Why are you still at Facebook?


why do you affect me? why do you affect me still?
why do you hinder me? why do you hinder me still?
why do you unnerve? why do you unnerve me still?
why do you trigger me? why do you trigger me still?
From Can’t Not by Alanis Morissette

This week was the occasion for yet another Facebook attack on their users sufficiently egregious to stir me out of my summer hiatus. Or was that my extended spring hiatus? Regardless of my obvious neglect of this weblog, I just couldn’t let this one pass. Basically the facts, as reported by Graham Cluley at the nakedsecurity blog, are these.

Back in April, Facebook quietly announced that it would be giving users @facebook.com email addresses so that they matched their public username (used as the URL for users’ profile pages).

However, the social network didn’t make clear that it would also be making the @facebook.com email addresses the default address displayed to your online friends.

Clearly this all part of the site’s plan to get more people using the @facebook.com email addresses, thus making the social network even harder to extricate yourself from.

As we described extensively in our examination of the Facebook messaging system, the @facebook.com email addresses are likely to prove attractive targets for spammers hawking goods and malicious links.

Facebook will have to implement effective filtering mechanisms to prevent fraudsters from exploiting users with spam, scams and phishing attacks as a result of this opening up of the network’s messaging system.

My guess is that it won’t be long at all before we see criminals abusing @facebook.com email addresses for their own nefarious reasons.

Well that was just the beginning of this debacle. Turns out we didn’t have to wait for criminals to start abusing those dandy new (and mostly unwanted) email addresses because Facebook’s unbridled lust for every scrap of personal information they could steal from their users caused a really nasty side effect. The facts surrounding this (presumably) unintended consequence, as reported by Help Net Security, are these.

If you thought that Facebook’s recent unannounced change of its users’ email address tied with their account to Facebook ones was bad, you’ll be livid if you check your mobile phone contacts and discover that the change has deleted the email addresses of many of your friends and acquaintances.

According to Facebook, the glitch was due to a bug in its application-programming interface, and makes the last added email address be pulled and added to the user’s phone Contacts.

The company says they are working hard at fixing the problem, but in the meantime, a lot of users have effectively lost some of the information stored on their devices.

And Violet Blue over at CNet News wrote this.

An alarming number of people are reporting that the new e-mail address Facebook forced on users this week is changing their address books while intercepting and losing unknown amounts of e-mail.

Facebook users say contacts’ e-mail addresses on phones and personal devices have been altered without their consent — and their e-mail communication is being redirected elsewhere, and lost.

One very angry user is Adobe employee Rachel Luxemburg.

On her personal blog she writes,

 Today, a co-worker discovered that his contact info for me had been silently updated to overwrite my work e-mail address with my Facebook e-mail address. He discovered this only after sending work e-mails to the wrong address.

And even worse, the e-mails are not actually in my Facebook messages. I checked.

They’ve vanished into the ether.

For all I know, I could be missing a lot more e-mails from friends, colleagues, or family members, and never even know it.
As Luxemburg explains, this disaster is happening despite the fact that, like many others, she rushed to replace the @Facebook e-mail with their correct e-mail address once they’d found out about Facebook’s change.

When Facebook forced its hundreds of millions of users into an @facebook account, commenters across the Internet talked about alterations that had begun in their contacts and address books outside Facebook — valid e-mail addresses were being changed for @Facebook without people’s awareness or consent on their phones and computers.

So if I’m a lawyer (which I’m not, but let’s pretend) right about now I’m thinking Class Action Lawsuit, Booyah! If I’m a corporate IT guy (which I’m not – but I know quite a few of them) right now I’m thinking Holy BYOD [Bring Your Own Device] Batman! I think I’ll re-route the help-desk to those frickin’ brain donors at Facebook! And if I’m a security guy and recovering Facebookie (which I am), right about now I’m thinking Why in the name of all that is sacred is anyone putting up with this crap?

Seriously folks, things were bad enough at Facebook when I dumped them last year and wrote about it, and I’ve been kept busy by the rascals since then with this piece about Facebook’s way-too-cozy relationship with law enforcement and this post about a micro-lending start-up using Facebook “friends” as credit references. Look, I get it – Facebook gives you the illusion of being connected with long lost friends and family. And that’s not altogether terrible. But don’t kid yourself, it’s still an illusion and if you really cared to “be connected” with those people you would call them or send personal emails to them. For goodness sake, think about what you are giving up to have this virtual (read phony) social life: not only your personal information but now your personal correspondence too. What’s next? A webcam feed to Facebook from your bedroom? Or better yet, try explaining to your boss how you missed that big order because it went to your @facebook.com account which you didn’t even know you had. But Facebook did and I’ll bet they’ll be happy to sell it back to you.