Facebook Compartmentalization

Facebook Compartmentalization


Kyle Rankin
Thu, 04/12/2018 – 10:06

I don’t always use Facebook, but when I do, it’s over a
compartmentalized browser over Tor.

Whenever people talk about protecting privacy on the internet, social-media sites like
Facebook inevitably come up—especially right now. It makes sense—social
networks (like Facebook) provide a platform where you can share your
personal data with your friends, and it doesn’t come as much of a surprise
to people to find out they also share that data with advertisers (it’s
how they pay the bills after all). It makes sense that Facebook uses
data you provide when you visit that site. What some people might
be surprised to know, however, is just how much. Facebook tracks them
when they aren’t using Facebook itself but just browsing around the web.

Some readers may solve the problem of Facebook tracking by saying
“just don’t use Facebook”; however, for many people, that site may be the
only way they can keep in touch with some of their friends and family members.
Although I don’t post
on Facebook much myself, I do have an account and use it to keep in
touch with certain friends. So in this article, I explain how I employ
compartmentalization principles to use Facebook without leaking too much
other information about myself.

1. Post Only Public Information

The first rule for Facebook is that, regardless of what you think your
privacy settings are, you are much better off if you treat any content
you provide there as being fully public. For one, all of those different
privacy and permission settings can become complicated, so it’s easy to
make a mistake that ends up making some of your data more public than
you’d like. Second, even with privacy settings in place, you don’t have
a strong guarantee that the data won’t be shared with people willing to
pay for it. If you treat it like a public posting ground and share
only data you want the world to know, you won’t get any surprises.

2. Give Facebook Its Own Browser

I mentioned before that Facebook also can track what you do when you
browse other sites. Have you ever noticed little Facebook “Like” icons
on other sites? Often websites will include those icons to help increase
engagement on their sites. What it also does, however, is link the fact
that you visited that site with your specific Facebook account—even
if you didn’t click “Like” or otherwise engage with the site. If you
want to reduce how much you are tracked, I recommend selecting a separate
browser that you use only for Facebook. So if you are a Firefox user, load
Facebook in Chrome. If you are a Chrome user, view Facebook in Firefox. If
you don’t want to go to the trouble of managing two different browsers,
at the very least, set up a separate Firefox profile (run firefox -P from
a terminal) that you use only for Facebook.

3. View Facebook over Tor

Many people don’t know that Facebook itself offers a .onion service that allows you
you to view Facebook over Tor. It may seem counterintuitive that a site
that wants so much of your data would also want to use an anonymizing
service, but it makes sense if you think it through. Sure, if you access
Facebook over Tor, Facebook will know it’s you that’s accessing it,
but it won’t know from where. More important, no other sites on the
internet will know you are accessing Facebook from that account, even if
they try to track via IP.

To use Facebook’s private .onion service, install the Tor Browser Bundle,
or otherwise install Tor locally, and follow the Tor documentation to
route your Facebook-only browser to its SOCKS proxy service. Then visit
https://facebookcorewwwi.onion, and only you and Facebook will know you
are hitting the site. By the way, one advantage to setting up a separate
browser that uses a SOCKS proxy instead of the Tor Browser Bundle is
that the Tor Browser Bundle attempts to be stateless, so you will have
a tougher time making the Facebook .onion address your home page.


So sure, you could decide to opt out of Facebook altogether, but if you
don’t have that luxury, I hope a few of these compartmentalization
steps will help you use Facebook in a way that doesn’t completely remove
your privacy.

Read More

Mozilla's Internet Health Report, Google's Fuchsia, Purism Development Docs and More

News briefs for April 12, 2018.

Mozilla recently published its annual Internet Health Report. Its three major concerns are:

  • “Consolidation of power over the Internet, particularly by Facebook, Google, Tencent, and Amazon.”
  • “The spread of ‘fake news,’ which the report attributes in part to the ‘broken online advertising economy’ that provides financial incentive for fraud, misinformation, and abuse.”
  • The threat to privacy posed by the poor security of the Internet of Things.

(Source: Ars Technica’s “The Internet has serious health problems, Mozilla Foundation report finds”)

Idle power on some Linux systems could drop by 10% or more with the Linux 4.17 kernel, reports Phoronix. Evidently, that’s not all that’s in the works regarding power management features: “performance of workloads where the idle loop overhead was previously significant could now see greater gains too”. See Rafael Wysocki’s “More power management updates for v4.17-rc-1” pull request.

Google’s “not-so-secret” operating system named Fuchsia that’s been in development for almost two years has attracted much speculation, but now we finally know what it is not. It’s not Linux. According to a post on xda, Google published a documentation page called “the book” that explains what Fuchsia is and isn’t. Several details still need to be filled in, but documentation will be added as things develop.

Instagram will soon allow users to download their data, including photos, videos and messages, according to a TechCrunch report: “This tool could make it much easier for users to leave Instagram and go to a competing image social network. And as long as it launches before May 25th, it will help Instagram to comply with upcoming European GDPR privacy law that requires data portability.”

Purism has started its developer docs effort in anticipation of development boards being shipped this summer. According to the post on the Purism website, “There will be technical step-by-step instructions that are suitable for both newbies and experienced Debian developers alike. The goal of the docs is to openly welcome you and light your path along the way with examples and links to external documentation.” You can see the docs here.

Read More

RHSA-2018:1119-1: Critical: flash-plugin security update

Red Hat Enterprise Linux: An update for flash-plugin is now available for Red Hat Enterprise Linux 6

Red Hat Product Security has rated this update as having a security impact of
Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2018-4932, CVE-2018-4933, CVE-2018-4934, CVE-2018-4935, CVE-2018-4936, CVE-2018-4937

Read More

RHSA-2018:1113-1: Moderate: qemu-kvm-rhev security and bug fix update

Red Hat Enterprise Linux: An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 10.0
(Newton), Red Hat OpenStack Platform 11.0 (Ocata), Red Hat OpenStack Platform
12.0 (Pike), Red Hat OpenStack Platform 8.0 (Liberty), and Red Hat OpenStack
Platform 9.0 (Mitaka).

Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2017-13672, CVE-2017-13673, CVE-2017-13711, CVE-2017-15119, CVE-2017-15124

Read More