23 Jan 2012

Why Facebook Is Never Safe

By Adam Brereton
Want to know what a hacker, developer, activist and former Wikileaks wonk thinks about Facebook, the internet, and the future of computing? Read Adam Brereton's interview with Jacob Appelbaum

Hacker, former Wikileaks volunteer, Tor developer and activist Jacob Appelbaum has been in Australia to attend the LCA open-source software conference in Ballarat. He also spoke at Saturday's "War on the Internet" forum co-organised by the Greens and Electronic Frontiers Australia. New Matilda spoke to him after the forum about surveillance, online security and digital optimism. Watch out for Adam Brereton's analysis of the event soon. Here's what Appelbaum had to say:

How to use Facebook safely
Here's the easy solution: don't fucking surveil yourself! If you want to stay safe on Facebook, the answer is, you should not use it, and don't tag people! There are benefits of using it, there are tradeoffs, but in the long run I think it's going to be pretty bad that you gave a bunch of capitalists all your private information where the US government asserts and has the right to read it without a warrant and with the ability to gag the corporate.

What's the greatest database of Jews on the planet? Facebook. What will happen when you want the biggest database of leftists on the planet? Or right wing people? That's really, really scary, so one way to not be part of that dataset is to not put yourself in it voluntarily, and to chastise people who only hang out with you to tag you in facebook as a sort of conspicuous consumption of the 21st Century say: "Hey, if that's all you get out of our friendship then go fuck yourself!"

There's an important distinction, this idea of privacy by policy and privacy by design. Privacy by policy is the idea that there is a policy that is like the law. But policy doesn't really matter because someone can say they're not going to log, but then they do log. They say they're not going to give the log data out but someone will copy it, or maybe they'll sell it.

One way to deal with that is to make that data useless. So let's say you use a site like Twitter — let's say @asher_wolf, I hear there's a subpoena for her Twitter data — so let's say hypothetically there's a Twitter legal case about that. One thing you can do is to make that metadata, which they say isn't protected is to make it worthless. Using a system like Tor when you log into Twitter means that all Twitter gets is IP addresses of Tor routers and they no longer get something that's valuable. They reason they want that data is to target people and put it into surveillance databases to learn information about you, or to learn where it is in a geolocation sense. So making sure that data is worthless is a fantastic way to slap back at that — you don't need a warrant for that? There you go, it's of no use to you.

I was once at Facebook headquarters at Palo Alto, and I saw on one of the network engineer's tables a Narus pamphlet. Narus is the company that did interception with the NSA and AT&T in the US. Those two companies and Narus did the analysis of the illegal wiretapping of the entire American population's phone calls and data travelling through AT&T data centres. Facebook's looking at the same solution. It should give you some idea about what Facebook is.

Government attitudes towards computing
If a government requires you to download a document, they should make sure there's a freely available solution and a freely available platform that can run that solution. For example, if they make you download a .pdf, they shouldn't endorse Adobe. They should make sure there are .pdf readers and writers that support what they need you to do with that document — and they should fund development of that software, the same way they would put in a wheelchair ramp. The same way we have accessibility when it comes to the physical world, they should provide some public services while you're involved. People need to be humans.

The same should go for computers. We should make sure it's open and accessible and that we don't have to make compromises that involve giant corporations selling non-free software.

They should also regulate to ensure network neutrality. When a corporation profits from the NBN here they have a duty of care to ensure a basic minimum service — for example, no asymmetric data rates. If you get 10 megabits up and 10 megabits down and that's too constraining you ask for more — it needs to scale out accordingly — and we shouldn't artificially constrain that by making people consumers and giving them lots of bandwidth for downloading, and less for speaking. It's a restriction of speech to have the rate limited. It's not a psychological limit — it just shouldn't be there.

It's crazy to me that in the early 21st century there are places that have gigabit internet connections or 100mbit connections, and regular everyday people in developed countries end up with connections way slower than that. They need to buy a server in a data centre to use the internet effectively — but they don't know how to do that. So the government can incentivise that with positive regulation. They already did it with roads for the car industry, why don't they do it with the internet for everyday people, all the time?

We see that kind of positive incentivisation, but we also need safety. For example in Canada, before you put up a camera you have to do a privacy assessment. There's lots of comment, free debate, and the goal is to increase liberty, increase free speech. We should see the same goal with the internet. Transparency and accountability are extremely important, and if authority is abused, heads should roll — not literally, hopefully. They key is to build in accountability whenever you increase the size of any agency of government.

The coming war on general computing
Blogger and activist Cory Doctorow has recently argued that the battle against regressive copyright laws like SOPA and PIPA is an opening salvo in what will become a broader war on "general computing" the ability of ordinary people to retain control over their own computers, instead of having them become single-use products illegal to modify or look inside. One solution is "free" or "open source" software developed by the community, where the source code is freely available.

I think open source and open hardware or "free" software — for freedom — there is a future for that. It's a really positive future. It gives us the ability to maintain general computing. There will be devices that are locked down. Hopefully the law will set it up so this stuff isn't illegal, and rather, when you buy a thing it's yours. I'm a believer by having free software and hardware — especially when you find an economic way to support it — it'll be a real thing that will really help people. Cory has made some really good points about it I think. It's important to keep in mind it isn't going to happen automatically. Free software happens because people write it, free hardware comes because people build it. But there will always be an Apple who takes from that base without returning a totally free product.

It's probably the case that if we don't have positive legislation we'll end up with a lot of computers in cars that can drive, that we won't have any control over. That's really scary when you consider that computers that can drive can kill people and if they're hacked, we can't detect that, and people with that privilege will be able to do things regular people can't — a lot of lockouts, a lot of monopolies. A lot of the battles we've already fought are happening again. Cory's point is really important, but I don't think we're doomed. We have alternatives but we just need to use them. I think it'll be great when people actually use free software. It doesn't mean we're more secure, but we can change things, repurpose them and hopefully know if we're being spied on.

Why we should reject pessimism
Look how many people came out to ask questions and to talk [at the War on the Internet forum], and look at how many people aren't afraid to freely associate with me. The good Honourable Senator Ludlam wrote me a letter. Am I going to get a glove up my ass when I go back to America? I hope not. But we have to live our lives knowing that it's not great but it could be better.

There's a sort of "double consciousness" — how will I look, and how will other people perceive me — the double consciousness women have. Surveillance creates in people a double consciousness too — how do I look, and how will the surveillance masters reading these log files perceive me. It's good that everyday white men get that. Because half the population of the planet has had that for a long time.

I feel like in both of those cases I'm living a life where I'm feel like I'm doing the right thing. The reason I have those liberties today is that I have responsibilities too — other people people fought to keep them, or didn't have them, and expanded them. That's why a Jewish atheist can freely travel the world without being fucking murdered. That's crazy! Really! When you think about it in the context of the last 150 years of history, I wouldn't be able to go to the university where I work now. The world really is getting better even though there are things that aren't fantastic about it. And the way it gets better is by free people ensuring that freedom — it sounds cheesy — endures and improves.

HB Gary was the security company responsible for producing with Palantir and other firms a presentation entitled "The Wikileaks Threat" that set out strategies to discredit and smear Wikileaks and Julian Assange.

I think that actions that hacking groups take in themselves are neither constructive nor destructive. Learning to do SQL injections, you can do that for good or for evil, so to speak. I think what Lulzsec and Anonymous before them have done, depending on how you look at it, might be good. In a lot of cases I think that it is good. When Anonymous for example, releases information that is beneficial to the public — for example when HB Gary was owned, and we learned about the Palantir/HB Gary conspiracy which included me, and that whole diagram about how to discredit groups and attacking people — it's hard for me to say that's bad.

In fact that's good, because when the military-industrial complex is talking about spying, and is in fact working on undercover operations like that, that's some shit you shouldn't see in a democracy. That doesn't mean that everything is great or any action a group takes is positive. But it's important to note that just because they got that information by hacking it doesn't discredit the value of the information. Just like the Citizens' Commission to Investigate the FBI. Because of them breaking into an FBI office we learned about the entire COINTELPRO programme which involved the FBI telling Martin Luther King Jr to try and kill himself. Yeah, they committed a breaking and entering action, but they exposed some of the greatest subterfuge that had taken place ever in the 20th century, from before WWII until the 70s.

So one break in — it's not the greatest thing — but it's the lesser of a very big evil that exists there. I think we can't just look at an action and dismiss it considering there's a principled reason for doing it and a principled outcome. So it's really important to judge these things individually.

In the case of HB Gary we saw in the Palantir presentation he was willing to target journalists and rob them of their means of earning a living in order to force a political outcome. What do I think of [then CEO of HB Gary] Aaron Barr? He's never called me or given me an apology. And while I don't take that personally I think it's important to note the reason is that he wouldn't stand a chance in a discussion where he talks about targeting me, an American citizen and saying I'm fair game — a member of Al Qaeda or a terrorist. There are good people who work at HB Gary — both principled and smart guys — the thing is that they use those capabilities not necessarily for the best of intentions.

People can change. Maybe Aaron Barr will too. But that doesn't change the fact that he was a total scumbag piece of shit working on bullshit stuff that shouldn't happen in a free society and that he never apologised to the people he suggested should be targeted. The CEO of Palantir never called me to apologise but did call someone like [Salon journalist] Glenn Greenwald. Why's that? Because I'm a legitimate target in their minds. Well fuck him! I'm glad Anonymous targets them. And they should. Because they're legitimate targets, because their war is for money, over things we've actually lost lives for.

Log in or register to post comments

Discuss this article

To control your subscriptions to discussions you participate in go to your Account Settings preferences and click the Subscriptions tab.

Enter your comments here

Dr Dog
Posted Monday, January 23, 2012 - 14:52

Pretty interesting Adam. I look forward to the day computers become a single use item, as I only ever use mine to do this.

Could you please tell Mr Applbaum that swearing is neither clever nor funny. Or so my fucking mum says.

Posted Tuesday, January 24, 2012 - 17:03

There is no way to use Facebook safely, once you have joined you are there for life. If you leave Facebook or deactivate your account they still have all your details on record. Now you know why there is so much cyber bulying going on.
The only safe way is DON"T USE IT.

Posted Friday, January 27, 2012 - 12:00

I liked these ideas:
-Transparency and accountability are extremely important,
and if authority is abused, heads should roll.
-Policy which is designed to fail is a crime against intent.
-a non-violent crime like hacking,
when performed to obtain info on abuses of power,
is on balance in the (net) public interest.

Posted Tuesday, January 31, 2012 - 14:57

Dr Dog,
d'accord, goodonya Mum and great to hear you've got a life. For many years I thought Facebook was some sort of women's powder compact.

Posted Tuesday, February 14, 2012 - 03:37

I don't want to give up using Facebook and other social sites despite the downsides, but it has to be clear that the main problem with Facebook stems from the government's desire to control everything and access this data to achieve their own ends. Despite corporations being desperate to access private information about people who click their ads or like their Facebook page, it's in Facebook's interest to hoard this data. So regardless of whether or not advertisers use Facebook ads or the types of third-party companies listed at <a href="http://www.facebookfansreviews.com">FacebookFansReviews</a> to promote their pages, there's no way for companies to get personally identifiable data about their customers - Facebook has made sure of this. The issue is that for law-enforcement or other purposes, the government is allegedly able to data-mine information and get private information without a court order. That to me is the biggest issue to be concerned about here over anything else and I think that this aspect of it isn't being reported enough. In general, most normal privacy issues on Facebook stem from people failing to use the privacy settings, posting their personal info online and posting those pictures of them drunk at some party, and then being mad when a potential employer saw this. I don't have much sympathy for people hoisted by their own petard. There's a moral difference between something like that and somebody getting their personal data posted online by others say in an Anonymous leak or on Dirtyphonebook for instance. The few other legitimate privacy issues on Facebook are relatively minor in nature - although it is a bit troubling that there are so many Apps on Facebook that request many more permissions than they need to actually run the App and will, over time, cause people to use it less. I guess Facebook is distracted by their IPO because this is something that is devaluing their brand IMO.