Saturday, December 19, 2015

Facebook Hijacks Your Camera Roll

I generally don't comment much on privacy these days.  Why?  I'm equipped to fight security but privacy, sigh, that's an entirely different battle.  However, I'm making an exception since Facebook's new feature is a hot mess from a personal privacy perspective.  The new mobile application feature presents your private camera roll photos to you for, I presume, easy publishing.  There are a number of points that concern me.

1) Unauthorized processing of mobile camera roll.  Let me explain, I did provide Facebook authorization to my camera roll but that was so I could select and upload the individual photos I choose for publishing.  Processing the entire camera roll and offering up private photos without end-user consent is begging for an accident.  The application could have a bug or the end-user could click the wrong button.  People take a lot of photos and there's no good reason to assume they want recent photos published.

2) Mixing private photos with public photos.  Facebook provides a lock icon and notes only I can see my private photos.  This is terrible design!  Your private photos are a heartbeat from accidental publishing.  It's already easy to publish photos from your camera role using Facebook's mobile application.  Whatever the reason for the new feature, it provides Facebook an opportunity to data mine private offline camera rolls.  We need Apple to create better sandboxes for personal data and how applications can use personal data.  We also need all operating systems vendors to provide better controls to increase transparency into applications running on their operating systems and platforms.  The all or none approach to our personal data (e.g., camera roll, contacts, etc) is no longer good enough.  We need to design our application environments from the perspective that every application is hostile.

3) Increased potential for data leakage and exfiltration.  We have no idea how Facebook's mobile application works.  It's possible it could be holding images, reprocessed thumbnails, or similar in private caches.  Any vulnerabilities in the application (and every application has them) could lead to data leakage and exfiltration.  Without access to the closed source and testing we don't know if a vulnerability exists.  All we know for sure is that the risk of data leakage and exfiltration is greater with more data within the applications tendrils.

4) Abused trust of Facebook's end-user community.  Software vendors wield tremendous power.  In running their applications on our systems we place our sensitive personal information under their care.  Most assume mobile application vendors handle personal information with care and more or less in accordance with end-user expectations.  There is no basis of fact for this belief.  End-users have been lead to believe they must give up personal information for continued use of free software.  Perhaps end-users need to give up something but there should be much more transparency around how our information is used.  Free software is no justification for betraying public trust.

I don't keep much in the way of private information on my mobile but it's a matter of principle.  Facebook continually surprises me, and I'm betting others, around how it uses personal information.  I'm seriously considering deleting all my Facebook mobile applications until the privacy climate improves.  I will continue to use Facebook but, only through the web browser, and only where I can tightly control the diet of personal information I feed to the beast.

Share It!