Facebook privacy scanner (ReclaimPrivacy)

Summary: there’s a simple tool that will tell you which Facebook sharing options are “too open” in your account. I’d like you to help me by trying it out and telling me what you think (if you had problems using it, if you would like extra/other information to be shown, if you found any bugs, etc.). Skip to “how to use it” below if you’re not interested in the details for developers. Thanks!

Some time ago I discovered a neat Javascript tool called ReclaimPrivacy. It was a very simple program that scanned your Facebook privacy settings and told you if you had “too open” settings so you could review and fix them. I really liked the tool and thought it was a great idea, but after Facebook changed the layout of the privacy settings, the tool stopped working.

Weeks passed and the tool didn’t get any update, so I decided to step in and try to help the original programmer adapt the tool so it worked again. The ReclaimPrivacy code is in GitHub so it was pretty easy to make my own fork and start hacking away. It didn’t take me long to adapt the first things to the new privacy settings layout, and after some more time I was much more comfortable with the code, had made more things work, added tests and even added new features. Now that it’s starting to get close to something we could release as the new official ReclaimPrivacy version, I’d like your feedback.

How to use it: add a new bookmark for this link. You usually just have to drag and drop it to your browser toolbar, or alternatively add a new bookmark (typically you can do that by pressing Ctrl-D) and make sure the address is the above link. Go to the ReclaimPrivacy help page if you have trouble (but use my link, not the one provided there!). Once you have the bookmark, go to Facebook and click on the bookmark. It will show you some information about your Facebook privacy settings on top of the page. Just leave a comment here or drop me an e-mail with your opinion, thanks! You can skip the rest of the post if you are not interested in Javascript programming and/or software automated testing ;-)

During my hacking I made a lot of different changes: I split the source file into several different files, I made the code (more) testable, I added tests, and I added more features. I’m really into testing and testability, so one of the first things I did with the code was trying to decouple it from the network calls so I could write tests for it. As you may know, I think that code that doesn’t have tests is very hard to work with, and I even consider it’s not “true code”. Now, I’m no Javascript expert, so some of my techniques might not be very… idiomatic. That said, some of the code change highlights you may be interested in:

• The getInformationDropdownSettings method, renamed to getSettingInformation, is now shorter, more readable, more testable and has more features. The changes are: (1) making it receive an object with the relevant part of the DOM, instead of a window object; (2) supporting, in principle, any kind of setting, not only dropdowns; (3) allowing each setting to have its own idea of what “too open” means (see the settings array); (4) allowing the caller of the method to specify its own list of recognised settings and acceptable privacy levels; (5) passing the number of open and total sections to the handler, instead of just a boolean stating whether or not there’s any “too open” setting.

• I made the old getUrlForV2Section more testable by extracting the most interesting (read: likely to break or need maintenance) code to its own method, _extractUrlsFromPrivacySettingsPage, and making the new getUrlForV2Section work with both real URLs (checking Facebook with an Ajax call) and fake HTML dumps representing what those URLs would return.

• I made the old withFramedPageOnFacebook, a very important method used in several places, more flexible by accepting not just URLs, but also functions or data structures (new withFramedPageOnFacebook).

• Now we have some basic tests (with fixtures even), without which doing some of these changes would have been such a pain, I wouldn’t have bothered making them in the first place.

http://github.com/emanchado/reclaimprivacy/blob/master/javascripts/utils.js#LID42

• facebook
• javascript
• privacy
• refactoring
• testability
• testing

Facebook and privacy

Over the past few weeks I’ve become increasingly concerned about Facebook. I even considered deleting my account (idea I haven’t really discarded), but the amount of people I’m going to lose contact with is making me hesitate.

So, why the concern? I’m glad you asked. You can get a rough idea by reading these articles:

• Facebook’s Eroding Privacy Policy: A Timeline

• Facebook Further Reduces Your Control Over Personal Information

• Six Things You Need to Know About Facebook Connections

• Who Knows Who Your Facebook Friends Are?

• The Evolution of Privacy on Facebook (infographic)

After reading all that, for me it’s pretty clear that Facebook doesn’t give a flying fuck about your privacy. Actually, even Zuckerberg presumably said so. That is for me the big issue: the exact problems we might have now, the current workarounds, the fact that you now have this or that option to counter some of the automatic changes by Facebook… is all irrelevant. To elaborate a bit:

1. Facebook started as a much more “private” space in which you only shared information with your friends. This has radically changed, and I somehow find it disrespectful toward their users. We’re not talking about evolution here, but of pretty big “philosophical” changes. This is not what I signed up for.

2. It has happened several times that Facebook has changed your privacy settings on updates. Some of those changes can’t even be countered, or it’s fairly hard to do so. That pisses me off.

3. The “Facebook messing with your privacy settings” will no doubt happen again. So now, instead of using/enjoying the service, I have to fight against it.

So the current situation is that I know that Facebook can, at any moment, change something I don’t want it to, and I’ll have to read a bunch of articles to understand the threat and counter it. I don’t want to review my privacy settings from time to time “just in case”. I don’t want to wonder if my data is available to more people I’d like it to. I don’t see the point in using a service that is designed to do the opposite of what I want. And that makes me wonder why do I bother at all. Or if I want to support a company or service that behaves like that.

• eff
• facebook
• privacy
• rants

GPG confusion

Today I was playing with GnuPG, trying to add a couple of public keys to an “external” keyring (some random file, not my own keyring). Why? you ask. Well, I was preparing some Debian package containing GPG keys for APT repository signing (like debian-archive-keyring and such).

The point is, I was really confused for quite a bit because, after reading the gpg manpage, I was trying things like:

gpg –no-default-keyring –keyring keys.gpg –import … # Wrong!

But that wouldn’t add anything to the keys.gpg, which I swear I had in the current directory. After a lot of wondering, I realised that gpg interprets paths for keyrings as relative to… ~/.gnupg, not the current directory. I guess it’s because of security reasons, but I find it really confusing.

The lesson learned, always use --keyring ./keys.gpg or, better, never use keys.gpg as filename for external keyrings, but something more explicit and “non-standard” like my-archive-keyring.gpg or whatever.

• gnu
• gnupg
• gpg
• privacy
• rants
• tips