Changing my mind about Facebook

Topic

New Reply

SECURITY Amy Babinchak Undoubtedly, you’ve seen the invitation to sign in to a website with your Facebook account. And you ask yourself: “How can that
[See the full post at: Changing my mind about Facebook]

Reply | Quote

Replies

My friend has the latest iPhone.  He bragged about how he could unlock the phone with his face.   Than he gave me the phone.   It unlocked the phone with my face.   We handed it to everyone at our table 1/2 of the people were able to unlock the phone.

Fast forward 1 year.  1 out of  6 people at our table are able to unlock the phone.  Use at your own risk.

2 users thanked author for this post.

Amy Babinchak, wavy

Reply | Quote

The problem with using Facebook to sign in to website has never been security. The problem is that you have just made it very, very easy for Facebook to track you everywhere. Furthermore, any corporate, political or government entity with access to Facebook can now track you. Corporations and political parties can pay Facebook for that access. Governments can subpoena it. If you are comfortable giving all these entities that kind of access, then by all means use your Facebook account to sign in. If you care about your privacy you won’t go anywhere near Facebook.

11 users thanked author for this post.

wavy, Tom-R, rc primak, Bill C., John18, CADesertRat, Myst, jburk07, David F, MrJimPhelps, lanceboil

Reply | Quote

Over time I’ve become less concerned about privacy from the likes of Facebook. I’m happy for them to try to sell the things that I might post there or my profile based on such things. I’d rather do that than pay for the service. It’s a personal preference.

If you are concerned then please pay attention to the privacy settings and the permissions that you are granting to third party sites. There are controls there.

Reply | Quote

Sure, we’re supposed to use a unique and complex password for each account we create, but how often do we actually do that?

I can’t say how often “we” do, but I know how often “I” do: Every single time, for as long as I can remember.  It’s easier even for throwaway sites that I don’t expect to revisit to hit the password generator button, then focus the “enter your new password” field, and CTRL-V (paste), and then repeat it if necessary in the “confirm password” field.

And we need somewhere to store all our passwords and usernames, don’t we? So we put them in an Excel file or a password-manager app that itself requires a password to access.

Well, yes.  But how is using a password manager’s master password any less convenient than using your Facebook password in the same manner?

In short, it’s become really tough to manage our credentials on our myriad online accounts. And that’s why using Facebook as our “master sign-in” is so attractive.

A password manager makes it nearly effortless, and it works with everything, including all web sites, but also programs that have their own login dialog.

The Facebook single sign in (or its Google doppelganger) only works with those selected sites that have that function built in.  For all those other sites, you’re still in the same situation of either using an easily-remembered “standard” password or using a password manager.  If we agree that the “standard” password route is out, that means you’d be using a password manager for some logins, and Facebook for others.

Obviously, you do not want your local master password and your Facebook password to be the same, so now you are looking at having to either remember two strong passwords instead of one.  Alternately, you could just remember the one for the password manager, and keep your Facebook password inside the password manager, but then you’ve negated the value of using Facebook as your password manager.

 

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon
XPG Xenia 15, i7-9750H/16GB & GTX1660ti, KDE Neon

7 users thanked author for this post.

wavy, Tom-R, rc primak, EstherD, LH, John18, jburk07

Reply | Quote

I appreciate your points and I too make extensive use of a password management tool. However, using my YUBI key for Facebook and tying that into other sites reduces the number of times that I have access those tools. I’ve pre-authorized them so they go right in once I’m connected to the main account. As an admin of 5 pages and 1 group in addition to my own profile I’m doing business there several times a day. Saves me a heap of time and adds security to sites that doesn’t offer it natively.

Reply | Quote

Win7.  I use NoScript, and it will show how many things/places that the web page coding wants to access.  If Facebook has a link on that page, hidden or not and you allow the web page to contact Facebook for you you’ll get facebook popups.

Me, I’m paranoid and distrustful.  Before checking into FB, I close my browser (Seamonkey), discard cookies and other information that the browser is holding in cache.  Restart the browser, log into FB.  When I log out I shut down the browser.  That’s about all that this non computer smart user can do.

3 users thanked author for this post.

wavy, rc primak, jburk07

Reply | Quote

I have discovered that facebook.net is apparently the site which has the spying scripts running everywhere, whereas facebook.com is the site that you log into when you are logging onto Facebook.

When I did Facebook (I haven’t in several months), I found that I didn’t need to allow scripts to run on facebook.net in order to successfully log into Facebook and post stuff. Also, I have never found facebook.com scripts running anywhere except when I log onto Facebook. However, facebook.net scripts run on literally every site you visit on the internet.

Group "L" (Linux Mint)
with Windows 8.1 running in a VM

Reply | Quote

I use the paid version of Roboform and have for years.  Every single site has a unique password.  The master password is not used anywhere else.  So for now I don’t see any benefit in either trusting Zuckerberg, Inc., or any other method for now.

Am I wrong?

3 users thanked author for this post.

Amy Babinchak, wavy, rc primak

Reply | Quote

You’re not wrong. That’s a great way to go about it. The Facebook login option automates login and add security features that aren’t available natively on some sites. I find it helpful and like you I’m also a Roboform fan.

Reply | Quote

Anyway you slice it, or try to justify it, Facebook and it’s honchos are morally bankrupt, criminally invasive, and prey on the ignorant and credulous.

“If you’re not paying for it, you’re the product”.

Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
--
"...all the people, all the time..."Peter Ustinov ad-lib in "Logan's Run"

2 users thanked author for this post.

wavy, rc primak

Reply | Quote

If you’ve already gone to the trouble of setting up a FiDO U2F key, why not set up a password manager as a portable USB program as well? Only one Master Password and one PIN to remember.

-- rc primak

Reply | Quote

I use both. What I like about the login with Facebook option is that it adds security to sites that don’t offer it natively and I appreciate the automation.

Reply | Quote