Stalking Privacy on Facebook, One Psycho at a Time

by John Fontana

If you were asked who could harvest a trove of personal data from 10 million Facebook users in just three weeks you might guess company CEO Mark Zuckerberg over Jason Zada. You'd be dead wrong.

Who is Zada? He offered something scary at Halloween and nearly 10 million strangers stepped up and provided him access to their personal Facebook information to get it. Unwittingly walking him past their privacy settings and into their policy-protected data vaults. Maybe you were one of them?

Certainly more than 10 million people viewed Zuckerberg's private photos a few weeks ago when a Facebook bug exposed them to the public. But Zuckerberg was hacked, Zada's millions were socially engineered, accomplices in their own fleecing.

What sophisticated tool did he use? Facebook Apps.

Zada was the creator of TakeThisLollipop.com, a viral Facebook app that collected your Facebook pictures and profile information and put it in the middle of a psycho stalker video.

It was hailed as brilliantly scary. The video ends with the psycho getting out of his truck at a house. Your photo taped to his dashboard. Zada said it was a message about privacy.
"If you look at the video, the scariest part is that your information is in the video. The piece is scary because a person is violating your privacy, not because it's bloody or there's anything jumping out," he told AdAgeDigital.

Actually the scariest part is that your information is in the hands of the Facebook application developer - in this case Zada, who it turns out is benign. His intent was to entertain and his app clearly stated it was not saving your information. But what's to stop a real life psycho from doing the same thing and saving the data? Nothing really.

Facebook has a set of usage policies for its Facebook Platform, which is what developers use to create apps. Among other requirements, the policies dictate application owners must delete all user data if they stop using the platform or Facebook shuts down their app. And policy says app developers must 'delete all data you receive from us concerning a user if the user asks you to do so.'

If developers are running a business, policy means something. If you're running a scam, policy talk is cheap.

How can a real-life psycho (or scammer, phisher) get your 'protected' data? Ironically, exactly the same way Zada did.

Set-up an app that lets users grant you access to their data, show them a video or offer a game, collect their information, stalk in real life.

In Zada's video you see the psycho is looking at a map to your house. Where do you think that information came from?

What Zada proved is that the Facebook stalker scenario is real-life. The potential psychos you block via privacy settings know your back door is unlocked. A scam would likely run the same as TakeThisLollipop. It sprung up on the Internet, went viral and disappeared in 20 days.

Could it have been sleuth hackers, the Russian mafia, the cliché computer hermit in his parent's basement?

It's an email phishing scam mimicked on the social web. It relies on user habit and social engineering - surfing, prurient interest, etc.

Do users know (or care) Facebook apps by-pass privacy settings? One developer I spoke to said after he wrote his first Facebook app he revoked access to every Facebook application he had signed on to. He was dumbstruck by the amount and depth of user information his app made available to him. When he tested it against his own Facebook account, no matter how tightly he screwed down his privacy settings, the app still had access to just about everything it requested.

TakeThisLollipop.com proves that a fool and his password (and data) are soon parted. Facebook is a ripe audience; unwittingly picked apart.


original article found here

5 Steps We Can Take to Avoid Being Cyber-Bullied

by Philip J Reed, on behalf of Westwood College
(Mr. Reed is a Guest Writer for EOPC)

“Cyber-bullying” is a term we hear more about each day. There are always more examples – all too many of which end in tragedy – of the internet and other technologies being used to torment, browbeat and humiliate otherwise innocent people.

Frequently these targets are children or young people, but a new study conducted by professor Andy Pippen for Plymouth University in England has revealed that adults are increasingly becoming targets as well. Pippen looked only at teachers, but he found that one in three teachers has been cyber-bullied… and that a quarter of those cyber-bullies were other adults!

Cyber-bullies aren’t just children, and neither are the victims. It’s a serious cause for concern, and it’s something everybody should understand, and be aware of the steps they can take to avoid it. Being cyber-bullied can ruin a life, or dramatically increase the quality of that life. Know the facts in advance, and keep reading to find our five tips on how to avoid being cyber-bullied.

1) Keep Your Information Private!
There’s a reason we’re putting this one first, and that reason should be obvious. As Thomas Hobbes once said, “Knowledge is power.” The more you tell your cyber-bullies about yourself, the more ammunition they will have to use against you. And, perhaps, the more they will be able to manipulate you in the hopes that by playing along you will prevent them from releasing (or misusing) more of your information.

Of course, nobody knowingly “provides” their cyber-bullies with personal information. Unfortunately, information provided to otherwise benign websites and databases can either be accessed or hacked by a devoted cyber-bully. Don’t provide any private information about yourself to any site unless it is absolutely necessary. And we don’t just mean your address and social security number. Sensitive information can include (but is not limited to) the town in which you live, your mother’s maiden name, the names of your pets, or even the fact that you’ll be going on vacation for two weeks. Any of this can be used to find you, manipulate you, or access your private records. (A fairly recent high-profile case involved the hacking of Sarah Palin’s private email account, simply because the hackers listened to her interviews and used that basic personal information to solve her security questions!) Take cyber security seriously! The bullies certainly do!

2) Do Not Play Along!
If you are being cyber-bullied, know that it is serious! Do not engage them, do not encourage them, and, most of all, do not try to bully them in return! If a cyber bully has picked you as a target, they are prepared. Any attempt to bully them in return is almost guaranteed to backfire.

Ignoring cyber bullies can actually work, to some extent. If you don’t reply to their emails or instant messages, they can either become bored or convinced that you are not reliably reachable in that way… even if you are. This can encourage them to move on to another target.

Of course, ignoring them won’t work every time, especially if you’ve been singled out by a bully specifically. They may keep emailing, texting, or even calling in the hopes that you are being rattled by their methods. Ignoring them may not stop this behavior, but bear in mind that it does stop them from obtaining any new information to use against you. If you were responding to them, you’d be giving them more ammunition, or just inflaming the situation further. Avoid doing either of those things like the plague!

3) Inform the Authorities!
There’s a fine line between teasing and bullying, but, typically, we know bullying when we see it. Once you’re sure that you’re being legitimately harassed or tormented (rather than, say, a friend playing a joke on you), take it to the police. This is especially true – and important! – if you are being actively threatened. The police need to know, and they need to know soon!

Modern computer forensics techniques can uncover a great deal of information about your bullies, and the sooner you report them, the more likely they can be traced. Of course a technologically savvy bully can cover his tracks in many ways, but don’t assume that they’ve done so successfully! Let the authorities do their best to track them down.

Bear in mind that the police may not be able to do much when the bullying is small scale, but by completing an incident report early on, you will have a stronger case if the bullying continues, or increases, down the line. Don’t wait to report it. If you know you are being bullied, call the police!

4) Always Think Before Responding!
Sometimes bullying can be defused, but often it cannot, or at least not by the victim. Always think twice about responding to any unsolicited messages. If you do not recognize a screen name that is sending you messages, even if they seem friendly, be sure to find out if you actually know this person before divulging anything at all. Tell them that they have three chances to tell you who they are and how they know you, and if they still don’t tell you after the third time you ask, block them.

It may seem callous or even rude to do this, but you can’t be too safe. Even one incident of cyber-bullying can scar a human being for a lifetime; it is not worth the risk.

If you do intend to speak to somebody you don’t know, whether in a chat room or on a message board, always try to be polite. Even if you are blocking or ignoring somebody, rudeness can only inflame situations, so avoid it at all costs!

Which leads us into our final (but not least important) tip…

5) Be Aware of What You’re Doing Online!
The best tip to avoid cyber-bullying is simply to avoid angering a cyber bully in the first place! Of course this is not always possible (for many obvious reasons), but you can minimize the likelihood of becoming the victim of cyber-bullying simply by monitoring your own presence online.

If you are rude to people, the odds are very good that they will be rude in return.

If you compromise somebody else’s security for any reason, you leave yourself open to retaliation. Behave yourself in internet discussions. Be calm, be rational, and be understanding of the viewpoints of others. You will never know what may set somebody off, be it your opinion about politics, religion, or last night’s episode of The Office, so watch how you phrase things, and always be big enough to back out of discussions completely when you see them getting out of hand.

Again, this will by no means insulate you from cyber-bullying overall, but it will help to minimize the potential of becoming a target. The sad fact is everybody on the internet, from the least-knowledgeable young girl with her first computer to the college-educated systems administrator with a degree in information security. Nobody is exempt, and everybody has responsibility to themselves to stay vigilant, to stay alert, and to stay safe.

Study Shows Over 30% of Internet Dating Site Users are Married

Study Shows Over 30% of Internet Dating Site Users are Married
Newly launched PrivateDateFinder.com is the first and only dating site where you can find romance without anyone else knowing. The site offers a unique way to conceal both how you pay as well as eliminating all the tracks you leave behind. The result is confidential purchases and the comfort of knowing your activities remain private.

(Monarch Bay, CA.) – First Privacy Financial, LLC. announces the launch of www.PrivateDateFinder.com, the first and only dating site where you can find romance without anyone else knowing. The site offers a unique way to conceal both how you pay as well as eliminating all the tracks you leave behind. The result is confidential purchases and the comfort of knowing your activities remain private.

Research shows that over 30% of existing online date site members are either married or in relationships. However, no one has addressed this large segment who desire real privacy or those who never used online dating simply because they didn't want anyone else knowing. They simply do not want to get caught.

Jerry Klein, President / CEO of the First Privacy Financial said; “Private Date Finder offers a real solution to those who simply do not want anyone else to know they are using a dating site. In a USA Today poll an overwhelming 88% of respondents said they are concerned about their privacy and consider protecting it important. Now you can safely buy anything online and no one will know."

Private Date Finder includes free membership in EverPrivate, a proprietary patent pending web-based service that erases all your tracks from any PC without any downloaded software. Also included is a free prepaid PrivaCash MasterCard, a virtual Debit card issued instantly online that can be re-loaded at 35,000 retail locations.

Mr. Klein said; “We have partnered with Relationship Exchange to enable our members to have access to over 2 million existing online dating members from sites under their management. This provides Private Date Finder members a huge number of romance partners wherever they live, right from our launch. Sign-up is free and the EverPrivate features are available instantly.” 

(Why let a little thing like being married interfere with your dating?? - EOPC)

Internet Becoming a Pathway to Violations

by David Linton

Officials say people with restraining orders against them are using social networking to contact victims and victim's friends & families.

(Massachusetts, USA) A man embroiled in a domestic dispute with his estranged wife contacted her friends in an effort to see their kids, which was prohibited by a restraining order.

"She should let him see their father. She has issues with him. It shouldn't get in the way of the kids. Pass on the love," he allegedly said.

Prosecutors argued that the defendant, 38-year-old George Manchester of Fall River, violated a restraining order by trying to contact his estranged wife through her friends.

Only Manchester, who denies the allegations, did not speak to the friends directly or send them a letter.

Prosecutors say Manchester, who police say has a history of domestic violence and violating restraining orders, reached out through cyberspace on the social networking website Facebook. "Your honor, it looks like he's coming up with more creative ways to violate the restraining order without getting caught," Assistant District Attorney Kelly Costa argued last month during a bail hearing for Manchester in Attleboro District Court.

The use of social networking websites like Facebook, Twitter and MySpace by domestic abuse defendants prohibited from contacting their victims is becoming more common, authorities say, as the use of the websites has proliferated in society.

North Attleboro police Detective Michael Elliott says he's investigated numerous cases in which restraining orders were violated by people using social networking websites, as well as e-mail and cellphone texting.

"Just because it's not in person doesn't mean it's not a violation," said Elliott, who has investigated numerous cybercrimes. "Violations using the phone and violations over the Internet are very similar."

Officials at New Hope, a non-profit women's shelter and domestic abuse support agency, say technology is a good way to keep in touch with family and friends, but it also has been used to torment domestic abuse victims.

"Many of New Hope's clients have in some form or at some point had technology used against them by their abuser, and perpetrators of violence are becoming increasingly 'tech-savvy' in using various devices to abuse or locate their victims," New Hope spokeswoman Laura Hennessey Martens said. "It is important for survivors to know that while living in an abusive home or even after leaving their abuser, social media, cell phones and other technologies can continue to be used against them and may jeopardize their safety," Martens said.

In Bristol County, there have been cases in all four district courts in which defendants have violated restraining orders through text messaging or social networking sites.

In one New Bedford case, a man is alleged to have taken his ex-girlfriend's cell phone and texted her friends, threatening to kill her, said Gregg Miliote, a spokesman for Bristol County District Attorney Sam Sutter.

"We've had defendants threaten to kill victims and burn their houses down. It seems that in the past few years it is an ever more popular way for defendants to violate restraining orders," Miliote said.

There are no local statistics to show the number of incidents, Miliote said, but prosecutors in the domestic violence unit have been successfully prosecuting more and more defendants for violating restraining orders through cyberspace.

"It's not unusual," Miliote said.

A U.S. Justice Department survey released last year noted that 1 in 4 stalking victims reported some form of cyberstalking by e-mail or instant messaging - and that was based on information gathered in 2006.

With the increased popularity of social networking and smartphones within the past few years, authorities say instances of cyberstalking or prohibited contact due to a restraining order is almost certainly higher.

Social networking, whether by e-mail or websites, is becoming more popular among all age groups, with 86 percent of those 18 to 26 using social networking sites, up from 16 percent in 2005, according to a survey released last month by the Pew Research Center.

Users 30 to 49 shot up from 12 percent in 2005 to 61 percent in May 2010.

The fastest growth occurred in the 50 to 64 age group, with the figures more than doubling in one year. Last year, 22 percent said they used social networking sites, jumping to 47 percent in May 2010, according to the Pew survey.

Martens says domestic violence victims can protect themselves.

While each domestic violence survivor's situation is unique and may require different strategies to "stay ahead" of his or her abuser, some basic technology safety tips include:

If using a computer that your abuser might have access to, be sure to clear your browser. However, computer use can still be monitored and Internet use is impossible to completely clear.

It is recommended that survivors instead use a computer that the abuser does not have access to.

Keep personal or identifying information offline. Online photos and postings can be used to track victims' whereabouts. This includes photos and postings by family and friends of a survivor.

Keep in mind that, even when selecting privacy settings at the highest level of privacy, there is still no guarantee that the information will be or will remain private.

Keep in mind that cell phones, car safety tracking systems and other technologies have GPS tracking devices that can be used by abusers to locate their victims.

More information is available on New Hope's website http://www.new-hope.org

original article found here

Facebook - Not So Private!

By Daniel Emery Technology reporter, BBC News

(CANADA) The man who harvested and published the personal details of 100m Facebook users has spoken out about his motives.

Ron Bowes, a Canadian security consultant, used a piece of code to scan Facebook profiles, collecting data not hidden by users' privacy settings.

The list, which contains the URL of every searchable Facebook user's profile, name and unique ID, has been shared as a downloadable file.

Mr Bowes told BBC News that he did it as part of his work on a security tool.

"I'm a developer for the Nmap Security Scanner and one of our recent tools is called Ncrack," he said. "It is designed to test password policies of organisations by using brute force attacks; in other words, guessing every username and password combination."

By downloading the data from Facebook, and compiling a user's first initial and surname, he was able to make a list of the most common probable usernames to use in the tool.

The three most common names, he found, were jsmith, ssmith and skhan.

In theory, researchers could then combine this list with a catalogue of the most commonly used passwords to test the security of sites. Similar techniques could be used by criminals for more nefarious means.

Mr Bowes said his original plan was to "collect a good list of human names that could be used for these tests".

"Once I had the data, though, I realised that it could be of interest to the community if I released it, so I did," he added. I am of the belief that, if I can do something then there are about 1,000 bad guys that can do it too”

Mr Bowes confirmed that all the data he harvested was already publicly available but acknowledged that if anyone now changed their privacy settings, their information would still be accessible.

"If 100,000 Facebook users decide that they no longer want to be in Facebook's directory, I would still have their name and URL but it would no longer, technically, be public," he said.

Mr Bowes said that collecting the data was in no way irresponsible and likened it to a telephone directory.

"All I've done is compile public information into a nice format for statistical analysis," he said

Simon Davies from the watchdog Privacy International told BBC News it was an "ethical attack" and that more personal information had not been included in the trawl.

"This is a reputational and business issue for Facebook, for now," he said

"They can continue to ride the risk and hope nothing cataclysmic occurs, but I would argue that Facebook has a special responsibility to go beyond doing the bare minimum," he added.

Snowball effect
Mr Bowes' file has spread rapidly across the net.

On the Pirate Bay, the world's biggest file-sharing website, the list was being distributed and downloaded by thousands of users.

One user said that the list showed "why people need to read the privacy agreements and everything they click through".

In a statement to BBC News, Facebook confirmed that the information in the list was already freely available online.

"No private data is available or has been compromised," the statement added.

That view is shared by Mr Bowes, who added that harvesting this data highlighted the possible risks users put themselves in.

"I am of the belief that, if I can do something then there are about 1,000 bad guys that can do it too.

"For that reason, I believe in open disclosure of issues like this, especially when there's minimal potential for anybody to get hurt.

"Since this is already public information, I see very little harm in disclosing it."

Digital trends
However, he said, it also highlighted a new trend that was emerging in the digital age.

"With traditional paper media, it wasn't possible to compile 170 million records in a searchable format and distribute it, but now we can," he said.

"Having the name of one person means nothing, and having the name of a hundred people means nothing; it isn't statistically significant.

"But when you start scaling to 170 million, statistical data emerges that we have never seen in the past."

A spokesperson for Facebook said the list was "similar to the white pages of the phone book.

"This is the information available to enable people to find each other, which is the reason people join Facebook."

"If someone does not want to be found, we also offer a number of controls to enable people not to appear in search on Facebook, in search engines, or share any information with applications."

Earlier this year there was a storm of protest from users of the site over the complexity of Facebook's privacy settings. As a result, the site rolled out simplified privacy controls.

Facebook has a default setting for privacy that makes some user information publicly available. People have to make a conscious choice to opt-out of the defaults.


original article here

'If You Don't Like It, Don't Read It'

By Nazia Parveen

A High Court judge yesterday questioned why Chris Huhne’s lover continued to read articles about herself when she found them offensive.

Mr Justice Tugendhat was told that Carina Trimingham, who is suing the Daily Mail for alleged harassment, had set up alerts through the internet site Google where she would be warned every time a Daily Mail or Mail on Sunday article mentioned her. She was said to have found many of them upsetting, taking particular offence at readers’ comments on the Mail website.

But the judge said: ‘Once she knew how things were being reported she continued to read the articles. This is the basic education of children, if you don’t like it dear, don’t go there.’

Miss Trimingham, 44, who was in a civil partnership when she started her affair with former Energy Secretary Mr Huhne, is suing over what she describes as homophobic references to her sexuality in newspaper stories. She accuses Associated Newspapers, parent company of the Daily Mail and The Mail on Sunday, of misuse of private information and harassment in 65 articles, including references to her size and hair.

But Daily Mail journalists, columnists and editors have denied that the articles were homophobic and have said the references to Miss Trimingham were descriptive and not designed to be offensive.

The five-day hearing, which finished yesterday, was told that Miss Trimingham didn’t buy the Daily Mail but had a Google alert set up to inform her every time she was mentioned in the newspaper or its website.

Anthony White QC, for Associated Newspapers, said: ‘She went looking for these articles. It is a highly relevant feature of the case that she set up these media alerts. The coverage was not that different to what was in other newspapers, there was just more of it.’

Matthew Ryder QC, for Miss Trimingham, said setting up an alert was the same as asking a friend what had been reported. He said: ‘When you are aware that newspapers are writing about you and that people are reading it, it is reasonable to assume that you would want to know it was going on.’

In a previous hearing Miss Trimingham admitted giving newspapers tips about the sex lives of Hollywood stars. Judgment in the case has been reserved.

original article found here

High Tech Adds to Abuse of Women

Mobile phones and computers are increasingly being used as tools to abuse, control and stalk women, a report from Women’s Aid reveals.

Many of the 14,613 women who called the Women’s Aid helpline last year said telephone, surveillance and computer technologies were being used to harass and intimidate them.

Women reported:

* How their home and mobile calls were being monitored, as well as their texts by their partners and ex-partners.

* How their phone conversations were being recorded.

* How they discovered that cameras had been secretly installed in their homes.

* Their online use had been tracked and scrutinized, with partners demanding access to their private email and social networking accounts.

* Their partners or ex-partners had put lies about them up on internet sites.

"The use of technology in domestic violence situations is now a key part of the wider pattern of emotional abuse," said Women’s Aid director Margaret Martin.

Women have told Women’s Aid that they feel like they were being watched constantly, that their privacy had been completely invaded and controlled.

"We also heard from women who had been photographed and filmed without their consent, sometimes having sex and having the images uploaded to the internet," she said.

Ms Martin said the use of technology often prevented women from seeking help as they feared that their partner would discover that they had phoned a helpline, had looked at a domestic violence website or spoken of the abuse to their friends, family or colleagues in an email or text.

She said the abuse did not stop for many women who left a relationship, with one in five women revealing that they had been abused by their former boyfriends, husbands and partners.

"For many, technology played a part in the stalking and harassment they experienced," she said.

Women told how they had been bombarded with texts and calls, often telling them in explicit detail how they would be attacked or even killed.

Younger women reported that their current or former boyfriends were stalking them on social networking sites.

Technology is also a lifeline for women experiencing abuse, with almost 90% of calls to the Women’s Aid helpline made from a mobile phone, while its website received over 39,000 visits.

Women’s Aid has also expressed concern about women who are being abused during pregnancy and shortly after the birth of a child.

"We hear from women who are forbidden to breast-feed their child, who are raped in the weeks following childbirth and women who are beaten while holding their baby."

* Women’s Aid national freephone number in Ireland is 1800 341 900.

original article here

What Happens Online Stays Online?

By Robert Weiss LCSW, CSAT-S

Today’s omnipresent fear that one’s personal identifying data (e.g., social security number or credit card information) may be vulnerable to hackers and identity theft has pushed millions of subscribers into the arms of “identity theft protection” companies like LifeLock.

But is anyone really paying attention to what will happen when the sexually explicit language and photos that are sent via the latest “friend finder” smart-phone app or sex website get hacked or otherwise exploited?

When “joining” sites like Ashley Madison or downloading apps like Blendr, participants are offered some measure of comfort via a click-it guarantee that personal information will be securely maintained. But somehow it seems off the radar to the same professionals and/or married individuals, who would never send their social security number online via an unsecured site, that when you sext and arrange app-based sexual hook-ups, every word and pic sent via these apps also resides in a far-away server. And that information lives there for a whole lot longer than the instant it takes to sext a potential hook-up.

What happens to all the intensely personal, intimate sexual imagery and language now housed in the servers of companies like Ashley Madison (currently reporting over 9 million members), Adult Sex Finder and Grindr, to name just a few, if these business are bought out, go under or just plain get hacked? If recent news stories are any indication, online sexual activity isn’t nearly as private as many may naively believe:

Last month, Grindr, a popular smartphone app that enables gay men to meet other gay men using their phone’s GPS, was compromised by a Sydney hacker, who then placed users’ personal chats, explicit photos and private information online. This app currently has more than one million users worldwide. Security experts warn that the same vulnerabilities are present in other hook-up apps such as Blendr (the straight version of the app) and Ashley Madison.

Last week, a young man affiliated with hacker group Anonymous claimed to have hacked into a website operated by pornography provider Brazzers. The emails, usernames and other personal information of more than 350,000 users may have been exposed, a small sample of which were posted publicly online.

Anonymous has also just claimed responsibility for taking down the CIA website. Previously, the group took aim at the FBI, the Department of Justice, entertainment companies and the Church of Scientology, among others. Similar groups have targeted the U.S. Census Bureau, Interpol and various state public safety departments.

Over 20 years as a specialist in the field of adult intimacy disorders and sexual addiction has taught me (and you can see it clearly in the film Shame), that those intellectually stable, but emotionally challenged adults with problem patterns of sexual behavior can and do destroy their careers and tear apart their relationships without meaning to do so. All the while they believe they were somehow “safe” from being found out.

Unfortunately nearly all of these men and women prior to getting help expressed feeling when they are in the pursuit or “bubble” of their sexual and romantic highs that:

• They are “in control” and “know what they are doing”
• “No one will ever know or find out” if they’re “careful”

I need only cite Fmr. Congressman Anthony Weiner as one of the many unfortunate examples of this type of denial. And there are many more such individuals with stories in and out of the media nearly every day.

As technology becomes more intimately threaded into our lives, perhaps we need to broaden our ideas about what is truly “private” and what can be readily uncovered and shared in a public forum. If not, when the day comes (and it will) that the personal data currently maintained by any of the friend-sex-finder websites/apps are exposed and posted on a U.S. website, the Anthony Weiner sexting story, his subsequent marital separation and congressional resignation are going to look like a Girl Scout party by comparison.

Robert Weiss is the author of three books on sexual addiction and Founding Director of the premiere sex addiction treatment program, The Sexual Recovery Institute. He is Director of Sexual Disorders Services at The Ranch and Promises Treatment Centers. These centers serve individuals seeking sexual addiction treatment, love addiction treatment, and porn addiction help. Specifically, the Centers for Relationship and Sexual Recovery at The Ranch (CRSR) offer specialized intimacy, sex and relationship addiction treatment for both men and women in gender-specific, gender-separate treatment and living environments.

original article here

In Just One Hour Online...

It took just one hour for internet experts to find out almost every private detail of one woman's life

Steve Boggan challenged web experts to see how much they could discover about his partner. The results were chilling...

As I sit writing this, I am feeling vaguely grubby — guilty even — in the way a neurotic husband might after hiring a gumshoe to go trawling through his wife’s secrets.

There is a 15-page report in front of me chronicling virtually every aspect of my girlfriend’s life: past and present. That includes her friends, education, embarrassing pictures, former boyfriends and long-forgotten relatives.

Much of the information is new to me. And the uses to which it could be put — uses I hadn’t dreamt of until this week — are chilling.

Armed with this information, criminals could use her identity to commit fraud or resurrect minute details of her past, her movements and friendships to lure her into scams or even dangerous liaisons.

It could be used to con her into revealing her bank details and credit card numbers.

My internet snooping began because the CEO of Google, Eric Schmidt — a man not known for worrying about internet surfers’ privacy — suggested recently that young people might want to change their identities in the future in order to separate themselves from a past lived too openly on the internet.

We all know Facebook pictures of you dancing at a party with a traffic cone on your head might come back to haunt you. But change your identity completely?

Surely, I wondered, there isn’t enough out there to warrant that.

So I decided to find out how much I could discover about my partner of 12 years, Suzanne, just by using the internet.

Before you think I’m a rat, I should point out that Suzanne, a 39-year-old with a soft furnishings business, agreed to it.

I began in the way lots of identity thieves do: with her name and address. Of course, I knew these details, but identity thieves often discover them by ‘dumpster diving’: looking through dustbins for a discarded piece of mail.

I passed Suzanne’s name and address — but no other details — to Adam Laurie, a 48-year-old computer security and internet privacy advocate.

He shared the information with Chris Sumner, 39, another security expert, who works for a multi-national corporation.

Or at least, that is Sumner’s day job; by night, he analyses vast amounts of information publicly available on the internet to see what it can tell him about criminal activity — in this case, how fraudsters are using social networking sites to choose their victims.

Using sophisticated and completely legal computer techniques, he looks for patterns in the behaviour of internet users to uncover otherwise hidden links.

In the case of social networking sites, he can see just how close two people, or groups of people, really are to each other.

He had met neither me nor Suzanne and knew nothing of her existence until given her name and address.

A day later, his findings dropped into my email inbox.

Picking Suzanne’s life apart, he told me, had taken him just over an hour.

This is because, in common with millions of people in Britain, Suzanne uses the social networking sites Facebook and Friends Reunited, and has signed up to the business networking site LinkedIn and Flickr, the photo-sharing website.

By also using the genealogy website ancestry.co.uk, Sumner was able to piece together the names of all but one of Suzanne’s relatives, including cousins.

Using electoral rolls on 192.com and by searching on Google, he found the addresses of her parents and lots of her friends and colleagues.

From her LinkedIn and Facebook profiles, he found the names of Suzanne’s primary and secondary schools, and a college she had attended in Derby. He also discovered she had studied fine art at Central St Martin’s College of Art & Design in London.

He also had details of Suzanne’s qualifications and pictures of her from her days at school. The snaps weren’t hers — an old schoolfriend had put them on Facebook.

There were some naff hairstyles, but that was as deep as the embarrassment went. Only you know whether a trawl of pictures of you would be more damaging.

But Sumner didn’t stop there. He was able to tell me that Suzanne had travelled extensively in Europe, Asia, the Caribbean and the South Pacific.

This was because she had used an application on Facebook that linked to the travel website TripAdvisor. You fill in where in the world you have been to keep your relatives up to date. But anyone can see it.

He was not only able to list all 41 countries she had visited, but also the 162 towns and islands to which she had been.

Sumner was able to tell me Suzanne’s exact movements by cross-referencing her TripAdvisor entries with photographs she had posted on Flickr.

When you click on a picture on Flickr, a small box gives you access to detailed information that is entered not by you, but by your camera. So, the date and time of the shot are included.

Now that phones and cameras have GPS, there are even concerns that the location of where you uploaded the picture — normally where you live — might be visible.

From a mixture of all of these websites, Sumner listed Suzanne’s likes, dislikes, hobbies, the 34 towns and cities she had visited in Britain, the places where she used to socialise in her youth and details of her former jobs in the newspaper industry.

In fact, it’s fair to say that after just one hour’s trawling he knew more about many aspects of my girlfriend’s past than I did.

Shocking? Perhaps. Yet also astonishingly easy. Suzanne had voluntarily signed up to these websites and, bit by bit, put most of this information out there herself — and forgotten much of it.

However, what I found even more disturbing is that much of what Sumner found was supposed to have been visible only to people whom Suzanne had accepted into her inner circle of ‘friends’ on each networking website. This turned out to be dangerously naive.

Over the years, standard privacy settings— notably for Facebook — have changed, so what you once thought was private has become public.

You are notified about these changes, but if you forget to adjust your individual settings to return to the old level of privacy (which can be fiendishly complicated) then some of your private information becomes available for everyone to see.

‘There are some weird, strange quirks that let you into places you aren’t supposed
to go,’ says Sumner.

‘For example, on Facebook you may not be allowed to see someone’s photographs because they’re private. But if they post a message with one of their photos attached, you are given the option of seeing their whole album. And as you can imagine, that can be embarrassing.’

According to Sumner and Laurie, organised criminals are using this information
in increasingly sophisticated ways to target victims.

‘Criminal gangs are carefully fishing for victims,’ says Laurie. ‘In the past, they would have sent out thousands and thousands of spam emails in a scattergun fashion — and many still do.

‘These are called phishing scams and involve fake requests from banks asking
people to confirm their account details, passwords and so on. The hope is that, once in a while, someone would be silly enough to reply.

‘Today, they are much more targeted. For example, with the information we got about Suzanne from Flickr, you would be able to see where she visited, when, and, if there were captions on the pictures, with whom.

‘After that, the criminals (or romance scammers) would tailor a scam. If they noticed that, say, she was a regular visitor to Malawi, they would make an introduction online, claiming they were a friend — for example, called Dave — of someone she visited there with five years ago.

‘Surely she remembers them? From that beach — her friend was there, too ... yes?

‘Usually people are too embarrassed to say they don’t remember. Then ‘‘Dave’’ claims he is setting up an orphanage — would she like to make a contribution towards it?

‘Or they might simply say they’re a friend of a person you were with and say he’s gone back there, broken his leg and they’re having a fund-raising collection to airlift him home. It’s crude, but effective.’

Sumner says it can get even more complex, with software tools that can work out who is friends with whom among your online groups of contacts.

‘Once you have established a person’s inner network, you go back into their history to find someone they knew at school who isn’t in that network of close friends and who hasn’t signed up to networking sites,’ he says.

‘Then you join those sites in their name, establish yourself with their online identity and ask your original target to accept you as a friend on, say, Facebook.

‘Before you know it, you are inside their life as a trusted person they think they used to know.

‘Once you are in, you can read about what your target and their friends are up to, such as when they are going on holiday. With that information, you can burgle their homes.

‘You can even ask to be Facebook friends with their children. This is a particularly frightening way for someone to stalk you or your family. They can introduce themselves as a Facebook friend of Mum or Dad. And then it’s only a couple of steps away from something awful happening.

‘Teenagers, in particular, are very indiscreet and post hundreds of pictures of themselves, sometimes drunk with their friends in the living room in front of the plasma screen TV or home cinema.

‘Not only are these the sort of pictures that will come back to haunt them in the future — potential employers aren’t supposed to look at these, but they do — but it’s also a dumb way to show burglars what property you have and where it is.

‘Especially after your children have told all their “friends” when the house is going to be empty.’

Sumner described how some of the information he gained from Suzanne would have helped him to get hold of her bank and credit card details. I won’t reveal exactly how he did it, but it involved using some of her social networking information to gain her confidence, then posing as a friend and asking if her business would make some curtains for him with a sample of material he’d seen on another website.

The catch would be that he had set up that other website himself and when she visited it some rudimentary programming he had installed would help him acquire her credit card details.

I ask Suzanne if she would have fallen for the scam. ‘It’s hard to know, but based on what he said, why wouldn’t I have gone along with the requests of a potential customer?’ she says.

There are other ways, too, that criminals can use personal information harvested from the internet. For example, people often use the names of their children or
pets as passwords for online shopping sites.

If criminals can find these names, by gaining access to your social networking circle, they can try to hack into your accounts on popular shopping sites such as Amazon and view your shopping history, or even order expensive goods to be sent to a pick-up address. (I did not ask Laurie or Sumner to attempt this because it would be in breach of data protection law.)

What can we do about all this? Well, not a lot, other than to be aware your information can be used in more sinister ways than you can possibly imagine, and to be on your guard.

As for your children, they can be warned to modify their behaviour and to think twice about what they write and post online and whom they accept as ‘friends’.

According to Linda Weatherhead, principal policy advocate for the campaign group Consumer Focus, social networking sites bear much responsibility for this explosion of potentially useful information.

‘It is a complex problem, but one simple way of making things safer would be to have all our information kept private as the default setting,’ she says. ‘Then it would be up to you how much you want to relax them as you decide to share more of your private
information.

‘Beyond that, we just have to be careful what we put out there — you can advise children about what they are doing, but you can’t wrap them in cotton wool. You can never make anything completely safe.’

But if Adam Laurie and Chris Sumner are right, then the risks of social networking extend far beyond a few embarrassing photos.

In particular, be careful who your ‘friends’ are; they could turn out to be your worst enemies.

original article here

Complete Privacy Does NOT Exist

Arguing that technology has ensured that "complete privacy does not exist," Google contends that a Pennsylvania family has no legal grounds to sue the search giant for publishing photos of their home on its popular "Street View" mapping feature.

Responding to an invasion of privacy lawsuit filed by Aaron and Christine Boring, Google has countered that the couple "live in a residential community in the twenty-first-century United States, where every step upon private property is not deemed by law to be an actionable trespass."

In a motion to dismiss the Borings's federal complaint, Google's six-lawyer team asserts that,

"Today's satellite-image technology means that even in today's desert, complete privacy does not exist. In any event, Plaintiffs live far from the desert and are far from hermits."

An excerpt from Google's U.S. District Court motion can be found below. The company asserts that the images of the Borings's Pittsburgh-area residence were "unremarkable photos of the exterior of their home," and were taken during a "brief entry upon their driveway."

In their lawsuit, the Borings charged that a Google vehicle -- outfitted with a panoramic camera on its roof -- drove down a private road to take images of their Oakridge Lane home.

In its dismissal motion, Google noted that it intends to prove that there was "no clearly marked 'Private Road' sign at the beginning" of the Borings's street. Google removed its "Street View" photos of the Boring residence and swimming pool after the couple filed its lawsuit in April.

READ THE REST HERE

A Fine Line Between Stalking and Searching

by Andrea Bartz and Brenna Ehrlich

This week, we pulled the cotton from our ears and emerged from our dark caves of seclusion to open this column up to user-submitted questions.

Some submissions were inanely obvious (no, don't tweet that picture of your boss, I don't care if he told you about his chinchilla fetish at happy hour the other week), some were boring beyond belief, and, many, oddly, were just plain stalkerish. But not in the way you might think.

In the past, we've covered the topic of how to deal with online stalkers when the attention is unwanted. But more and more, as gaining access to anyone on this rapidly rotting Earth of ours is easier than ever, we Web denizens are wondering: Does using the Internet to check someone out make me a stalker?

Chances are, probably not. Read on for a couple of queries on this issue:

"When I was waiting for the bus the other day, I evaluated the attractiveness of all the people at the stop; there was one obvious winner. Then the seat next to him was the only seat open. Upon sitting down, he immediately engaged me in very adorable and flirty conversation. We exchanged names and we both talked about what we were studying at school, but I didn't have an opportunity to give him my number.

"Anyway, with his name and major, I was able to find him after only 30 seconds of Googling. I want to contact him but I'm not sure how. Especially because it would be like, 'Hey, I stalked you a tiny bit to find your full name.' My question is: What's the appropriate (read as LEAST CREEPY) way to contact this person and what should I say in a message?" - Creepy Crushing in Chicago

I'm going ahead and assume (for the sake of brevity) that you are not an insane stalkery-type person who collects the hair and toenails of her crushes, which she then uses to construct elaborate shrines to their beautiful (soon-to-be-departed) souls. If you are such a person, please cease reading, and, uh, please don't hurt me.

Moving on: It seems like in your case, you don't have that many degrees of separation between you and your bus boy. You attend the same school, take public transportation (i.e. you're poor) and are not, in fact, Luddites. In this case, I say: Be bold. You found him on Google, you say? If you found his Facebook profile (and not some old swim-meet records from middle school), go ahead and send him a brief message ("Hope your meeting on the downtown campus went off without a hitch!") and a friend request.

Such a method is nice and private -- tweeting "Hey! You're freaking hot" might be a little embarrassing -- and if he doesn't respond, you can always chalk it up to the fact that Facebook is cutting down on notification e-mails. Our lives are public nowadays, and if homeboy didn't want to be found, well, then he could always limit his visibility on the site.

(If his profile is indeed hidden but you tracked down his e-mail address, follow a similar tack. Unless, that is, his e-mail address was hidden on page 38 of Google results at the end of an article he wrote freshman year about the campus parade-and-circus club. In that case, give up.)

Furthermore, it's not like the phenomenon of searching out star-crossed potential lovers is anything new (that's what Missed Connections et al are for), so we're guessing your dude will be flattered at the very least that you sought him out. And hey, maybe now you can meet up and compare hair-and-toenail shrines.

"Through some Facebook stalking, I recently discovered my ex had gotten married. (We're no longer FB friends). Although that was a shock for sure, the real heartbreaker was that all my friends (who are still FB friends with her) didn't disclose any of this information to me. ... Not even the engagement! How do I tell them they're backstabbers without admitting I'm a stalker?" - Backstabbed in BK

First of all, Backstabbed, it doesn't really seem like you have been, in fact, backstabbed. You're not Facebook friends with your ex anymore, you say? If you refer to our column on how to deal with breakups online, we recommend unfriending exes after particularly painful breakups, which is exactly what you have done (congrats on your reading-comprehension skills). The fact that you unfriended this girl indicates you don't want her in your life -- and don't want your life in hers -- so we can see why your friends didn't call you immediately after she decided to tie the knot. Still, we get that this is information you would rather get from a friendly face than from a half-sloshed night of Facebook stalking, sandwiched between, "Oh, Laurie has a new baby. ... It's hideous!" and "Joel went to prison again." If you want to call up your pals and -- rationally -- explain that you would rather they not hide your ex's huge life moments from your sensitive (yet manly) gaze, go ahead and do it. Just explain that you were idly clicking through Facebook after a few too many mojitos and decided to check up on a few of your exes. Your friends will understand, because they are likely stalking their exes as we speak. Stalking exes on Facebook is basically akin to a distasteful bodily function: We all do it, but no one goes around bragging about it in mixed company.

original article found here

Arrested for Cyberstalking His Ex

by Bob Byrne

(Pennsylvania, USA) Police have charged Anthony Ciccarone with three counts related to alleged cyberstalking after an investigation spurred by complaints from his ex-wife.

According to police, the woman complained to police, alleging that her daily activities were being monitored. While investigating the complaints police say they uncovered evidence that the suspect had "made comments to others that he had been monitoring his ex-wife's activities."

Police say they had the ex-wife's computer examined for evidence and uncovered a "Web Watcher" program that works by recording all activities on a computer without the user being aware that it is there. According to a Tredyffrin Police news release the Web Watcher program also logs every key stroke, capturing emails and internet activities.

The investigation led police to get a search warrant and an arrest warrant for Anthony Ciccarone. He was arrested last week. A $7,500 cash bail was set in the case, which the defendant posted.

original article here

Private or Public Communication?

By Doug Lacombe

(CANADA) Attendees at my social media seminars often ask how to keep business and personal separate in social media.

The older they are, the more likely that question comes up. It's generational angst on the death of privacy. They seem unaware that privacy is virtually dead already.

The only privacy filter you can trust is the one in your head. If you don't want something on the web, on the news or spread around the office, don't say or share it. No amount of reassurance will convince me Facebook or any other social network has the privacy settings right. As a result, I assume everything I say and do on the Internet is on the public record.

This collision of the private and public is causing some consternation in the workplace.

The International Bar Association (ibamedialaw.wordpress.com) recently blogged: "Experts have stated that 'the intersection of social media and the office is a potential minefield," creating numerous possibilities for a wide variety of lawsuits. A manager 'poking' an employee on Facebook might give rise to a sexual harassment claim. Or perhaps an employer may rescind a job offer to an employee after learning via Facebook that the applicant is of a particular religion or sexual orientation."

Granted this is the litigious U.S.A. we're talking about here, but it's true in Canada, too. A little over a year ago I served as an expert witness in a case where a group of workers who harassed a co-worker, both in person and on Facebook, were fired. They claimed their communications on Facebook were private. I was able to dispel that myth, leading to the case being settled. In that case the employer prevailed, but in the absence of case law, that's increasingly uncertain.

original post here

Cyberbullying: Ain't Just Kid Stuff!

The "new mail" sound pinged and I clicked. "I would love to watch you get punched senseless. ... You are a (expletive) failure, a typical New York failure. If I ever find any of your written nonsense on MSN or Yahoo, it will probably get ugly."

The "in-real-life" bullying I endured in middle school was so bad that I used to come home in tears, wishing that I wouldn't wake up the next morning. And yet, here I am, more than a decade and a half later, dealing with a far more virulent strain: cyberbullying.

E-mails, comments, Facebook, Twitter. If there's a way to reach people electronically, there's a way to make them cry.

My haters love to focus on my physical appearance. I have body parts I didn't even know could be called hideous - "sausage fingers" and "elephant knees," for example. But it doesn't stop there. One commenter wrote: "Julia, you are a despicable person. Ugly inside and out, with ZERO redeeming qualities. ... (D)espite your best efforts to scrub it all and land a husband ... which will NEVER happen, btw."

This represents just a fraction of the hate that has been thrown my way - as well as in the direction of my friends, family, boyfriends and employers. Why? As a columnist and as a social media user, haters feel I am fair game. They do it because they can. Because I "asked for it" by sharing anything at all.

We live in a world of more than 600 million Facebook accounts, 160 million blogs, 190 million Twitter accounts. Are we all "asking" to be cyberbullied?

The White House convened its Conference on Bullying Prevention on March 10 and launched StopBullying.gov.

"This isn't an issue that makes headlines every day, but it affects every single young person in our country," President Obama told the conference.

I would amend that statement: Cyberbullying affects all people, not just the young.

Bullying spans generations: 45-year-old bullies raise children who become 13-year-old bullies who grow up to be 28-year-old bullies. And here's my "controversial" proposition: Kids aren't the only ones who should be protected from them.

Until we agree that cyberbullying is an absolutely unacceptable way to treat other people, the cycle of harassment will continue.

The government's new website defines bullying as when someone uses strength or power to harm or intimidate those who are weaker. Online dynamics are such, however, that a handful of haters can become a mob and target anyone, regardless of age, economic status or "real-world" power.

"It goes beyond name-calling," said 37-year-old A.B., a veteran blogger who has experienced the devastating effects of motivated online bullies. The hate wormed its way insidiously into her life. She posted, "What would make you stop?" Her bullies' response: "Die."

"People are like, 'Oh, don't read it,' but how can you not stand up for yourself?"

Especially when no one else is.

One of my readers, Sara, described encountering nasty comments about herself online. "It KILLED me. I was devastated. I felt it physically; I could literally feel the blood drain from my body every time I found a new one."

Following someone around on the street while screaming insults at them would be considered at the least, crazy - and at the most, criminal harassment. So why is it accepted online?

"All of us have an obligation to think about how we're treating other people," Obama said at an MTV forum in late 2010. "What we may think is funny or cute may end up being powerfully hurtful."

We must go further. Internet companies have long brushed aside complaints about often-anonymous users who engage in personal attacks. "Not our problem," seems to be their prevailing sentiment. Individuals cower behind anonymity, and because it can be difficult, time-consuming and costly to discover true identities, they remain de-facto exempt from libel and defamation laws.

Our government should step up and enact protections for citizens of all ages. A cyber police force doesn't sound like such a bad idea.

We can't force people to like someone, but we can and should ensure that they don't hurt others.

Julia Allison is a columnist, TV personality, public speaker and former Wired cover girl. Visit SocialStudiesColumn.com

original article here

Voyeurs 'Held ' After Filmed Men getting Changed at Leisure Centre

Two men have been arrested over claims they secretly recorded men getting changed at a leisure centre and then put the footage on a gay website.

Up to 28 men are believed to have been filmed in various states of undress at the FX Leisure Centre in Gateshead.

Existence of the footage only came to light when one of the men said to have been taped as he changed at the gym saw pictures of himself on a gay website.

Two men have been arrested after allegations that men getting changed at a leisure centre were secretly filmed. The footage is then said to have been posted on a gay website

The businessman contacted the club's management and police after seeing footage of himsself, according to the Daily Mirror, and two men were then arrested.

A staff member at FX Leisure Centre told the newspaper the man ‘thought it was a joke at first but then realised he had been filmed in the changing room’.

‘He went straight to the club management to complain. Some of the members are not too happy about their manhood making an unwanted guest appearance on a gay website.’

A spokesperson for Northumbria Police confirmed: ‘A 30-year-old man and a 34-year-old man were arrested on suspicion of voyeurism and have been bailed.'

Officials at the Gateshead leisure centre have declined to comment on the police investigation.

original article here

Felony Computer Misuse for Reading Wife's Email

An Internet law designed to protect the stealing of trade secrets and identities is being used to levy a felony charge against a Michigan man after he logged onto his then-wife's Gmail account and found out she was cheating.

Leon Walker, 33, of Rochester Hills, Mich., is being charged with felony computer misuse, and faces up to five years in prison after logging into the email account of now ex-wife Clara Walker on a shared laptop using her password, the Detroit Free Press reports.

He is facing a Feb. 7 trial. Leon and Clara Walker's divorce was finalized earlier this month, the Free Press reports.

Clara, who was married twice previously, was having an affair with her second husband, as Walker found in her email, according to the Free Press. The second husband had been arrested earlier for beating her in front of her young son from her first husband.

Walker was worried about more domestic violence from husband No. 2, so he handed the e-mails over to the child's father, the Free Press reports. He promptly filed an emergency motion to obtain custody.

Leon Walker, a computer technician with Oakland County, was arrested in February 2009, after Clara Walker learned he had provided the emails to her first husband.

"I was doing what I had to do," Leon Walker told the Free Press in a recent interview. He has been out on bond since shortly after his arrest. "We're talking about putting a child in danger."

Oakland County Prosecutor Jessica Cooper defended her decision to charge Walker, calling him a skilled "hacker" who downloaded the material in "a contentious way."

Electronic Privacy expert Frederick Lane told the Free Press that the case hinges in a legal grey area, and the fact that the laptop was shared may help Walker's cause.

About 45 percent of divorce cases involve some snooping -- and gathering -- of email, Facebook and other online material, Lane said. But he added that those are generally used by the warring parties for civil reasons -- not for criminal prosecution, the Free Press reports.

original article here

DON'T TAKE GOOGLE FOR GRANTED!

Instead of taking Google for granted, we need to remember that criminals get the same easy access to information we get from a capable and quick search engine.

To see what the Internet knows about you, start by going to the Google site or by using the Google toolbar. Next, either type your name in quotations or, for a more refined search, type intext: (intext with a colon) immediately followed by your name in quotes. Now type your address or phone number, and Google may turn up a church or a social group directory listing. If this doesn't surprise or outrage you, type into Google your social security number or credit card numbers. (You can also use metasearches such as Mamma.com, Dogpile.com or others)

So never put anything personal, such as your social security number on a resume, on the Internet, not even temporarily. Be careful about using the same nickname over and over - especially if you have posts on sites you'd prefer others don't see. Sites like Archive.org can have incriminating posts of yours cached for years.

And if you find such information on a cached Web page - find out how to get it removed and do so, if possible. (google cache can be PERMANENT)

ORIGINAL POST

Is Your Private Phone Number on Facebook?

Probably.

So are your friends' numbers.

If you have a friend on Facebook who has used the iPhone app version to access the site, then it's very possible that your private phone numbers - and those of lots of your and their friends - are on the site.

The reason: Facebook's "Contact Sync" feature, which synchronises your friends' Facebook profile pictures with the contacts in your phone.

Except that it doesn't do that on your phone. Oh no. Because that would be wrong, to pull the photos down from Facebook and put them on your phone. That would breach Facebook's terms of service. Update: A more recent version of the app shows that it does download "your friends' profile photos and other info from Facebook" to add to your iPhone address book.

Instead, what What Facebook's app does it that it imports all the names and phone numbers you have on your (smart)phone, uploads them to Facebook's Phonebook app (got a Facebook account? Here's your Phonebook). (Update: Rhodri Marsden says that you'll now get a big warning sign saying that the numbers are imported into Facebook. That's above.)

Pause for a moment and go and look at it. Did you know those numbers? Did you collect them? Despite the reassuring phrase there - "Facebook Phonebook displays contacts you have imported from your phone, as well as your Facebook friends" - it's absolutely not true. I know because there are numbers there which I don't have. OK, perhaps the people who own them added them; but that's not clear either. So how did they get there? Because it only takes one person to upload another person's number, and the implication is that it's going to be shared around everywhere.

Update: that's the implication of "all contacts from your device... will be sent to Facebook and be subject to Facebook's Privacy Policy". Note, not just your friends - but everyone on your device.

The implications are huge, and extremely worrying. All it takes is for someone's Facebook account to be hacked (perhaps via their phone being stolen) and lots of personal details are revealed. Or, as Craig noted in the comments, you get your phonebook record of "Steve Car" (which was for his garage mechanic) somehow linked to someone called "Steve Carlton" - who he doesn't know.

Update: Facebook says, in a statement: "Facebook never shares personally identifiable information with third parties – advertisers are only given anonymised and aggregated data." It also adds: "Facebook is a free service and something that many people find adds value to their day-to-day lives. As with any service, users do need to invest some time in order to use it properly and we encourage people to use their privacy settings to do this and to access the Help Centre for support."

Kurt von Moos, who first wrote about this earlier this year (since when Facebook has revised its privacy statement, but not altered what goes on in this way) says that there are a number of reasons to be concerned. As he puts it:

"1) Facebook doesn't warn users that they are uploading their phone's adress book to Facebook. In fact, because Facebook doesn't sync contact numbers or email addresses TO your phone, most users wrongly assume that Facebook Contact Sync only syncs user pictures. In reality though, they are pumping your address book, without your consent." [Since then the Facebook app has clearly been updated with a warning.]

Facebook says you can remove your mobile contacts, but it's not clear that that will remove your mobile if someone else uploads it.

von Moos continues:

"2) Phone numbers are private and valuable. Most people who have entrusted you with their phone numbers assume you will keep them private and safe. If you were to ask your friends, family or co-workers if they are ok with you uploading their private phone numbers to be cross-referenced with other Facebook users, how many of them do you think would be ok with it?"

He also points to even more egregious problems: (a) can you be sure how Facebook, or its advertisers or partners or whatever it becomes down the line, will use that data? (b) why is it that Facebook takes all your mobile numbers, rather than matching names of contacts with names of friends? (c) sometimes, it gets the matches wrong - and incorrect (or faked) data that people have given to Facebook as their "contact" details (such as hotels or businesses) gets linked as being a "friend", or the lack of an international dialling prefix messes up the match, and means again that someone who you don't know is identified as a "friend" or contact.

von Moos concludes: "There are some contacts and phone numbers who's privacy I simply refuse to risk on the Web. Facebook has taken and continues to take liberties on behalf of their users. Their perception of privacy and their users perception of privacy is often very different. I don't think this is maliciousness on Facebook's part, but it does show me that Facebook is painfully out of touch with the needs and beliefs of their CORE users, who are still wary of the openness that a Web 2.0 lifestyle entails."

It's not clear whether the official Facebook for Android app does the same. We'd be interested to hear from you if you've noticed this with the app. Update: people in the comments seem to be saying that it does.

So - beware: Facebook quite probably has your details. More of them, in fact, than you might have thought.

SEE PHONE NUMBERS ON FACEBOOK!

original article here