In which case, the question becomes "are we more interested in stopping the worms, or in keeping the network?" - I've edited the main post to that effect :)
I agree with the least privilege thing - a smarter and finer grained system might help. I don't know how much it'd help, since many users aren't likely to be able to distinguish between the different levels of permission they give to different apps, but I think it'd at least help a bit.
Yes, the app author isn't anonymous. What I was complaining about above was that the app author wasn't immediately obvious to me at the moment I was clicking "Yes, give permissions to this app". On my android phone whenever I install an app, I get a screen which says "the app called X, written by Y wants permission to do Z". If Y is google, then I'm fairly confident it's not malware.
And yeah, I noticed that I wasn't able to send a single message to everyone that the worm notified. The limit on the number of people that can be notified at once seems to be higher than the number of people that can be messaged at once.
The apps may not be anonymous, but FB seem to do little about apps that are known to be hacked (e.g. Farmville was "outed" as as doing some rather dodgy things recently and yet FB didn't seem to respond in any obvious way - certainly Farmville is still available)
One fun option might be for facebook to prominently show reviews by people on your friendslist when an app's asking for permissions. That way anyone who was thinking of giving perms to "Like" would have my "It's a worm" review staring them in the face.
And of course, that's not even a "security measure" - it's a handy feature that you might want anyway.
I think part of the problem is facebook's obsession with UI "upgrades" (i.e. redesigning and making everybody relearn the whole blooming website). You installed "like" because you thought FB was being numptyish again, and it turned out it wasn't, but someone had used social engineering to make you think it was.
I refuse to use *any* application, because I can't tell whether they're part of FB or not. I use it as a minimal tool for certain things. It has its place but mostly it's a pain.
I had always thought of myself as someone who doesn't use facebook apps. That's one of the things that impresses me about this bit of social engineering - it was just convincing enough, for just long enough, to make me think that it was part of facebook, and not really an app.
First, I am Jann. I joined this evening because I have nothing better to do than add another 'community' to my day! But after reading through posts, I think I am really going to enjoy it
( ... )
Comments 12
(The comment has been removed)
Reply
Reply
Yes, the app author isn't anonymous. What I was complaining about above was that the app author wasn't immediately obvious to me at the moment I was clicking "Yes, give permissions to this app". On my android phone whenever I install an app, I get a screen which says "the app called X, written by Y wants permission to do Z". If Y is google, then I'm fairly confident it's not malware.
And yeah, I noticed that I wasn't able to send a single message to everyone that the worm notified. The limit on the number of people that can be notified at once seems to be higher than the number of people that can be messaged at once.
Reply
Reply
And of course, that's not even a "security measure" - it's a handy feature that you might want anyway.
Reply
I refuse to use *any* application, because I can't tell whether they're part of FB or not. I use it as a minimal tool for certain things. It has its place but mostly it's a pain.
Reply
Reply
Reply
Reply
Not happy but will still keep on visiting FB
Reply
Leave a comment