Facebook

Facebook, Not Microsoft, Is the Main Threat to Open Source

Glyn Moody — Tue, 04 Jun 2019 13:24:19 +0000

In the future, Facebook won't be a social-media site.

Facebook is under a lot of scrutiny and pressure at the moment. It's accused of helping foreign actors to subvert elections by using ads and fake accounts to spread lies—in the US, for example—and of acting as a conduit for terrorism in New Zealand and elsewhere. There are calls to break up the company or at least to rein it in.

In an evident attempt to head off those moves, and to limit the damage that recent events have caused to Facebook's reputation, Mark Zuckerberg has been publishing some long, philosophical posts that attempt to address some of the main criticisms. In his most recent one, he calls for new regulation of the online world in four areas: harmful content, election integrity, privacy and data portability. The call for data portability mentions Facebook's support for the Data Transfer Project. That's clearly an attempt to counter accusations that Facebook is monopolistic and closed, and to burnish Facebook's reputation for supporting openness. Facebook does indeed use and support a large number of open-source programs, so to that extent, it's a fair claim.

Zuckerberg' previous post, from the beginning of March 2019, is much longer, and it outlines an important shift in how Facebook will work to what he calls "A Privacy-Focused Vision for Social Networking". Greater protection for privacy is certainly welcome. But, it would be naïve to think that Zuckerberg's post is simply about that. Once more, it is an attempt to head off a growing chorus of criticism—in this case, that Facebook undermines data protection. This is the key idea:

I believe the future of communication will increasingly shift to private, encrypted services where people can be confident what they say to each other stays secure and their messages and content won't stick around forever.

Go to Full Article

Time for Net Giants to Pay Fairly for the Open Source on Which They Depend

Glyn Moody — Mon, 05 Nov 2018 13:00:00 +0000

by Glyn Moody

Net giants depend on open source: so where's the gratitude?

Licensing lies at the heart of open source. Arguably, free software began with the publication of the GNU GPL in 1989. And since then, open-source projects are defined as such by virtue of the licenses they adopt and whether the latter meet the Open Source Definition. The continuing importance of licensing is shown by the periodic flame wars that erupt in this area. Recently, there have been two such flarings of strong feelings, both of which raise important issues.

First, we had the incident with Lerna, "a tool for managing JavaScript projects with multiple packages". It came about as a result of the way the US Immigration and Customs Enforcement (ICE) has been separating families and holding children in cage-like cells. The Lerna core team was appalled by this behavior and wished to do something concrete in response. As a result, it added an extra clause to the MIT license, which forbade a list of companies, including Microsoft, Palantir, Amazon, Motorola and Dell, from being permitted to use the code:

For the companies that are known supporters of ICE: Lerna will no longer be licensed as MIT for you. You will receive no licensing rights and any use of Lerna will be considered theft. You will not be able to pay for a license, the only way that it is going to change is by you publicly tearing up your contracts with ICE.

Many sympathized with the feelings about the actions of the ICE and the intent of the license change. However, many also pointed out that such a move went against the core principles of both free software and open source. Freedom 0 of the Free Software Definition is "The freedom to run the program as you wish, for any purpose." Similarly, the Open Source Definition requires "No Discrimination Against Persons or Groups" and "No Discrimination Against Fields of Endeavor". The situation is clear cut, and it didn't take long for the Lerna team to realize their error, and they soon reverted the change:

Go to Full Article

Weekend Reading: Privacy

Carlie Fairchild — Sat, 27 Oct 2018 12:59:01 +0000

by Carlie Fairchild

Most people simply are unaware of how much personal data they leak on a daily basis as they use their computers. Enter this weekend's reading topic: Privacy.

FOSS Project Spotlight: Tutanota, the First Encrypted Email Service with an App on F-Droid by Matthias Pfau

Seven years ago Tutanota was built, an encrypted email service with a strong focus on security, privacy and open source. Long before the Snowden revelations, Tutanota's team felt there was a need for easy-to-use encryption that would allow everyone to communicate online without being snooped upon.

The Wire by Shawn Powers

In the US, there has been recent concern over ISPs turning over logs to the government. During the past few years, the idea of people snooping on our private data (by governments and others) really has made encryption more popular than ever before. One of the problems with encryption, however, is that it's generally not user-friendly to add its protection to your conversations. Thankfully, messaging services are starting to take notice of the demand. For me, I need a messaging service that works across multiple platforms, encrypts automatically, supports group messaging and ideally can handle audio/video as well. Thankfully, I found an incredible open-source package that ticks all my boxes: Wire.

Facebook Compartmentalization by Kyle Rankin

Whenever people talk about protecting privacy on the internet, social-media sites like Facebook inevitably come up—especially right now. It makes sense—social networks (like Facebook) provide a platform where you can share your personal data with your friends, and it doesn't come as much of a surprise to people to find out they also share that data with advertisers (it's how they pay the bills after all). It makes sense that Facebook uses data you provide when you visit that site. What some people might be surprised to know, however, is just how much. Facebook tracks them when they aren't using Facebook itself but just browsing around the web.

Some readers may solve the problem of Facebook tracking by saying "just don't use Facebook"; however, for many people, that site may be the only way they can keep in touch with some of their friends and family members. Although I don't post on Facebook much myself, I do have an account and use it to keep in touch with certain friends. So in this article, I explain how I employ compartmentalization principles to use Facebook without leaking too much other information about myself.

Protection, Privacy and Playoffs by Shawn Powers

Go to Full Article

Let's Solve the Deeper Problem That Makes Facebook's Bad Acting Possible

Doc Searls — Fri, 08 Jun 2018 14:16:07 +0000

by Doc Searls

Finding that Facebook has "data sharing partnerships" with "at least sixty device makers" is as unsurprising as finding that there are a zillion ways to use wheat or corn. Facebook is in the data farming business.

Remember that the GDPR didn't happen in a vacuum. Bad acting with personal data in the adtech business (the one that aims advertising with personal data) is the norm, not the exception.

This is why the real fight here is not just for privacy. It's for human agency: the power to act with full effect in the world. The only way we get full agency is by operating as first parties at scale across all the entities we deal with online. THEY have to agree to OUR terms.

For that we need standard ways to signal what's okay and what's not okay, and to reach agreements on our terms, as first parties. It is as second parties that we click "accept" dozens of times every day, acquiring cookies with every one of those clicks, each recording certifications of acquiescence rather than of consent.

With full personal agency, the whole consent system goes the other way, at scale.

This is both long overdue and totally do-able, with work already started.

If you're interesting in doing it, let me know.

Bonus link: https://youownitdownloadit.com/, which I was briefed about this morning.

Go to Full Article

Tor Hidden Services

Kyle Rankin — Wed, 23 May 2018 12:00:00 +0000

by Kyle Rankin

Why should clients get all the privacy? Give your servers some privacy too!

When people write privacy guides, for the most part they are written from the perspective of the client. Whether you are using HTTPS, blocking tracking cookies or going so far as to browse the internet over Tor, those privacy guides focus on helping end users protect themselves from the potentially malicious and spying web. Since many people who read Linux Journal sit on the other side of that equation—they run the servers that host those privacy-defeating services—system administrators also should step up and do their part to help user privacy. Although part of that just means making sure your services support TLS, in this article, I describe how to go one step further and make it possible for your users to use your services completely anonymously via Tor hidden services.

How It Works

I'm not going to dive into the details of how Tor itself works so you can use the web anonymously—for those details, check out https://tor.eff.org. Tor hidden services work within the Tor network and allow you to register an internal, Tor-only service that gets its own .onion hostname. When visitors connect to the Tor network, Tor resolves those .onion addresses and directs you to the anonymous service sitting behind that name. Unlike with other services though, hidden services provide two-way anonymity. The server doesn't know the IP of the client, like with any service you access over Tor, but the client also doesn't know the IP of the server. This provides the ultimate in privacy since it's being protected on both sides.

Warnings and Planning

As with setting up a Tor node itself, some planning is involved if you want to set up a Tor hidden service so you don't defeat Tor's anonymity via some operational mistake. There are a lot of rules both from an operational and security standpoint, so I recommend you read this excellent guide to find the latest best practices all in one place.

Without diving into all of those steps, I do want to list a few general-purpose guidelines here. First, you'll want to make sure that whatever service you are hosting is listening only on localhost (127.0.0.1) and isn't viewable via the regular internet. Otherwise, someone may be able to correlate your hidden service with the public one. Next, go through whatever service you are running and try to scrub specific identifying information from it. That means if you are hosting a web service, modify your web server so it doesn't report its software type or version, and if you are running a dynamic site, make sure whatever web applications you use don't report their versions either.

Go to Full Article

Facebook Compartmentalization

Kyle Rankin — Thu, 12 Apr 2018 15:06:49 +0000

by Kyle Rankin

I don't always use Facebook, but when I do, it's over a compartmentalized browser over Tor.

Whenever people talk about protecting privacy on the internet, social-media sites like Facebook inevitably come up—especially right now. It makes sense—social networks (like Facebook) provide a platform where you can share your personal data with your friends, and it doesn't come as much of a surprise to people to find out they also share that data with advertisers (it's how they pay the bills after all). It makes sense that Facebook uses data you provide when you visit that site. What some people might be surprised to know, however, is just how much. Facebook tracks them when they aren't using Facebook itself but just browsing around the web.

1. Post Only Public Information

The first rule for Facebook is that, regardless of what you think your privacy settings are, you are much better off if you treat any content you provide there as being fully public. For one, all of those different privacy and permission settings can become complicated, so it's easy to make a mistake that ends up making some of your data more public than you'd like. Second, even with privacy settings in place, you don't have a strong guarantee that the data won't be shared with people willing to pay for it. If you treat it like a public posting ground and share only data you want the world to know, you won't get any surprises.

2. Give Facebook Its Own Browser

I mentioned before that Facebook also can track what you do when you browse other sites. Have you ever noticed little Facebook "Like" icons on other sites? Often websites will include those icons to help increase engagement on their sites. What it also does, however, is link the fact that you visited that site with your specific Facebook account—even if you didn't click "Like" or otherwise engage with the site. If you want to reduce how much you are tracked, I recommend selecting a separate browser that you use only for Facebook. So if you are a Firefox user, load Facebook in Chrome. If you are a Chrome user, view Facebook in Firefox. If you don't want to go to the trouble of managing two different browsers, at the very least, set up a separate Firefox profile (run firefox -P from a terminal) that you use only for Facebook.

Go to Full Article

Thinking and Working Outside the Platform

Doc Searls — Tue, 27 Mar 2018 17:50:50 +0000

by Doc Searls

On the one hand, Facebook is on fire, and soon the whole surveillance economy will start burning down too (including publishers who depend on that economy no less than Facebook does).

On the same hand, lots of Linux wizards work in that economy, which is a lot larger than Facebook alone.

Also on the same hand, lots of wizards and muggles alike are wondering out loud how we can come up with alternatives to Facebook and other "social" platforms: ones that don't depend on surveillance-based advertising.

On the other hand, we can move beyond platforms. Let me explain.

See these guys?

Those are carpenters who worked for DW Griffith, the silent film maker, back around 1908. The head carpenter is the guy on the bottom right: George W. Searls, my grandfather.

In the early years of silent film, here’s what they built:

Theaters. With stage sets.

That’s because film makers in those days thought and filmed inside the box they knew, which was theater. They'd set up a camera pointed at a stage, where actors performed just like they did in theaters.

Griffith’s biggest pioneering move was to take the camera outside the theater, into streets and homes of Fort Lee, New Jersey, across the river from New York (that's where the shots above took place)—and then out to Hollywood and a West that was still wild. Look up DW Griffith silent shorts, and somewhere among the films that come up will be the steps on which Grandpa and his carpenters sat.

Those carpenters were the hackers that helped Griffith, and the whole film industry, think and build outside the theater.

In a similar way, we need the Linux geeks and allied wizards to help the tech industry think and work outside the platform.

Go to Full Article

Facebook Live Magic Button

Shawn Powers — Sun, 25 Feb 2018 16:43:23 +0000

by Shawn Powers

Facebook Live is simple to broadcast from a mobile device. Simply click"go live", and you're broadcasting on your timeline. Unfortunately, if you want to use a desktop computer with a webcam or remote IP camera, the process is a little more complicated.

There are two main ways to start a Facebook Live stream from a computer. You can use the Publishing Tools in the video menu and then start a live stream. Or, you can use the API (which used to be the only way to accomplish the task). Unfortunately, the API is a bit daunting to use. Thankfully, Ian Anderson Gray has not only made an incredible tutorial for going live on Facebook, he's also created a wonderful button that uses the Facebook API in order to get a very simple method for starting streams. You don't need to schedule the live stream, and you don't need to worry about timing. You just click the button and walk through the process of picking which page to stream on. Facebook gives you a streaming key, and you immediately can start live streaming to the page.

If it was a simple code snippet, I might feel okay with just giving you the code, but Ian obviously put a lot of effort into creating his magic button, so if you want to try it, head over to his site Not only can you click on his magic button, but he also provides a great tutorial on using OBS in order to live stream from a computer. Thanks Ian!

Go to Full Article

Non-Linux FOSS: Facebook on OS X, sans Browser!

Shawn Powers — Thu, 04 May 2017 14:06:30 +0000

by Shawn Powers

I recently wrote about using Facebook Messenger as an SMS client, and because I'll likely get lots of email about how horrible Facebook messenger is, I might as well go all in and share this open-source program: Messenger for Mac.

Over at the Messenger for Mac site, you'll find an OS X-native application that is a wrapper around Facebook Messenger. What makes it great is that it doesn't feel like a wrapper at all; it feels like an actual app. If you're using OS X and prefer applications rather than just web browser tabs, be sure to check it out.

I'll be honest; I don't do a ton of communication via Facebook Messenger. It's a great way to send a silly GIF sticker to my wife, however, and for that reason alone, I appreciate the protocol! You can download Messenger for Mac from the website above or from the GitHub page.

Go to Full Article

Leaving the Land of the Giants

Doc Searls — Tue, 05 Feb 2013 18:44:57 +0000

by Doc Searls

The next revolution will be personal. Just like the last three were.

The cover of the December 1st–7th 2012 issue of The Economist shows four giant squid battling each other (http://www.economist.com/printedition/2012-12-01). The headline reads, "Survival of the biggest: The internet's warring giants". The squid are Amazon, Apple, Facebook and Google. Inside, the story is filed under "Briefing: Technology giants at war". The headline below the title graphic reads, "Another game of thrones" (http://www.economist.com/news/21567361-google-apple-facebook-and-amazon-are-each-others-throats-all-sorts-ways-another-game). The opening slug line reads "Google, Apple, Facebook and Amazon are at each other's throats in all sorts of ways." (Raising the metaphor count to three.)

Now here's the question: Is that all that's going on? Is it not possible that, in five, ten or twenty years we'll realize that the action that mattered in the early twenty-teens was happening in the rest of the ocean, and not just among the mollusks with the biggest tentacles?

War stories are always interesting, and very easy to tell because the format is formulaic. Remember Linux vs. Microsoft, personalized as Linus vs. Bill? Never mind that Linux as a server OS worked from the start with countless millions (or even billions) of Windows clients. Or that both Linus and Bill had other fish to fry from the start. But personalization is cheap and easy, and there was enough antipathy on both sides to stoke the story-telling fires, so that's what we got. Thus, today we might regard Linux as a winner and Microsoft as a loser (or at least trending in that direction). The facts behind (or ignored by) the stories mostly say that both entities have succeeded or failed largely on their own merits.

Here's a story that illustrates how stories can both lead and mislead.

The time frame was the late 1980s and early 1990s, and the "war" was between CISC (Complex Instruction Set Computing, http://en.wikipedia.org/wiki/Complex_instruction_set_computing) and RISC (Reduced Instruction Set Computing, http://en.wikipedia.org/wiki/Reduced_instruction_set_computing). The popular CPUs at the time were CISC, and the big two CISC competitors were Intel's x86 and Motorola's 68000. Intel was winning that one, so Motorola and other chip makers pushed RISC as the Next Big Thing. Motorola had an early RISC lead with the 88000 (before later pivoting to the PowerPC).

Go to Full Article