Some App Developers Had Access to Facebook Users’ Data Through the Platform’s Groups

Earlier this month, Facebook admitted that about 100 application developers still had access to Facebook user data, specifically those in Groups on the platform. The news comes as a surprise considering how Facebook took measures to restrict access to sensitive data in April 2018 after the Cambridge Analytica scandal. At the time, Facebook’s newly enforced rules limited third party access to users’ personal data – such as names and profile pictures – and instead allowed access to Group content.

Even after nearly a year and a half later, Facebook still has issues with controlling how much access third parties have. A post published by Facebook director Konstantinos Papamiltiadis stated that the platform’s implemented rules in 2018 were inconsistently carried out, allowing developers to collect personal information from users. Those 100 application developers have now been restricted from doing so. 

Facebook’s director stated that 11 developers had access to user’s data in the last 60 days but had not used the data in any unethical practices. Facebook is now requesting that all data collected by those developers be deleted. Papamiltiadis did not specify what personal data they had access to, however, he did state that the developer apps consisted mainly of “social media management [tools] and video streaming app[lications]…”

Cybercrime Groups Still Operate Over Facebook Platform

Cisco’s Talos threat intelligence researchers have identified an ongoing cybersecurity problem that looms within Facebook: dozens of groups created to trade and purchase spamming and phishing services.

The groups have been noted as partaking in “shady (at best) and illegal (at worst) activities,” using easily identifiable and locatable names such as “Spammer & Hacker Professional” or “Facebook hack (Phishing)” and yet remained up and active without intervention from Facebook itself.

Researchers at Cisco have found approximately 74 groups that partook in cybercriminal activities such as selling stolen login and account credentials and banking information. Others would sell tools for email spamming. The groups had amassed around 385,000 members in total and were easy to search for through simple keyword phrases like “spam” and “carding” when one looked into Facebook group search.

Cisco’s Talos team had notified Facebook about the hacker groups through abuse reporting, to which Facebook had responded by removing a few of the groups while keeping others up and only removing some posts deemed as a violation of policy. After the Talos researchers spoke directly with Facebook’s security team, the groups were taken down, but the issue of cybercrime on the social media site still remains a prevalent problem as new groups always seem to emerge.

Such activity isn’t new to the Facebook community. Groups like these have been operating for years on the social media platform. Brian Krebs from KrebsonSecurity had found 120 cybercrime groups back in 2018, for example, notifying Facebook in order to have the groups removed.

A spokesperson told The Verge that “[Facebook] know[s] [it] needs to be more vigilant and [they’re] investing heavily to fight this type of activity.”

540 Million Facebook User Records Found On Public Amazon Storage Server

UpGuard security firm researchers have discovered an unpleasant surprise: millions of Facebook user records were found exposed publicly on an Amazon S3 storage server without a password to protect the data.

Two third-party companies – a Mexico based media company called Cultura Colectiva and an app developer At The Pool – had left user records available for public access. User record data such as comments, likes, reactions, and account names were all stored onto the servers. At The Pool stored sensitive information from approximately 22,000 users and included data such as photos, check-ins, and friends lists.  

UpGuard had not received a reply from Cultura Colectiva after warning them about the public server data back in January. After reaching out to Amazon as well, the security firm was yet again met with indifference as no one had taken action to resolve the issue. After Bloomberg’s reporting on April 3rd, the database was then secured.

A Facebook representative commented on the matter, explaining how “Facebook’s policies prohibit storing Facebook information in a public database. Once alerted to the issue, we worked with Amazon to take down the databases.” Spokespeople from the company also commented on how Facebook was not aware of the issue until the UpGuard team had brought it to their attention.

Both third-party companies had collected and stored the data in the past when Facebook was more lenient on data gathered by outside applications. However, after the Cambridge Analytica scandal, Facebook set tighter restrictions on what developers may access in regards to user data.

As of now, it is unclear on whether the data on the open storage servers were accessed by malicious actors who could potentially use it to their advantage in marketing or fraudulent schemes.

Is the “10-Year Challenge” a Ploy for Facebook to Use Their Facial Recognition Software?

The “10-Year Challenge” is the new trend taking social media by storm. Essentially, the challenge involves a user posting their first profile picture and comparing it with their most recently uploaded 2019 profile photo. There are have been over 5.2 million submissions of photos using the trend’s respective hashtags on social media platforms like Instagram, Snapchat, and Facebook.

This challenge has caused quite the reaction out of social media users. Kate O’Neill–a writer for Wired–wrote an op-ed piece on the reasoning behind this challenge, commenting on how Facebook could be harvesting data for their facial recognition technology in order to track how people age and what they would look like when they get older. O’Neill continued to explain how having people participate in the “10-Year Challenge” may help Facebook identify who you are, since many do not post their photos in chronological order. Users, however, have argued that since Facebook already has access to personal photos that dates to 10+ years, there wouldn’t be any real need to collect data through this challenge.

In response to such claims, Facebook has outwardly denied having any part in creating this challenge. They insist that they gain nothing from this meme going viral. Even though Facebook does have facial recognition technology, users have the option to turn it off or on for one’s convenience.

Facebook has been involved with facial recognition for a while. They have technology to recognize who is tagged in photos. Whether or not you decide to turn the option of facial recognition off or on, your photos will always be somewhere on Facebook. As food for thought, however, there is no law that prohibits Facebook from not using such technology to their advantage.

Third Party Applications Gain Access to User In-App Messages

Popular apps like Netflix and Spotify have been accessing their consumers’ private message data. The cause of this was Facebook releasing their users’ data to third-party corporations, which gave them access to their privately exchanged messages via third party application use.

In recent months, Facebook has been receiving backlash on the privacy of user data. The social media giant has received negative responses from the public for having the ability to have access to their data and has retained access to users’ information by having them log into popular apps using the Facebook login option.  

Facebook tried to preserve their reputation by claiming that people sign into its application through Spotify, so consumers could access the music application’s messaging component. This way, users have the ability to stay on the app while they are messaging.

In a statement, Facebook explains:

“Did partners get access to messages? Yes. But people had to explicitly sign in to Facebook first to use a partner’s messaging feature. Take Spotify for example. After signing in to your Facebook account in Spotify’s desktop app, you could then send and receive messages without ever leaving the app. Our API provided partners with access to the person’s messages in order to power this type of feature.”

Spotify and Netflix defended themselves by stating they were unaware that they had this type of access to user messaging data. The Times stated that three organizations–Netflix, the Royal Bank of Canada, and Spotify–could “read, write, and even delete people’s messages”.

Facebook’s former privacy chief, Alex Stamos, stated that having third parties pierce through dominant platforms is the type of ‘pro-competition’ needed.

Facebook has given third party applications extensive access to user data without letting their customers know accordingly. Users are under the impression that their messages will stay private when using social media applications.

Facebook’s New Dashboard Can Help You Manage Your Time On App

Source: TheVerge; Facebook

The well-being movement in the world of technology continues! Facebook has announced its new time management feature on its app that will now allow its users to set a time limit on how long they spend scrolling through their news feeds. With the “Daily Reminder” feature in hand, users can be notified of their daily time limit reached on the social media site.

Facebook’s update comes after Instagram’s own time management features that rolled out two weeks ago.

Ameet Ranadive, leader of Instagram’s well-being management team, explained how they “want these tools to be widely available to the whole community, and to anyone that would benefit from using them.” He further explains how “[i]t’s really important for people that use Instagram and Facebook to feel like the time that they spend with us is time well spent,” and that users feel “empowered” when making conscientious decisions about the time they put in for engaging in social media activities.

While Facebook hasn’t implemented a feature for users to block their own access to use the app like Apple’s Screen Time, there is still an advantage to the reminder notifications and usage details that allow one to control their time spent online.

This new feature can be accessed by checking the Settings & Privacy menu, where you can select “Your Time On Facebook”.

Facebook Messenger Will Allow 10 Minutes for its ‘Unsend’ Feature

Ever been in that situation where you mistakenly send a message to the wrong person? Well, fear not! Facebook Messenger has created an Unsend feature on its iOS app for the new 191.0 version.

According to notes from the app update, Messenger will soon implement the feature, giving its users 10 minutes to delete messages sent over its app, so you can rest easy knowing those messages can be resent to the right person.

The app notes are mentioned as follows:

Coming soon: Remove a message from a chat thread after it’s been sent. If you accidentally send the wrong photo, incorrect information, or message the wrong thread, you can easily correct it by removing the message within 10 minutes of sending it.”

The feature was revealed back in October as just a prototype, but is well on its way for use in the next available app update.

As of now, Facebook-owned platforms Instagram and WhatsApp both include their own Unsend feature.

How to Check If Your Facebook Data Has Been Breached

Facebook faced immense backlash as the company announced 30 million personal accounts had been compromised in its most recent data breach back in September. Users’ contact and address information were all accessed during the breach, along with other sensitive data such as a user’s 15 most recent searches.

Facebook’s Help Center can assist users in figuring out if their account was hit by the breach.

Use these steps to find out how:

  1. On the top right corner of your Facebook account, click on the “?” icon to access  Help Center. You can also click the link below:

https://www.facebook.com/help/securitynotice?ref=sec

  1. Search “security incident” in the search box above.
  2. Scroll down to the bottom of the page to see the section marked: “Is my Facebook account impacted by this security issue?”
  3. This section will provide a “yes” or “no” answer to its users. The message will also show up on users’ news feeds.

  1. If No, there is no action needed to be taken at this time.
  2. If Yes, you will be in one of these categories:
  • You’re one of the 15 million users’ whose name and phone/email has been stolen.
  • You’re one of the 14 million users’ whose account got breached with getting access to your “username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places you’ve checked into or were tagged in, website, people or Pages you follow, and the 15 most recent searches.”
  • You’re in the 1 million users whose access token got stolen, but luckily no information has been breached. 

If your data was accessed from this breach, there is no need to change your password or credit card information at this time. Furthermore, keep an eye out for scam calls and spam emails that ask for your personal information such as the login credentials for signing into your accounts. If you were in the 14 million within Group B, it’s best to call your bank or phone carrier to input a pin code to prevent hackers from essentially pretending to be you in order to access your accounts.

After such a massive data breach, should we really trust Facebook as a safe space to continue sharing with our loved ones?

 

Facebook Continues its Efforts to Go Green with Renewable Energy for Tech Operations

From Apple to Google to Facebook, numerous tech companies are pitching in their efforts to combat climate change through means of adjusting the way their day-to-day operations are run. For example, both Apple and Google had made investments in renewable energy by purchase of green energy bonds or by purchase of renewable power from wind and solar farms, all with the goal in mind to operate upon 100% green energy. In mid-June this year, even Samsung had announced its own plans to reduce its manufacturing footprint by having its global offices operate using 100% renewable energy within the next two years.

Continuing this renewable energy journey is social media giant Facebook, as the company made a recent announcement on their blog regarding their green achievements and endeavors.

As announced:

“[Facebook is] committ[ed] to reducing [their] greenhouse gas emissions by 75% and powering [their] global operations with 100% renewable energy by the end of 2020.”

Facebook had first purchased its wind power back in 2013, as the post explains, and since then, the company “had signed contracts for over 3 gigawatts of new solar and wind energy.”

As climate change has become more and more of a pressing issue, it’s great to see tech companies take part in the movement towards a better, sustainable future.

Facebook Messenger Video Chat Now Includes AR Games for Users

 

Everyday, Facebook is growing and developing new and more advanced games to keep the users entertained. The team has just come up with a multiplayer augmented reality video chat game which is similar to the snapchat’s version. You can play these games with up to six people.

TechCrunch goes into more detail about what Messenger games consist of:

“‘Don’t Smile’” is like a staring contest that detects if you grin, and then uses AR to contort your face into an exaggerated Joker’s smirk while awarding your opponent the win. “Asteroids Attack” sees you move your face around to navigate a spaceship, avoiding rocks and grabbing laser beam power-ups. Soon, Facebook also plans to launch “Beach Bump” for passing an AR ball back and forth, and a “Kitten Craze” cat matching game. To play the games, you start a video chat, hit the start button to open the filter menu, and then select one of the games. You can snap and share screenshots to your chat thread while you play.”

The games are just a great way of bypassing time while video chatting rather than playing them alone on your downtime. This could be a great bonding strategy between parents and kids who are away from each other.

Facebook has mentioned that these games have been built by itself using the AR Studio tool which launched last year to let developers create their own AR face filters.

Also, when asked if game development will be available to everyone, a  spokesperson said, “Not today, but we’ve seen successful short-session AR games developed by the creator community and are always looking out for ways to bring the best AR content to the FB family of apps.”

For now, there won’t be any advertisements, nor sponsored branding. Facebook can easily show ads between game rounds, and let brands promote themselves or let you upgrade the game and beat their friends.

How are the Facebook games different then the Snapchat games? Snapchat has been focusing on taking over your whole screen with AR, which can transport you to a disco hall or even outer space. Facebook games have been more popular and designed for split-screen multiplayer.

Over the past years, Facebook has rarely developed any of its games. It did build a few games here and there like an arcade pop-a-shot style basketball game and a soccer game to show off what the messenger instant games platform can look like in the future, but originally, the company wants outside developers to work on them.

Now, Facebook messenger is looking for ways to keep users entertained by having one-on-one utility chats, fun group chats, video calling, and gaming that can get people to spend more time on the app.