Why Egypt Needs Facebook’s Privacy Protection

Facebook’s introduction of SSL encryption is a long overdue upgrade to underlying security on the site. It is crucial to the social networking site’s emergence as a tool for political discussion – and it seems to have been introduced in response to events in Tunisia.

In democracies, Facebook users indulge in “clicktivism”, clicking Like on groups and fan pages, for issues such as fuel tax and the price of cider, instead of more active social involvement.

Meanwhile, however, the site has become a major tool in events such as the current protests in Egypt, and the earlier revolution in Tunisia. The changes to its privacy provision are therefore a long-overdue upgrade to support this fact.

When the chips are down, we need privacy

A year ago, Mark Zuckerberg more or less dismissed users’ expectations of privacy. Since then, the site has rocketed to 500 million users and become a channel for online social engagement.

But it is not a very good tool if it is not secure. Mark Zuckerberg had his page hacked in January, and Facebook has spent a large part of the year tweaking its privacy settings, trying to find a balance which satisifies users’ privacy expectations, and also gives the giant some leeway to exploit its customers’ personal info.

“Over-sharing” personal details with people you don’t realise can see them is still endemic, even though it was exposed last year by a security consultant scraping Facebook. A European project called ABC4Trust may help with this general issue though it will probably not touch Facebook.

SSL is a basic requirement

Facebook’s security upgrade, however, is a much more basic requirement, and it appears to have come about partly in response to events in Tunisia, where during the early stages of protest, the government actually attempted a wholesale identity theft on all Facebook users in the country.

“The country’s Internet service providers were running a malicious piece of code that was recording users’ login information when they went to sites like Facebook,” reports Alexis Madrigal in The Atlantic. Government-installed keystroke loggers recorded password details.

This sort of “man-in-the-middle” attack is easy to do when a site does not use HTTPS – the secure version of the HTTP protocol, which uses SSL (secure sockets layer) to authenticate users. Google has been offering SSL for search for some time, and Gmail uses HTTPS by default.

The Tunisian government’s attack was ironic, says Madrigal: “the very tool that people are using for their activism becomes the very means by which their identities could be compromised”.

Facebook’s security people routed all Tunisian traffic to servers which would apply SSL, and forced people to re-register when they signed out. This level of security has now been enabled for other Facebook users, according to an announcement last Wednesday.

Of course, when a county manages to hit a kill-switch and cut off the Internet, as Egypt has done, SSL-based online privacy can become academic.

However, Internet messages are still trickling out of Egypt, using connections to out-of-country services. Given the ongoing uncertainty about the government’s reaction, when these peope use Facebook, they need to know their identities are safe.

Peter Judge

Peter Judge has been involved with tech B2B publishing in the UK for many years, working at Ziff-Davis, ZDNet, IDG and Reed. His main interests are networking security, mobility and cloud

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago