Pulling a fast one on Facebook

Written by babulous | Published 2018/07/09
Tech Story Tags: privacy | facebook | data | social-media | ethics

TLDRvia the TL;DR App

Misleading is the name of the game

Facebook has been in the news a lot lately with a focus on how its users personal data is being manipulated on a massive scale to change the course of history. All that bad PR has made the company go into a docile mouse mode. Zuck even promised to give users a ‘Clear History’ button. My question is what’s the catch, as there sure will be many. Facebook has in fact admitted that they actually track us around the net and watch what we see.

Anyway, though a few users have quit Facebook, the majority seemed to be staying put for now, probably to avoid losing touch with all their ‘Facebook friends.’ They may still be on Facebook, but they are worried about being snooped on, and more importantly, what they can do about it.

Personally, I haven’t posted or shared anything on Facebook for years (making me an undesirable user for them) but I stay on to stay connected. Just last week, my school group put out a message on Facebook that they are starting a WhatsApp group. I didn’t join the Group as yet as I’m not sure I want to. But I like knowing I can if I wish to. And that would not have been possible without Facebook, to give the devil its due.

Having the cake, and eating it too

The reality is Facebook and its users are in a stalemate. The company’s business model is to sell user data. They know that data has been misused, and they say it will not happen again. But they know just as well it’s going to be hard to keep out the waves of tech-savvy crooks angling for a bite of all that mouthwatering data. Still, Facebook is not going to admit it, are they?

Similarly Facebook users know it’s not going to be able to protect their data (and probably doesn’t even intend to). But they are too hooked to the platform. As of now, I think most users are taking a wait-and-see approach.

That’s what has led to a cat and mouse sort of game, where Facebook makes moves to access user data, and users make countermoves to restrict access to their data. What makes this game weird is that Facebook claims to be offering its users more ways to restrict access, while in reality trying desperately to prevent users from restricting access.

For instance, when you sign up for a Facebook account using your mobile number, your phone number becomes available to ‘everyone’ who looks for you on Facebook. This happens by default on Facebook, and unless you take the trouble to change this setting, your number will be freely available to the public. Facebook does this as advertisers will pay more for the ability to target ads directly at you, and possibly track you if your phone’s location finder is on.

The fact is Facebook is a business. Though its services are supposedly free, there’s a cost, and it’s our privacy. In case you are not aware (and you really should be), Facebook currently makes money by selling our data to advertisers. These ads are targeted at us based on a detailed profile that Facebook has created on each of its users, which is based on our interests. The more info they have about us, the more detailed our profiles will be, and the more money they can make by selling our info.

Anyway here are some of the games that Facebook has been playing with its users.

The Facebook Account Settings Game

By default, Facebook has your account open for anyone to post anything and view everything on your page. Tech savvy users change these settings as soon as they sign up on Facebook. But the techphobic ones find it too confusing to even attempt.

I don’t blame them. Have a look at the page below. This is the elaborate process that a layman needs to do to ensure his private phone number is not available to every Tom, Dick and Harry.

Step 1->He has to find and click on the tiny almost invisible arrow which will give hime a pulldown menu. Step 2->He has to scroll all the way down and click on ‘settings’. Step 3->There’s a list of 17 tabs on the page’s left. He has to click the right one. It’s not the ‘security’ tab like he expects but the ‘privacy’ tab. Step 4->He has to figure out which of these settings is the one that keeps his phone number to be kept private. Well, it’s the one that gives a convoluted message which says “Who can look you up using the number you have provided?” He has to then click on the edit button, and change it so it reads ‘Friends’ instead of ‘Everyone.’

This is not something that an average layman can do. The thing is Facebook’s settings are deliberately designed to be complicated. Facebook wants you to share everything about yourself if possible. That data sharing is the goldmine on which Facebook’s fortune is built. Allowing us to restrict access to our data, is the equivalent of shooting themselves in their own foot.

Even though, the current scandals have forced them to simplify their settings, Facebook has a long history of constantly tinkering with their settings page, and complicating things. So we can expect that to happen again.

What I mean is you can upgrade your privacy one day, only to find the next day that Facebook has changed the settings so there is a loophole by which your data can be accessed. Like I said, a cat and mouse game.

The Facebook Privacy Tool Game

A few years ago, Google’s Chrome browser offered an extension that would automatically tweak all the above Facebook’s settings for a user so as to ensure maximum privacy. I used to have this as it simplified things by automating the privacy process. But my Chrome’s list of extensions doesn’t have it anymore. It must have stopped working and I would have removed it. I still see similar extensions in Chrome but they don’t mention Facebook, and that’s a giveaway. I don’t know how, but Facebook seems to have won that particular game.

The Facebook Container Game

After Google’s misadventure, Firefox has got into the act with an extension. This automatically loads Facebook in a special tab called the container, which cannot ‘see’ your web activity in other tabs in the browser. Firefox says the extension would not have prevented the Cambridge Analytica incident, but it still gives you control on how much of your online activity Facebook can track.

I hadn’t used Firefox in a while as I usually switch between Chrome and Safari on my Mac. But I liked the idea of isolating Facebook in a box. So I fired up Firefox, updated it to its latest version, and installed the extension.

Using the extension is intuitive. Everytime you sign into Facebook, the browser seems to automatically put the page into a locked container. This can be seen in a little blue icon in the URL field as shown above.

I don’t know how long it will take Facebook to escape this cat. But for now I like the feeling of having Facebook isolated from the rest of my life. So whenever I wish to log in to my Facebook on my Mac, I use this extension.

The Facebook Sandbox Game

Facebook on mobiles works a bit different from computers. Apps are supposed to be sandboxed from each other. This basically means one app shouldn’t be able to read data collected in another app. In reality, I don’t think it happens anymore. Apps on my iPhone and my Android keep asking for all sorts of permissions to my camera, messages, photos and whatnot.

I can confirm WhatsApp on my iPhone did share my contacts with Facebook because I get ‘friend suggestions’ for contacts on my phone, though my Facebook account does not have my phone number. I think iOS allows some sort of sharing of data between apps from the same company, and since WhatsApp is owned by Facebook, Apple would have allowed it.

Android allows you to control permissions minutely. But Facebook seems to always be one step ahead, and gets whatever it wants. Android also has ‘wrapper’ apps, which is basically the Facebook web page bottled in an app. This theoretically helps give full control over what is shared or tracked. ‘Tinfoil for Facebook’ is highly recommended by Android users but the app seems to have been removed from Google Playstore. I know not why.

There are also lots of apps that claim to deliver a safer or better Facebook experience. But I couldn’t help wondering if there was a catch. What’s to stop Facebook from buying data from these apps, or maybe they could buy the app itself. They sure have the money to do it.

These days, if I have to access the Facebook webpage on my phone, I use Mozilla’s Firefox Focus app. Once I’m done, I tap the handy ‘erase’ button. This supposedly clears everything, including passwords, cookies, history, and hopefully prevents tracking by Facebook.

I’m not sure ‘Firefox Focus’ is reliable, but if there’s anyone I can trust, it’s Mozilla, a non-profit group of independent developers.

The Facebook Logout Game

Some time back, a friend mentioned that he stays logged out of Facebook on all his devices as he believes this would prevent Facebook from tracking him.

Well, he thought wrong.

Facebook was a couple of steps ahead of him, and has been tracking him even when he’s logged out of it. I am not going into the details of this, but the technical wizardry to do this would be admirable, if it wasn’t being used to snoop on users.

Facebook definitely got away on this one.

The Facebook Burner Account Game

I must confess that I came up with this one, and it’s still a work-in-progress. The idea is that instead of trying to hide my identity from Facebook, I mislead Facebook by pretending to be someone else, and confuse the hell out of them.

The thing is it seems you can open a new Facebook account with just a mobile number. I didn’t know this was possible but I just tried it, and I can confirm it works.

The new Facebook account I opened was activated with a spare SIM that I rarely use. I then logged into all my devices with this Facebook burner account which has no friends, no posts, no photos, no data… nothing except a fake name and a burner phone number.

My gambit seems to have worked to fool Facebook through a combination of luck and guesswork. It also gave me interesting insights into how Facebook works. As the old saying goes, ‘Knowing your enemy is winning half the war.’

Here’s how it worked.

A misleading phone call history The phone number I used in the new Facebook account is a number I never use to make calls. It’s usually on my second phone, an Android that I use to keep in touch with the Android universe as my main phone is an iPhone. I sometimes also use the SIM in my portable router (JioFi). The SIM is linked to my Google account which means the phone does have access to all my contacts. The phone number is also linked to its own WhatsApp account on the Android. I have set that WhatsApp account to not share details with Facebook. But knowing Facebook, WhatsApp may have ignored me, and shared my data anyway.

But what really makes my phone number unusual is its call history. It has a long list of calls, though I never make calls with it. Here’s how that happened.

My kid’s school, which has around 2500 children, does not allow the kids to carry cellphones. So whenever I have to pick up my daughter from school, I invariably have a couple of kids borrowing my phone to call their parents. Sometimes I can’t lend my phone because I’m busy on a call or something. Since I don’t like saying no to tiny kids, I usually carry my Android along, and let the kids use it to call their parents (the phone is on India’s Jio network on a plan offering unlimited calls to anywhere in India).

This means that when Facebook snoops on my phone call history over the last couple of years, it will find a bewildering series of random calls to unconnected people. There’s only one common link. They all live in the same city in south India where I currently reside. If Facebook digs deeper, it might be able to figure out that all these people have a kid or two studying at one particular school in that city. There’s no other link between all the people who populate my Android’s call history.

With one notable exception. I once used this number in an emergency to call my business partner as my main phone’s network was down. He didn’t recognise my voice as he didn’t have the number, so that’s why that call stuck in my mind. We’ll come back to this.

A misleading location Usually people have a large social circle of friends in the city I live in. But since I work online and have already moved 7–8 cities, I have only a small circle of close friends in the current city that I live in, and none of them are from my kid’s school. Also my current friend circles, like say the ones at my tennis club, are not connected to my kid’s school in any way. In fact, most of my longtime friends are spread out in different locations. (Strangely enough, I stay in touch with them via social media, but not through groups, as I prefer on one-to-one conversations.)

A misleading language India is a country with 20 odd major languages, and 100s of dialects. I currently reside in the south Indian state of Tamil Nadu where the language is Tamil. However my home state is Kerala, an adjacent state that speaks a another language, Malayalam. I can sort of understand Tamil at a basic level as the dialect spoken in my border city has some similarities to my mother tongue, Malayalam. But it’s hit and miss, and I definitely can’t speak or read or understand the subtleties of Tamil.

Facebook gets ‘People you may know’ wrong Once I signed up for my new Facebook account, I had a look at the Facebook’s ‘Friend suggestions,’ which is an almost endless scrolling list of hundreds of names.

The list was completely off the mark.

No one among the ‘friend suggestions’ was anyone I could recognise, forget being a real life friend of mine. It was clear that Facebook’s ‘friend suggestions’ were showing people whose only common link was that they live in the city I currently reside in.

There were three exception in that long list of friend suggestions from Facebook. The first was as I expected, my business partner, who must have been the only friend I called on that phone. The other two were a couple of his friends, and all three are based in my actual home state. But since I had made just one call to my friend, Facebook didn’t let its ‘friend suggestions’ get too influenced by that one solitary call to a number in a neighboring state.

Facebook gets my language wrong Based on my location, Facebook assumed that I spoke the language of the state I reside in (Tamil) and served up a whole pile of videos in that language in my feed. This was an incorrect assumption as my hometown is an adjacent state which speaks a different language (Malayalam). So none of the Tamil videos they served up were of any interest to me as I’m not fluent enough in that language to comprehend the videos.

Insights into how Facebook works

Facebook reads your phone call history and assumes that everyone in your call list (and their friends) are people you know or potential Facebook ‘friends.’

Secondly, Facebook can figure out your location, even if the location feature is turned off on your phone. They do this by observing where most of the people you call are located, and conclude that you are based in that city.

Thirdly, Facebook goes on to make a second assumption based on the first one. It assumes you are fluent in the language of the place where most of the people you call are located. Yup, assumption is the mother of all…

Does Facebook have any alternative business models?

For the sake of argument, I can think of a few.

  • Facebook turns into a fully paid service where users pay a subscription for the privilege to use their platform. The cons for this is they may lose a majority of users who will not be willing pay for social media.
  • They offer two levels of service. A free basic service where users have to grant full access to their data, and an additional premium service which allows users to restrict all access to their data for a price. The pros are this will help Facebook earn something, but the cons are this will be pittance compared to the billions they make currently by peddling all users’ data.
  • They limit access to user data to just the country where the user resides and sell ads based on that. The cons are that the ads may have have very few takers among the advertisers
  • They go the Apple way, and keep software free, data private, and make money from premium priced hardware products like a Facebook phone. The cons are this is an entirely new business and the Facebook phone may fall flat on its face like Amazon’s Firephone.

Will Facebook try any of the above models? I doubt it. Zuckerberg insists it’s going to stick with the existing free model, probably because they’d lose most of their members if they made it a paid service. But finally it all comes down to money. The existing free model is the most profitable model.

So it’s up to each one of us to fend for our own data.

Set a crook to fool a crook

My fake account has possibilities, but Facebook must be used to tackling fake accounts. I mean real crooks, like the ones who try to make money by generating fake likes, must also be creating fake FB accounts. So Facebook must have a system to handle such conmen who are in it for the money.

What I figured out is if the goal of the fake account is to confuse Facebook, it may work. That’s because Facebook can see the account is not doing anything illegal. There is a distinct possibility it could just be net newbie who doesn’t know how to post or whatever. Banning them might cause Facebook to lose a potentially valuable, long-term user.

What I’m considering is asking a few of my friends to form similar fake accounts each with a burner SIM, and have all the fake accounts friend each other. So we have a fake FB network formed solely with imaginary people. That would be poetic justice. Using trickery to fool the one who is trying to trick you. It would also be fun.

Alright, I know privacy is a serious issue. But as someone once said. “Don’t take life too seriously or it may end up laughing at you.”

Anyway, I’m not really doing anything illegal, am I?

Enjoying it while it lasts

I may be making it difficult for Facebook to keep tabs on me with my two pronged strategy. Firstly using my fake account openly on all my devices to mislead Facebook. Secondly, accessing my real Facebook account via Firefox’s container tab on my PC, and the secure ‘Firefox Focus’ app on my phone.

I also get a real kick out of the fact that my unusual phone call record inadvertently confused the hell out of Facebook. Sort of giving them a taste of their own medicine. It’s not too often that you can fool such giant corporates.

As of now, the only way Facebook can link my second phone number to my ID is by breaking into the Indian Government’s secure servers as SIM cards in India are linked to the India’s unique national ID, Aadhaar. So my fake Facebook account is safe for the moment, hopefully.

However all good things come to an end, and Facebook will eventually figure out how to stop my shenanigans. Probably deactivate suspicious accounts with no emails, no friends, no activity, or some such criteria.

And the cat and mouse game will go on.

Published by HackerNoon on 2018/07/09
ABOUTHow hackers start their afternoons. We publish tech stories and build publishing software.

READEntirely free library read by hundreds of millions to learn anything about any technology.

WRITEHackerNoon elevates quality technology writing far and wide across the interwebs.

PARTNERHackerNoon works directly with tech companies to place ads by content relevancy