Eduardo Jezierski, the brilliant Director of Engineering from INSTEDD and I recently exchanged some emails about the usefulness and advisability of Facebook as a platform for humanitarian aid.
First some context. The conversation arose after I emailed him details of the BBC’s recent expose of Facebok’s flaws with its applications platform / framework, which is exactly a year old to date.
INSTEDD’s official launch earlier this year had details of a Facebook application for humanitarian aid workers I had some concerns on and noted that:
Though the Directory application has a clear disclaimer that information on it will not be shared beyond that which is made possible by Facebook, it’s still the problem for me. Facebook is not a platform I trust with mission critical and highly confidential data and though I have begun a citizen journalism forum to complement Groundviews on it, I’m still to be convinced that it is a platform that demonstrates the potential for mission critical applications without compromising information security.
Eduardo then replied that it was the concept, not Facebook per se, that they were interested in. Fair enough. So here’s the text of our emails, published with Eduardo’s permission.
From: Sanjana Hattotuwa
Sent: Monday, May 19, 2008 9:31
As the BBC’s technology programme Click recently uncovered, Facebook is outrageously open to applications harvesting information that you have classified private. What is more disturbing is that an application installed on a friend’s account can remotely harvest your private data without you even having to install the same application.
See http://www.bbcworld.com/Pages/ProgrammeFeature.aspx?id=18&FeatureID=726
and read Click’s advice on how to minimise the risk of exposing your private information here – http://www.bbcworld.com/Pages/ProgrammeFeature.aspx?id=18&FeatureID=725
Please pass this to all your Facebook friends.
On May 19, 2008 Eduardo Jezierski wrote:
Thanks Sanjana. One of the issues is that the security works both ways –the same way an application is deployed in another server meaning facebook cant get any insight into it is a strength , imo. For example IF someone was crazy enough to do a ‘friends nearby’ app like we did, you would know its up to the app provider (and not facebook!) to secure that info (which given FB’s risks, is a pro if you know the app provider)
Thoughts?
From: Sanjana Hattotuwa
Sent: Monday, May 19, 2008
Hi Eduardo,
Not sure I follow you.
The BBC team has clearly demonstrated that an app, once accepted, can harvest information marked private. It has also demonstrated that this same app can harvest this information from one’s friends. The exercise also brought out clearly the fact that Facebook does not and cannot guarantee that all apps that run on the platform abide by its app design / development and privacy guidelines. Their response to the BBC to me seems very complacent of a very real risk brought about by (a) technical deficiencies, for which Facebook is 100% responsible (b) the psychology of social network which leans towards maximum disclosure in an essentially insecure environment, which of course is more linked to user education.
The point is that FB as a platform is essentially insecure – see http://www.theregister.co.uk/2008/03/25/facebook_exposes_private_pics/
To submit then that an essentially insecure platform, where privacy is a big question mark, is to be used as a platform for humanitarian action, where both of these are a sine qua non, is a stretch. What do you think?
From: Eduardo Jezierski
Sent: Monday, May 23, 2008
“The BBC team has clearly demonstrated that an app, once accepted, can harvest information marked private. It has also demonstrated that this same app can harvest this information from one’s friends. The exercise also brought out clearly the fact that Facebook does not and cannot guarantee that all apps that run on the platform abide by its app design / development and privacy guidelines.”
Agreed – the information they get access to is Facebook’s details information (eg your physical address, if you put it there!) NOT THE INFORMATION MANAGED BY OTHER APPS! Because that lives in another server.
“Their response to the BBC to me seems very complacent of a very real risk brought about by (a) technical deficiencies, for which Facebook is 100% responsible (b) the psychology of social network which leans towards maximum disclosure in an essentially insecure environment, which of course is more linked to user education.”
The issue is that FB doesn’t help with the education. They should have more education of users and more ‘consequential’ feeling in the UI to allowing an app access to my details! Does ‘super poke’ require access to personal details to throw you a flying sheep? No!
The point is that FB as a platform is essentially insecure – see http://www.theregister.co.uk/2008/03/25/facebook_exposes_private_pics/
Ughhh!That’s a terrible noobie security bug. They have parts which are quite smart but got bit by this – unbelievable. Security is tougher than most people think and most app devs don’t even know threat modeling or think of threats, assets, countermeasures, attack paths, or security patterns.
“To submit then that an essentially insecure platform, where privacy is a big question mark, is to be used as a platform for humanitarian action, where both of these are a sine qua non, is a stretch. What do you think?”
I think you can build apps – secure as hell, with threat models pouring out the creators’ ears – that use FB information e.g. to figure out contact networks.- and that are not built on the FB platform. This is why social network portability is so critical to Social graphs being of any use in humanitarian world. Today not one web host can be the platform of any reasonable solution – I see twitter fireeagle facebook younameit as building blocks (and very immature ones for humanitarian action still!) I would never store anything that is sensitive and isn’t already public in FB. I would not use FB as a platform to build a humanitarian app on. I would it as an information source to such applications, a plug-in, again with all the user education AND technical testing required to make sure you can’t expose information, elevate privileges etc because of that plugin.
Anecdotally that was one of the architectural experiments of our FNB app – can we keep data separate and secure and just query FB for contact graphs. Having the FB app expose the UI was just a shortcut. We could have done it off our own servers, violating FB’s TOS by the way…
To summarize we agree on not using FB as a platform, on top of that I think FB has information to be mined that could be useful for humanitarian action.
It didn’t occur to me when I wrote it, but Eduardo makes an important point. The BBC did not prove that applications can steal data from other applications, just the general FB profile of the person who installed it and her / his friends. So each application on the FB platform is, until such time it is proven otherwise, secure.
I wholly agree with the other points that Eduardo makes about the design and engineering considerations of the Facebook platform.
In attempting to bring humanitarians together towards that Holy Grail of a coordinated and collaborative first response, I wonder whether we need to look at social networking platforms as they exist today and create a similar yet secure architecture anew or suggest that they, in the form they are, can be leveraged for such a purpose. Or perhaps neither. Perhaps the way forward is to not get us all into a single platform, but with technologies such as Mesh4x developed by INSTEDD itself allow us to use a range of platforms as we see fit and yet exchange vital information in a timely, seamless, sustainable, device and platform independent manner.
Incidentally, as noted at the beginning, it’s exactly a year since Facebook introduced its application platform to the world. Jason Kincaid at Techcrunch has a very interesting article that looks at the launch hype and the reality a year hence.
