Why Egypt Needs Facebook’s Privacy Protection

Facebook’s introduction of SSL encryption is a long overdue upgrade to underlying security on the site. It is crucial to the social networking site’s emergence as a tool for political discussion – and it seems to have been introduced in response to events in Tunisia.

In democracies, Facebook users indulge in “clicktivism”, clicking Like on groups and fan pages, for issues such as fuel tax and the price of cider, instead of more active social involvement.

Meanwhile, however, the site has become a major tool in events such as the current protests in Egypt, and the earlier revolution in Tunisia. The changes to its privacy provision are therefore a long-overdue upgrade to support this fact.

When the chips are down, we need privacy

A year ago, Mark Zuckerberg more or less dismissed users’ expectations of privacy. Since then, the site has rocketed to 500 million users and become a channel for online social engagement.

But it is not a very good tool if it is not secure. Mark Zuckerberg had his page hacked in January, and Facebook has spent a large part of the year tweaking its privacy settings, trying to find a balance which satisifies users’ privacy expectations, and also gives the giant some leeway to exploit its customers’ personal info.

“Over-sharing” personal details with people you don’t realise can see them is still endemic, even though it was exposed last year by a security consultant scraping Facebook. A European project called ABC4Trust may help with this general issue though it will probably not touch Facebook.

SSL is a basic requirement

Facebook’s security upgrade, however, is a much more basic requirement, and it appears to have come about partly in response to events in Tunisia, where during the early stages of protest, the government actually attempted a wholesale identity theft on all Facebook users in the country.

“The country’s Internet service providers were running a malicious piece of code that was recording users’ login information when they went to sites like Facebook,” reports Alexis Madrigal in The Atlantic. Government-installed keystroke loggers recorded password details.

This sort of “man-in-the-middle” attack is easy to do when a site does not use HTTPS – the secure version of the HTTP protocol, which uses SSL (secure sockets layer) to authenticate users. Google has been offering SSL for search for some time, and Gmail uses HTTPS by default.

The Tunisian government’s attack was ironic, says Madrigal: “the very tool that people are using for their activism becomes the very means by which their identities could be compromised”.

Facebook’s security people routed all Tunisian traffic to servers which would apply SSL, and forced people to re-register when they signed out. This level of security has now been enabled for other Facebook users, according to an announcement last Wednesday.

Of course, when a county manages to hit a kill-switch and cut off the Internet, as Egypt has done, SSL-based online privacy can become academic.

However, Internet messages are still trickling out of Egypt, using connections to out-of-country services. Given the ongoing uncertainty about the government’s reaction, when these peope use Facebook, they need to know their identities are safe.

Peter Judge

Peter Judge has been involved with tech B2B publishing in the UK for many years, working at Ziff-Davis, ZDNet, IDG and Reed. His main interests are networking security, mobility and cloud

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

11 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

13 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

15 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

16 hours ago