Nick Selby

Fintech Chief Security Officer. Former NYPD apparatchik. Co-author Cyber Attack Survival Manual; In Context: Understanding Police Killings o

Apr 7, 2018
Published on: Medium
2 min read

Facebook’s business model is to sell information about you to advertisers, and that is how they make their money. The rule on the Internet and in publishing is and has always been that, if you can’t understand how they make money, then you are the product. Consider that in March, 2017, Forbes estimated that Mark Zuckerberg has an estimated net worth of $59.4 billion for providing a product given to you at no cost. Someone has to pay.

Congratulations: it’s you.

In its initial public offering, Facebook said,

“We enable advertisers to engage with more than 950 million monthly active users on Facebook; 85.2% of Facebook users are outside the US and Canada or subsets of our users based on information they have chosen to share with us such as their age, location, gender, or interests. We offer advertisers a unique combination of reach, relevance, social context, and engagement to enhance the value of their ads. We generate substantially all of our revenue from advertising and from fees associated with our Payments infrastructure that enables users to purchase virtual and digital goods from our Platform developers. In the second quarter of 2012, we recorded revenue of $1,184 million…”

In doing this, Facebook depends on its Data Policy, which you agreed to when you started using the services. They are not secretive about it, and they encourage you to read it. The rule of thumb here is to assume that Facebook has access to and leverages and exploits every datum you place within its sphere.

This includes information about you and your friends and your and their locations, the computers and mobile devices you use, the software applications and content contained in those devices, and the “name of your mobile operator or ISP, browser type, language and time zone, mobile phone number and IP address.”

They are able to access and use for whatever purpose they desire the entirety of your “stack,” from hardware, to drivers and device managers, to software applications, to the very data you send and receive, including voice data.

Facebook not only shares those very details, it is designed to mine them, and has data science groups specifically tasked with finding better ways to determine your personal data.

From the New York Times:

In an academic paper published in conjunction with two university researchers, the company reported that, for one week in January 2012, it had altered the number of positive and negative posts in the news feeds of 689,003 randomly selected users to see what effect the changes had on the tone of the posts the recipients then wrote. The researchers found that moods were contagious. The people who saw more positive posts responded by writing more positive posts. Similarly, seeing more negative content prompted the viewers to be more negative in their own posts.

You, personally, have been targeted by Facebook for participation in these tasks, such as manipulation of your news feed, friend suggestions, photographic facial recognition, and, if you use the Messenger client, analysis of your private conversations — including the text you type, then delete, before hitting the “send” button (Facebook keeps all your drafts as well as your final messages).

Through these tools, Facebook knows who you are, where you live, who your friends are, your interests, political affiliations, sexual preferences, medical conditions, financial health, purchasing habits, and other crucial and intimate data about your life.

Your Internet Service Provider

A friend asked me on Facebook, “Can I possibly have understood this correctly? Internet service providers in the US are going to be allowed to share, or SELL, their clients’ location, financial information, health information, children’s information, social security numbers, web browsing history, app usage history and the content of communications without even asking their clients. And they are saying that Facebook and Google are already doing this. Can this be true? TOTALLY mind-boggling. Is it the same in Europe? How do I find who my internet service provider is? What is a VPN?”

I imagine a lot of people are asking those questions these days. Here’s a very rough overview. You’ll need to do some research.

Your Internet Service Provider is the company you pay to get online. It could be a cable company, a mobile data provider, or even (still) a dial-up provider. That company knows much of the same data that Facebook knows, but they also know all the sites you visit on the public Internet and things you search for, unless you encrypt your traffic rendering it invisible to them.

You can do this with a range of tools.

To protect their privacy and anonymity, some people use TOR, and others use a virtual private network (VPN). When properly configured, TOR encrypts and anonymizes much of your Web traffic. When properly configured, TOR can protect you generally from data surveillance, but there are significant caveats to that that require research on your part.

A VPN encrypts (but doesn’t anonymize) your traffic within a small network, outside of which people are blind to some details, but which still reveals to those (like Internet Service Providers and website managers like Facebook) details of you once your traffic is received.

When used properly, a VPN can get your traffic out of your local environment (such as a free coffee shop WiFi signal — and all privacy and security caveats about ISP monitoring apply, as well, to the owner of the WiFi signal you use to access the Internet) and “out” onto the public Internet where you enjoy a level of security by obscurity.

But the main difference is that TOR will both encrypt and anonymize your traffic, whilst a VPN will only encrypt — and only to a certain point at which you must go in the open to communicate to resources outside the confines of the virtual private network.

We describe all this in our book, Cyber Survival Manual: From Identity Theft to The Digital Apocalypse and Everything in Between. It’s by Heather Vescent, Eric Olson, Moeed Siddiqui, John Bear, and me, and published by Weldon Owen.