in partnership and published Thursday, are the latest to emerge based on documents leaked by former NSA contractor Edward Snowden to Britain's Guardian newspaper.

According to the reports, the NSA, alongside its UK equivalent, Government Communications Headquarters, better known as GCHQ, has been able to unscramble much of the encoding that protects everything from personal e-mails to banking systems, medical records and Internet chats.

The agencies' methods include the use of supercomputers to crack codes, covert measures to introduce weaknesses into encryption standards and behind-doors collaboration with technology companies and Internet service providers themselves.
Again, Snowden is 'revealing' domestic surveillance information that most of us [who were] in the bid'ness already know about. If corporations aren't complying with government warrants then the government simply hacks them. This evidence is not legally admissible in court, but it can get the ball rolling in a criminal investigation.

Most applied crypto is fatally broken. We don't know if current methods are vulnerable or not, so we just look at what methods have withstood the test of time... which is pathetic.

Developers need to keep a few rules in mind:

  • Passwords/keys should never be stored raw; only store them as part of an authentication signature
  • MD5 hashing is obsolete and only good for bit verification. Replace it with sha256. Use sha512 for the most secure information.
  • The NSA has approved AES as the standard but there are even better asynchronous encryption algorithms. AES is still great if you use a big key (256+ bits) with a highly-random IV.
  • Don't use alphanumeric keys: they represent only a fraction of each byte. If you need to store it as text, encode it to base64 (or hex, but base64 is smaller).
  • Randomly salt your hashes and IV your async cypher. When in doubt, do both (data can always be salted).
  • Just remember that your database or connections with clients can always be stolen/snooped on, but if your crypto is good enough, it shouldn't matter. SSL is okay for protecting your connection but you need a good service with a good key. Fuzzy isn't aware of any keyholderk like VeriSign, that has released keys to the government... yet.
  • Most importantly, slow down your crypto. The NSA uses brute force methods (trying as many variations as possible) and this takes time. Using a complex algorithm is good, but layering it is even better (a hash of a hash of a hash, etc.) Just keep in mind that it takes a lot of overhead for servers, which of course must use the same process, so don't get carried away with the iterations and only use it for special authentication. Fuzzy's slowest hashing method has about 8,000 iterations of SHA512, with a new salt for each iteration.

For users:

  • Don't use dictionary words.
  • Adding numbers helps a lot; if your spouse might know that your password may be "veronica", they probably won't know that it could be "veronica9713". Of course, personal names should be avoided altogether.
  • Choose 'secret' questions that your spouse doesn't know (your mother's maiden name) and the government can't look up (what hospital you were born in)
  • Don't use the same password for every site.
  • Think: "length, complexity, variation, variety," as in, make your passwords long, make them complicated, update them often, don't recycle them.
  • If you're curious, here is Microsoft's password checker that can tell you how secure your password is.

Silly Wuzzy: don't you know that surveillance done by corporations is part of FREEDOM®?

Fuzzy's explanations of technical points in this thread (I've been re-reading through it) have been useful.

And I'll just cite this cartoon ("You're not the customer: you're the product") again for anyone who missed it the first time.

People get so upset when the government snoops on them but don't seem to care if corporations do. Maybe it's the opt-in/opt-out nature of websites, but people still choose to freely offer private information to corporations without a complaint. Now that they know much of the information can be seen by the government, maybe they'll be a bit more responsible.
 
Last edited: