faceboo7k

[Uncayimmy]

Point 1: No, I didn't give anyone my permission to scan my emails, nor did I gave my email password to anyone disposal (DUH!!!!), and I don't expect that anyone would; moreover, I don't expect that Facebook would even ask. Point me (link) please to the explicit source, which asks for the permission to scan client's email via disclosed email password.

I signed up for FB and used my GMail address. When I go to this page and click Find Friends, the next screen reads, "Facebook.com is asking for some information from your Google Account. To see and approve the request, sign in." On that page are prompts for my e-mail and password. If on the linked screen above I change it to a Yahoo or Hotmail address, the same basic procedure.

This may not be what you are asking for because this is a user-initiated scan rather than a background scan, but without an further definition explanation of what you want, I think it suffices.

Sorry, I can only describe the procedure, but not define it, coz the word definition doesn't apply to the circumstance.

If you're going to be pedant, do it right:

Define : to explain or identify the nature or essential qualities of;

 

[portlandatheist]

Point 1: No, I didn't give anyone my permission to scan my emails, nor did I give my email password to anyone disposal (DUH!!!!), and I don't expect that anyone would; moreover, I don't expect that Facebook would even ask. Point me (link) please to the explicit source, which asks for the permission to scan client's email via disclosed email password.

Point 2: I never said that accessing someone else's email account is a rocket science, so your reference to this particular issue is quite redundant and comes at the expense of the citation not included in your opener.

Were you or were you not using the Facebook friend finder app?
ETA: didn't mean to come across so snarky. My point was actually that it would be impossible to access files on your computer(other than web browser cookies), such as your address book and that they could not access you web based email without your account info. Facebook's app clearly asks for both the users permission and account info.

 

[epix]

I signed up for FB and used my GMail address. When I go to this page and click Find Friends, the next screen reads, "Facebook.com is asking for some information from your Google Account. To see and approve the request, sign in." On that page are prompts for my e-mail and password. If on the linked screen above I change it to a Yahoo or Hotmail address, the same basic procedure.

No it doesn't suffice, coz I never saw this particular page on my sign up using yahoo email, so I couldn't give Facebook any info regarding my email password. But there is a good chance that this page could exist asking for an email password to see if any of your email contacts are also Facebook members. Some people are dumb enough to give away their email password in return for a ridiculous service. That means, in my case, the Facebook staff got into my email without the password, which is not a technical problem, but it's a breach of security.

Too bad it takes up to 90 days to deactivate the yahoo email account that I set up to sign up with Facebook. I wonder if you can still log in with email address, which no longer exists. Any idea?

 

[epix]

Were you or were you not using the Facebook friend finder app?

Absolutely not.

 

[portlandatheist]

Absolutely not.

Hmmm. Then I have no idea what is going on. One piece of advice I've heard is to use a different password for you email account than you use for everything else you do. Since every account you create on various websites (facebook or otherwise) ask for your email address, and ask you to create a password they can make a good guess that these two passwords are the same and have access to your email account. That may not be applicable to this situation but its a good habit.

 

[epix]

Hmmm. Then I have no idea what is going on. One piece of advice I've heard is to use a different password for you email account than you use for everything else you do. Since every account you create on various websites (facebook or otherwise) ask for your email address, and ask you to create a password they can make a good guess that these two passwords are the same and have access to your email account. That may not be applicable to this situation but its a good habit.

I think that creating a special email account for signing up with anyone who requires your email address to log on, such as Facebook, would be a good idea.

Just imagine: you write three names off a public (no-logon) Facebook page in your email text and send it to yourself. Right after that, these names appear on your FB home page as your suggested friends. That info had to come from the email text, not from your email contacts where these names were obviously not included. Since I've killed the yahoo email account, I can no longer repeat the test and see if the same thing happens again. I should have repeated the test at least 5 times.

 

[Uncayimmy]

Just imagine: you write three names off a public (no-logon) Facebook page in your email text and send it to yourself. Right after that, these names appear on your FB home page as your suggested friends.

LOL! Well, there's your explanation right there.

Cookies are pieces of information that a web server stores on your computer to be read later. Browsers are designed so that a web server can only read cookies that came from that domain. Thus randi.org cannot read IMDB.com cookies and vice versa. However, IMDB.com can via cookies "remember" that you visited the page on Star Trek, so next time you visit, they list the other Star Trek productions under "Things You Might Like." No need to register with them for this to happen. Of course, randi.org won't know what you visited on IMDB.com.

So, even though you were logged out of Facebook, you were still visiting Facebook page(s). They were able to drop and read cookies. FB knew that your browser visited certain pages on their system. The rest is easy, no clandestine (and illegal) snooping required.

ETA: Before anybody gets all persnickety, they could just look at your IP address as well, only that's less reliable.

 

[Hellbound]

LOL! Well, there's your explanation right there.

Cookies are pieces of information that a web server stores on your computer to be read later. Browsers are designed so that a web server can only read cookies that came from that domain. Thus randi.org cannot read IMDB.com cookies and vice versa. However, IMDB.com can via cookies "remember" that you visited the page on Star Trek, so next time you visit, they list the other Star Trek productions under "Things You Might Like." No need to register with them for this to happen. Of course, randi.org won't know what you visited on IMDB.com.

So, even though you were logged out of Facebook, you were still visiting Facebook page(s). They were able to drop and read cookies. FB knew that your browser visited certain pages on their system. The rest is easy, no clandestine (and illegal) snooping required.

ETA: Before anybody gets all persnickety, they could just look at your IP address as well, only that's less reliable.

We have a winner!

Same thing I was thinking of, but of course suggesting the OP actually try a test for that was, apparently, some sort of insult or Internet pissing contest.

But what do I know? Computer Security is just, you know, my job (twice over, I do it for the Army Reserve as well).

 

[Cuddles]

I find interesting and genuinely funny stuff on my Facebook feed. But when I don't feel like reading it, I don't read it. I'm happy with Facebook; it does what I want. I have a vague idea what my friends are up to, I have a central location to invite people to parties from, and I get a good laugh once in a while from something posted by one of my friends.

This. I don't understand a lot of the anti-Facebook sentiment. It's a tool, nothing more. I use it to coordinate events and see and share photos, as well as an often more convenient substitute for email and instant messaging. There's no chore involved. You're not forced to read anything or type anything, you use it to do exactly as much as you want. Sure, if you're not interested in the kind of things it does then feel free not to use it. I just don't see the need for the all the ridiculous straw men and utterly silly excuses people invent for not using it.

But what do I know? Computer Security is just, you know, my job

So you're saying you're in on it?

 

[Hellbound]

So you're saying you're in on it?

I'm ALWAYS in on it (for certain definitions of it)

 

[leonAzul]

Um,

Be sure to log out of any password area when you leave it, do not leave your Yahoo mail logged in, do not leave yourself logged in to Facebook, do not leave yourself logged onto the JREF. Log off when you are done.

With open cookies it is much easier to read the information in those cookies. Especially things like the JREF vbulletin cookie.

Very good advice. Although, strictly speaking, cookies can rarely divulge truly personal information, they can reveal a good deal about one's habits on the internet by exposing the sites which issue them.

http://startpanic.com/

Another thing you can do is to sandbox each site by creating a dedicated webapp for each one. This is easy to do with Firefox and the Prism add-on.

https://addons.mozilla.org/en-US/firefox/addon/6665/

ETA
I neglected to identify the first link above.
This is a site where you can voluntarily launch a javascript that displays the publicly available information from whatever cookies you have collected in that particular browser. To harvest that information, a page would have to collect that information in a web form and you would then need to submit it. This can be done with hidden forms, which is why an add-on like "No-Script" is so useful for detecting such forms.

 

[TheDaver]

Huh?

The way it works, is that you agree to let Facebook access your email’s contact list. From there, all they get is a list of email addresses. They check to see whether people have created Facebook accounts with those email addresses – just like you did with yours – and if so, they suggest those people to you as friends.

There’s no hacking or invasion of privacy going on. Calm down.

 

[Uncayimmy]

Huh?

The way it works, is that you agree to let Facebook access your email’s contact list. From there, all they get is a list of email addresses. They check to see whether people have created Facebook accounts with those email addresses – just like you did with yours – and if so, they suggest those people to you as friends.

There’s no hacking or invasion of privacy going on. Calm down.

That's not what he's talking about. What he did was suspicious about how FB suggests friends, so he logged out of FB, visited some public FB pages of strangers, then e-mailed those names to himself. Sure enough, FB recommended those strangers to him. Obviously <cough> they were reading his e-mail. It couldn't possibly have been FB knowing via cookies what pages he visited on their site.

 

[Baylor]

If you're going to be pedant, do it right:

If you're going to be pedantic, do it right or don't do it at all.