Profile picture
Sarah Jamie Lewis @SarahJamieLewis
, 13 tweets, 2 min read Read on Twitter
Ah I see, Facebook wasn't "breached", the firm just exploited weak default account privacy protections by taking advantage of a user perception that using Facebook to log into a 3rd party app was safe.

Totally different thing.
Oh and the developer of the app LIED, adversaries never lie..so this wasn't a breach.
Basically Facebook enabled mass phishing of accounts based on a promise developers wouldn't misuse that data.

Definitely not a breach though.
The system was working as designed, Facebook handed that data over willingly.

Therefore their processes were just broken...it wasn't a breach you see.
Nu uh no breach here, attackers always tell the truth and only ever use technical attacks on software..we don't consider social engineering of staff, phishing of CEO's or employees stealing databases "breaches" either you see
So don't go calling this a breach. Because this was definitely not a breach. Facebook handed this data over because someone asked. They were lied too! We should all feel for Facebook who have now almost definitely stopped handing over your data to anyone who asks for it nicely.
Remember everyone it's the users fault because they didn't update their privacy permissions every month facebook changed them back. This wasn't facebook
s fault. nu uh
You see what happened was, Facebook collected all your information, obfuscated privacy tools to help you share things better & then...get this...they gave your data to any random app that could "entice" you into trying it out.

But this was definitely *not* a breach!
They didn't "leak" the data...but at a future date they determined the amount of information they were giving to untrusted apps was too much...and that some apps were exploiting this to build profiles on people...and they reduced that data exposure.

That's not a "breach" though.
Hacker: "HI company can I have all you data I promise not to do bad things with it"
Company: "Sure,here you go"
Hacker: "Oops I did bad things with it"
Company "Well the important thing was that this was not a breach"
When you break users trust and give information to an adversary in violation of the user's threat model...that's what a breach is.

Regardless of whatever the user thinks they are consenting too at the time.
Facebook was the guardian of that data and it is crystal clear that their processes, systems and threat models were inadequate to prevent malicious actors from obtaining that data.

That is the. fucking. definition. of. a. breach.
I stopped using facebook many years ago. I would advice that if people can, they should too. Many people don't have that choice. Many marginalized people rely on Facebook to live. They deserve better than cover-your-ass weasel words.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Sarah Jamie Lewis
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @SarahJamieLewis see all

Profile picture
Since I keep answering the same "but why don't you just..." questions about this topic, let me take a thread to explain why your "clever" ad-hoc border encryption solutions don't work and why we need better solutions in this space.
First a little prelude: In the real world sometimes people need to bring data from one jurisdiction to another, and often this rubs the powers-that-be the wrong way and they get some silly ideas about denying basic human rights.
The threat models are varied, but we generally approach real world cases with the following success criteria:

* Getting through unhindered
* Getting turned away at the border
* Forcing better civil norms (courts / warrants / lawyers etc.)
Read 18 tweets
Profile picture
Regular reminder: The telecom network is a giant tracking system and the number of people who can gain access to subscriber data is practically unlimited.

Source: this used to literally be my job.
I've been reminded of a few concepts recently and it's becoming very clear that I've forgotten more about the inner workings & implementation details of telecom protocol stacks than most people will ever know.
The vast majority of reporting on privacy issues in telecom systems painfully mischaracterize the technology & conflate different issues, despite that they generally understate the privacy problems.
Read 24 tweets
Profile picture
The world makes little sense anymore because we live within systems that have become detached from the systems they exist in which themselves have become detached from the systems they exist in...somewhere in that stack of systems is the physical world we want to understand.
To further complicate, many of those systems have provided tangible material benefit to many (often at the expense of others). The systems are no less real than the physical world because they operate over the physical world.
Our current economic & political ridiculousness is, in part, a failure of neoliberalism, itself a detachment from classical "money" economics, which is itself a detachment from the resource-limited world we live in. All a gross simplification of history, circumstance and power.
Read 11 tweets

Related threads

Profile picture
🔴Facebook ha avuto un problema di sicurezza che ha esposto 50 mln di utenti. Altri 40 a rischio. Per questo 90 mln di utenti devono fare di nuovo il login. Storia in divenire qui comunicato Facebook newsroom.fb.com/news/2018/09/s…
Facebook dice di non sapere origine o identità degli attaccanti e di dover valutare ancora la portata, riferisce il NYT. Ad essere stati sottratti i token di accesso attraverso una vulnerabilità (che sarebbe stata chiusa) nytimes.com/2018/09/28/tec…
No accesso a password, no accesso ai messaggi privati o alle carte di credito degli utenti, ha detto Facebook in conferenza stampa, aggiungendo di stare lavorando con l’Fbi. Comunque bruttissima storia. Info via Reuters
Read 12 tweets
Profile picture
Facebook e Instagram mostrarão o tempo gasto no aplicativo! Quão viciado você acha que é?
Quão viciado você é no #Facebook e no #Instagram? Os dois aplicativos vão dizer quanto tempo você gasta neles todo dia. A funcionalidade foi anunciada em 1º de agosto e ficará disponível aos usuários nas próximas semanas.
Quantas horas você fica no Instagram por dia?
Read 10 tweets
Profile picture
#Facebook thread:
Ahead of Zuckerberg's Congress testimony, a quick revision guide.
All you need to know about Facebook (and why you should be concerned), brought to you by the Observer/Guardian's investigation into data and democracy...
Hard to believe it was less than a month ago that @carolecadwalla broke the story about GSR harvesting 50m+ Facebook profiles for @CamAnalytica to use in political campaigning:
Revealed: 50 million Facebook profiles harvested for Cambridge Analytica.. theguardian.com/news/2018/mar/…
Via the first major interview with @CamAnalytica whistleblower @chrisinsilico which explained Facebook had known about the leak for at least 18months and detailed Robert Mercer / Steve Bannon's central roles ‘I made Bannon’s psychological warfare tool’: theguardian.com/news/2018/mar/…
Read 26 tweets
Profile picture
Facebook has some really creepy plans!
Just check their patents!
Small thread with thanks to @jashkenas 👇

1⃣ Facebook wants to track your eye movements
using special infrared LEDs that shine into your pupil & cornea to determine gaze patents.google.com/patent/US20180… #Facebook #privacy
Facebook wants to reads your comments for positive or negative “affinity scores”
to generate sentiments and “trust scores”
and use the resulting data sets from trusted users
to train a machine learning model
patents.google.com/patent/US20180… | #privacy #facebook
to manipulate people..
3⃣ Facebook wants to “automatically sense, record and identify all types of activities such as walking, running, jogging, cycling, rowing, driving with car, bus, train, walking stairs, jumping, swimming, playing football & skiing” patents.google.com/patent/US20150… | #Facebook #privacy
Read 8 tweets
Profile picture
With all the concern over Facebook Privacy being highlighted with the recent Cambridge Analytica investigation, I thought I'd share some tips on how to 'clean up & crack down' on your Facebook profile. #CambridgeAnalyticaUncovered #Facebook
The obvious thing to do is shut down your profile. However, DEACTIVATING your profile does NOT delete your data. Facebook retain that in case you decide to return. This is an important distinction: if you just want to deactivate - Settings -> Manage Account -> Deactivate
If you want Facebook to delete your data, you need to go to facebook.com/help/delete_ac… - however you may want to archive your old photos and data before doing so, and to be doubly sure, you'll want to manually unlink the external apps and delete your posts and likes.
Read 12 tweets

Trending hashtags

#privacy #GDPR #au #Bitcoin #wellbeing #CambridgeAnalytics #Twitter #opendsta #Kashmir #Zuckerbergtestimony #ai #Facebook #smartcitiea #smartcitiies #CambridgeAnalytica #Netflix #smartcities #opemdata #MOAB #aii #bigdara #GoodbyeDemocrats #CambridgeAnalyticaUncovered #Brazil #FreeKashmir

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!