Category: Culture

Facebook’s History of Spying

Post author By Ryan Neudorf
Post date October 7, 2015
No Comments on Facebook’s History of Spying

Reading Wikipedia this morning, I came across an interesting tidbit from the days when facebook was still thefacebook.com. As seen in The Social Network, after launching the site Mark Zuckerberg was under investigation for potentially stealing the idea from the Winklevoss brothers.

Not covered in the movie though, while this investigation was going on Zuckerberg did a little investigating of his own, by accessing the email accounts of the investigators:

Zuckerberg knew about the investigation so he used TheFacebook.com to find members in the site who identified themselves as members of the Crimson. He examined a history of failed logins to see if any of the Crimson members have ever entered an incorrect password into TheFacebook.com. In the cases in which they had failed to login, Mark tried to use them to access the Crimson members’ Harvard email accounts, and he was successful in accessing two of them. In the end, three Crimson members filed a lawsuit against Zuckerberg which was later settled.

~ The History of Facebook, Wikipedia

The way I read this, thefacebook.com was logging failed passwords! Meaning, when you entered an incorrect password on thefacebook.com’s login page, the website would save the text you entered. Obviously websites have to have a record of your password in order to authenticate you. Passwords are normally encrypted in such a way that developers cannot access the password. The wikipedia article doesn’t say whether or not regular passwords were encrypted.

However, if you were intending to use a website you created to log into email accounts of the site’s users, collecting passwords that failed would give you more passwords to try when logging in to those user’s third party email accounts.

Zuckerberg was caught breaking in to 2 accounts, but one has to wonder how many other accounts he broke in to. Remember, in 2004 (prior to gmail), email accounts did not have 2-factor authentication, they did not detect suspicious login activity, they did not have the security features we’ve come to take for granted. Anybody could log into any body else’s email accounts undetected.

Password security is the most basic of implicit trust between a website and its users. A site that is logging passwords and password attempts cannot be trusted, period.

Who knows if or how the culture at Facebook has changed. Nevertheless, if the company’s CEO was willing to exploit users for personal gain in the early days, what sort of things are they willing to do when governments or other powerful entities pressure them?

Tags facebook

Culture

Ads Don’t Work

There has been a lot of hub bub on the internets today about web ad/tracker/content blocking. It seems that 36hrs of full on iOS9 content blocking was enough to cause every single ad-supported publication to collectively loss their shit. Imagine how abysmal ad numbers must have been for Marco Arment to pull his highly successful iOS9 content blocker.

I started blocking ads over a month ago (based largely on Marco’s advice) and I’m not going back!

I don’t feel bad about it.

Banner ads do not work.
Showing me ads for a product I just bought on amazon… on every website… for the next month… is a dumb waste of everyone’s bandwidth, resources and money; Nobody has clicked on a banner ad in at least 10 years, at least not by choice; And haven’t publishers been complaining about not making any money off of banner ads since the beginning of internet time?

Make up your mind publishers. Are you making any money off shitty low-quality, data stealing, phone crashing ads? Or are ad blockers THE END OF THE INTERNET AS WE KNOW IT?! OMG!1!1!11

Do you know what works?

Native advertising. (except native advertising is generally bad)
Getting content consumers to pay for stuff.

That’s right, I am suggesting that people would pay for ad free web experiences. Why not have an ad-free version for a small monthly payment? It’s worked for services like Livejournal, Flickr, Reddit, for years.

I am surprised that in 2015 we still haven’t cracked the micropayment promise of 2005. The promise of a world where sites load unencumbered by 33 javascript includes, where publishers make decent money without selling out their readers. Hell, in a world where I pay $8 to Netflix, instead of $70+ to a cable provider for video entertainment. I have a few extra dollars to spend on the sites I value the most.

*shrug*

Tags internet

Culture Review

astsu: why Mr Robot is the most tech-savvy show ever

Post author By Ryan Neudorf
Post date August 18, 2015
No Comments on astsu: why Mr Robot is the most tech-savvy show ever

I finally watched the pilot episode of Mr Robot and I was totally blown away by the way the handle the hacking aspects of the show. If you haven’t seen the show, the main character is a professional security engineer by day and a “cyber vigilante” at night. It’s great!

Every aspect of the way Elliot – protagonist – goes about his job is completely believable and authentic, from: social engineering techniques, password cracking, right down to the command line.

As an example of the authenticity + poetic license = tech-savviness, throughout the pilot the Elliot uses a command: astsu.

astsu is not a real linux command and it’s not totally clear what it does. However, the way that he uses it feels totally legit. He doesn’t use it when other commands would do the job (like a sloppy writer might have him do) and the arguments he passes to it look about right for something vaguely network/security related. We can assume that this command is code that he’s written himself. The command is basically a plot device for the nerds that will notice this sort of thing.

The fact that writers/producers/whoever demonstrate an incredible attention to detail and authenticity. I’m definitely going to continue watching

Oh, the soundtrack is perfect too.

Tags mr robot, tv

Culture

Today I Block Ads

Marco Arment just published a post on The ethics of modern web ad-blocking.

His opening position is pretty similar to my own, I’ve been a long time advocate of not blocking ads. In the past, I have also put food on the table via ad revenue. Until today, I have been morally opposed to blocking ads has until today.

However…

Nobody could blame the users of yesteryear for killing pop-up ad rates, and nobody should blame the users of 2015 for blocking abusive, intrusive, misleading, and privacy-stealing ads and trackers, even if it’s inconvenient for publishers and web developers.

PS. Ghostery is great!

Tags ads

Culture Review

Back in the RSSR

My reddit account just turned 8 this year, in that time the more I visited reddit, the less I checked RSS feeds. To the point where I completely stopped reading them after Google killed reader. Reddit was where I got all my news and that was fine.

But over the years – I don’t know if it’s reddit that’s changed, if it’s me or a combination – I’ve started using reddit less for pure news and more for pure diversion, cat gifs and memes. When I do end up reading news, I usually just read the headline and skim the comments for someone’s summary or an interesting discussion point.

As I thought about this more, I realized that I have not been reading much, period. This is a bad thing.

For the past month or so I’ve been trying hard to get back into the habit of reading RSS feeds and it’s going fairly well.

Ironically, my reader of choice is the new(ish) digg.com, the site I quickly abandoned when I made a reddit account 8 years ago. The new Digg reader is quite good. It does three pretty interesting and useful things. (1) It mimic’s Google’s old reader fairly well; (2) It has a popularity feature that shows you the most popular posts from the feeds you follow – handy for a quick read; (3) “Digg Deeper” scans your Twitter feed and exposes popular links from the people you follow (not dissimilar to something I built for myself when Twitter first launched [relevant]).

Tags digg, reddit