Why I Joined Facebook
I have never had any desire to join Facebook. But over the weekend I was forced to. I offer this post as a public service and warning to others.
The key to understanding my motivation is the fact that Facebook knows who you are without you ever signing up. This is because if your friends who do have Facebook accounts and give Facebook access to their email address books, a common method of finding friends quickly, then Facebook knows your email address and who your friend are without you ever having gone to the site.
I’ve known that Facebook already had a network of a dozen or so of my friends waiting for me since they would occasionally send me emails stating this. I thought it was interesting that Facebook could use this information to fill in holes in its network and infre things about me even though I had never used Facebook.
Then last Sunday theory hit reality. At this point I should take a small detour and explain that I have a common enough name that I regularly get misdirected email. This isn’t spam. These are instances of someone telling someone else that my email address is theirs, perhaps innocently. But I get email intended for several different people in the US, at least one in the UK, one in France, one in New Zealand, and an old dude in Australia. All of them think that they are the owners of my email address. All of them are mistaken.
So on Sunday I start getting notification emails from Facebook, in French, congratulating me on signing up for the site. Then I get friend notifications each time one of my friends, who had long ago indicated that they are friends with the person owning my email address, logged in, saw that I now had an account, and made the link official. All of this in French. So all through the day I see people that are in fact my friends becoming friends with this fake version of me.
Since I know what types of pictures the French John and his friends share I wasn’t inclined to have him share them with my friends. By Sunday evening I’d had enough. I went to Facebook.com and claimed to have lost my password. The password reset process involved them sending a new password to the email address the other John had used to sign up for the account, which of course was my email. I logged in, changed the password to one of my choosing, and changed all the account settings to my liking.
Now, why is this story worth mentioning? Well, two reasons. One is to suggest/complain that Facebook could easily have avoided this problem for me if they had simply verified the email used to create an account. It is astounding to me that they do not do this. It is a simple matter of sending an email with a unique link in it and waiting for the link to get clicked. That would have prevented someone from abusing my identity in this way.
The second is that there is notnow a type of scam in which an attacker finds a way to take over your email (it is pretty easy, ask Sarah Palin) and then uses this to take over your social networking accounts. They can then claim to be stranded in a remote part of Toronto (or in this case perhaps Paris) and in need of emergency cash on you Facebook page. Some of your friends will rush to your aid and to Western Union. Goodbye money.
Posted on August 19, 2009, in Pop Culture. Bookmark the permalink. 13 Comments.
Steve Evans
RJH
Scott B.
John C.
Susan M
Aaron Brown
ninemoons
arandomjohn
kulturblogadmin
Kyle M
Brad
KulturBlogGuest
MCQ
Wm
Rebecca
Ivan
Geoff J
btdgreg
Clark Goble
Aaron R.
Tim J
Join for whatever reason you want, stay for the games.
Well if this type of scam doesn’t exist, then I guess we don’t have anything to worry about.
I could have sworn that Facebook sent me a verification email when I signed up, but you could be right.
ouch. I’ll edit.
Susan M,
The point is that I never have joined. I simply took over an account of someone that had joined as me. When your email address is a widely used universal unique identifier you have to actively protect it.
Ken Jennings regularly mentions on his blog that the guy pretending to be him on facebook is not, in fact, the real ken jennings, but he does have the real Ken’s literary agent fooled.
Although I don’t “get” twitter (and I’m not old!) I signed up for an account just so that nobody could use may rather unique internet username…just in case I want to use it in the future.
Typically Facebook and Twitter are pretty good about this sort of cybersquatting – especially if you have a big web presence.
BTW – John, your facebook isn’t the only thing that’s been hacked. Check out your rss feed for your crosspost of the above over at Insight VR. Rather than showing your body text it shows ads for drugs.
Ads for drugs are good, right?
LOL. It’s probably that bug in the old version of WordPress. Everyone should make sure they are uptodate since the spammers know all the exploits.
Either that or you pick passwords that are in the dictionary.
Updating wordpress is a constant pain
The new version makes it easy. It updates itself via sftp. Ditto with the plugins. So having to break into the shell (or worse if you’re hosted via a web app like Kulturblog is) will be a thing of the past.
My sister was friends with the kid who created the fake Ken Jennings back when we were freshmen in college – this was when you couldn’t have facebook if you didn’t have a university email address. Pretty much everyone who was a friend of fake Ken Jennings knew that he was a fake because would anyone seriously hang on to their university email addresses for several more years after college and use it to get on social networking site where the only other people were college students? Of course, now that EVERYONE can have facebook, it has become possible for the real Ken Jennings to actually have facebook…so I guess that’s why people believe it’s the real deal.
So that’s the legend of the fake Ken Jennings mystery.
Clark,
I believe that I’ve fixed the problem with my rss feed and I’ve upgraded once again.