Facebook is Malware

Facebook, masks itself as a product but I argue it is nothing more than malware which sets us on a path to handing over personal data as any other virus, trojan or malware piece of software does.

For a quick, clear definition of Malware, I am grabbing it from Wikipedia:

Malware, short for malicious software, is software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.

While it could be argued that Facebook does disrupt computer operation by distracting the user and I don't believe it does attempt to gain access to private computer systems, it certainly does gather sensitive information on a large scale.

The illusion of the product

All malware gives the illusion of offering a product that you need or want while secretly gathering information for the author to be used for unknown means. People freely enter data, personal data, into the website as a trade for a product which is to provide a means of ... well I am not exactly sure what the product provides. I have heard it argued that "Oh, it is so I can keep in contact with family and friends". This argument is flawed, there are perfectly good alternatives to this: email, phone numbers, hell, you can even still send snail mail.

Through my own usage of Facebook in the past, I have never been clear as to what benefits it provides over other mechanisms and from seeing other people's usage, it seems only to provide a means of propogation of plebian trivia, something I don't think the world needs any more of. A means of complaining about how some supermarket provides slightly stale hot cross buns, a means of promoting your own opinions on some sporting player (the irony of me writing this piece as an opinion is not lost on me) or taking pictures of every piece of food you have eaten.

Do you remember the time, before social media and digital cameras when we used to take pictures of our food, get them processed, put them in an album and walk over our neighbours and friends and show them? You don't?! Of course you don't, it would be fucking retarded, yet we now do this. Do you remember the time when we would stand up on public transport and announce at the top of our voice how much we loved a particular song? You don't?! Of course you don't, that behaviour would be fucking retarded ... but we do that now. Each of the above is simply trivia, noise that the world needs no more of.

So where is the product that is provided that we absolutely need? There is none.

Hand over your personal details for a product

Other data analytics gathers such as Google Analytics, embedded in most websites do indeed gather information about the user viewing the website, they differ from Facebook in that the data is anonymous ... no specific identity is attached to the data gathered. The attack Facebook uses to gather your data is done on several fronts. I am only taking a rough guess at how this is done as it not clearly spelt out but from looking at the data sent back and forth, I can guess the following ... mainly because this is how I would do it:

Firstly interaction with their own website is not too far different than that of a keylogger. The data, status updates, likes, searches, page and profile views and various other interactions are kept against the user's identity as a means of profiling the user. Specific keywords are noted so that your data can be sold to companies which are related to your likes.

When a company or entity starts gathering biometric data on you, it really time to opt out and Facebook is doing exactly this. Perhaps you have noticed that when you post an image with various other faces in the shot that some, if not all of the faces are automatically tagged with another user linked to you through their product. Now I find this objectively clever, coming from a computer vision education, I am guessing that their software looks for unique attributes of a face, namely the proportional triangle formed by the distance between the eyes and down to the mouth. This is fairly unique to an individual. Combined with the knowledge of linked profiles, "friends", you have attached to your profile, they can take a fairly good guess as to who a person is in a photo. However, the mind boggles as to what other malicious uses this information can be used for.

Facebook knows what other websites you interact with. Yes, yes they do. When you log on to Facebook, a cookie with your identity is kept on your browser. Whether or not you log out or not, that cookie is kept. Cookies are domain specific, only websites with that same domain can access that information. This is a restriction of a browser but there are ways around this and Facebook does this by offering us developers tools to link an external website back, more commonly is the "Like" button. This is a small fragment of code which adds an iframe to the external website showing a "Like" or "Recommend" button. Whether you click the button or not, as soon as this is loaded, Facebook is notified that you have viewed this external website. They do this because the iframe loads a small page on the Facebook domain, meaning they can access your identity via the cookie they have inserted and hence can attach your external interactions back to your Facebook account. Anytime you see a "Like" button, you have been tracked.

I am not the only person to notice this, two other supporting articles I have stumbled upon share the same concerns: Facebook is scaring me and Facebook Is Tracking Your Every Move on the Web; Here's How to Stop It. The former article, like this one, sees the similarities to that of malware and the latter also details some steps, like I have added below, to preventing the problem.

Removal of the disease

With any virus, trojan or other such piece of software, it is often tricky to remove. The author does not want you to remove it as this means they loose control. Below I will provide means of making re-infection harder.

Delete your profile

The first step on the road to recovery from the malware infection is of course to delete your profile. Facebook claims this will delete the data but they are under no obligation to do so, they can simply make your account inaccessable and even if the data is no longer available to you, the data they have already gathered would almost guaranteed be stored and kept on their end. There is very little you can do about this, you accepted the terms and conditions, this is the consquences of your actions. That said, the sooner you delete your profile, the better.

Delete your cookies

Step two of the cleansing is to remove all tracking cookies from your browser. If you know what you are doing, you can target the removal of all Facebook domain based cookies, but if you don't know what you are doing, deleting all cookies and local storage in your browser will do this. Browsers will do this in preferences, usually under Security or Privacy. Deleting all cookies and local storage is a little like killing the patient to cure the disease but if you really want to be sure, this will ensure it.

Use a browser extension to block interactions

Step three on the road to recovery is via a browsers extension mechnism. There are several third party extensions which will block interactions to various analytics gathering websites. If you are using Firefox, Chrome or Safari, do your research on what extensions are available to you. Of course, this does not help when using some mobile devices as there are no means of doing this in their native browsers.

Modify your host file to block interactions

The final step is to completely block any possible interactions back to Facebook. Here we reroute any calls to the Facebook domain back to your own machine, localhost. This only applies to Unix/Linux based machines, I am unsure how to do this on a Windows based machine but I am sure there is a way of doing this. Also you will have to have some knowledge of terminal usage to do this and I recommend stopping at step three if you don't know what I am talking about.

To do this we will need to modify your hosts file, I am assuming MacOS here for the location, you will have to check your operating system as to where it is located.

cd /etc
sudo vi hosts

I am assuming knowledge of the vi editor and how to use it. Again, if you don't know what I am talking about, perhaps stop now.

Add the following line to the hosts file:

127.0.0.1       facebook.com
127.0.0.1       www.facebook.com

Now write and quit, job done. This will mean that any request, whether you directly or indirectly through another website done on this machine is sent to your local machine and never going to the Facebook domain. This hosts loop trick is rather useful for other websites you want to block.

Why, oh why?

So why do I feel so strongly about such things as to actually write something about it? I have many reasons but most important one is privacy. Privacy, I believe, is the most important thing of a developed society. Privacy allows you to make mistakes, to fail without the tribe knowing. Privacy allows the development of the individual. Imagine you have cameras on you for every waking moment of your life, the public viewing your every move and action, you would be scared to try something new ... trying something new usually starts with failures. You would not learn to sing, dance, create for fear of that your many failures would be exposed to the world and "products" such as Facebook are steps down this path. I have singled out Facebook as the target of my thought but the same is true of other "social media" websites such as Google Plus, Youtube, Twitter and various other "free" websites. As that saying goes ... if you aren't paying for the product, you are the product. So stop being the product because you will loose your most important means of individual growth: privacy.