Facebook might just make it that little bit easier for hackers to get into your account

If you use Facebook and you do not at the very least have a love-hate relationship with it, then you probably just aren’t thinking about what you do there. I find myself often thinking that it’s time to just close my Facebook account, but on the other hand, having moved to Australia, I have found that a fair number of Facebook groups have become the de facto forums of the Social media era. As such, even though I try to limit my time on my main page, and post very little, Facebook’s groups still have some value to me.

But before I get to the actual topic of this post, perhaps just some comments on Facebook in general. First, remember that there is no such thing as a free lunch. Facebook offers us this awesome tool for connecting with other people from all around the world, even, to quote Philo Farnsworth, people we would ordinarily never invite into our homes (yes, in the Facebook era, we may even have to redefine the word “friend”). And Facebook gives us all this for free. That’s right—spend as much time as you want, upload as many photos and videos as you like, all at no cost. No subscription fees, no data fees, nothing. Except… that’s not true. We pay, and oh, do we pay! We pay for the use of the site with our time, with our data, with our photos. We willing submit ourselves to manipulation and marketing, from which they make millions, in exchange for the service they give us. Of course, since it’s a trade, one may argue that the price we pay is fair for the service we get. I will not get drawn into a debate about that now, since that is not what I want to discuss. Let’s just assume that most of us are perhaps paying a bit too much and getting far too little.

Nonetheless, if you do find yourself getting sucked in to Facebook, here’s some help.

  1. Install Social Fixer, and spend a few (really only a few) minutes figuring out how to use it. And if you like the service, make a donation. This one thing along will start killing the Facebook time-suck, and will transform your use of the site. I would argue that no-one should be using Facebook without this tool, but that may be akin to saying that I think Facebook’s default interface is dysfunctional, or that I think no one should ever be using the Facebook app on their phones (for which statements I make no excuses).
  2. I use the RescueTime service to monitor my productivity on my pc. Using this, I can monitor how much time I am spending on distracting things like Facebook, and my target is less than 15 min per day.

But now, on to the reason for this post. Facebook, as anyone who reads any real (not fake) news (i.e., who does not read news brought to them by Facebook), will know, Facebook has a really spotty history on protecting your privacy. Not only are they harvesting your personal information and mining it for their own profit, but they have been repeatedly accused of creating such confusing and user-unfriendly privacy settings (we shall see an example of this shortly), that many people are totally unaware of how much of their data is on display for the whole world to see.

Privacy? What’s that?

Take a look at this privacy setting, as an example. It is so obtuse to get to, that just trying to find it proves how confusing Facebook has made things. Did you know that, if your privacy settings are not set right, then people whose friend requests you ignore (no indication is given of what length of time is defined by Facebook as “ignore”) or even delete will automatically be rerouted to start following you? That means if you allow followers, and delete someone’s friend request, they automatically become a follower (when did that become a good idea?). This Facebook help page explains the process.

Having your Facebook account hacked, 101

However, what I noticed recently, and what prompted this post, was that Facebook, in an attempt to make life easy for their users, has inadvertently opened up what is, to my mind, a huge security hole. So I want to describe it, and make some suggestions as to what you can do about it.

What I noticed is that I normally access Facebook from my personal pc, where I have the “remember me” login setting turned on—this stores a cookie on the pc, allowing me to be logged in automatically when I navigate to their page. However, last week I tried to log on from a different computer, and seeing as I had entered my password so long ago (because of the “remember me” setting), I momentarily forgot it and typed in the wrong password. Lo and behold, I received an e-mail in all three of my e-mail accounts allowing me to log in by simply clicking on the link in the e-mail. Without the password. I couldn’t believe it when I saw it, but I thought that I had to test it out, and it really did just log me into my Facebook account, no password required (see my comment about two-factor authentication below).

So how is that a danger? Well, imagine a hacker gets your e-mail password. Presumably, they won’t have the password without the e-mail address, so that means that they can log into your e-mail account. Now they go to www.facebook.com and try to log in with your e-mail address, and any password. Facebook helpfully sends this e-mail out, and the hacker, who has access to your e-mails, clicks the link, and is logged into Facebook. All they do then is permanently delete the aforementioned Facebook e-mail from your mailbox, and you will be none the wiser. This whole transaction can take only a matter of seconds, and if you were not also logged into your e-mail account and watching your inbox at precisely the same time, you would not even know it. But now your Facebook account has also been hacked, and, for example, they could go to the settings page and download all your Facebook data. Nice? Definitely not! Or they could change your Facebook password, and lock you out of your own account. And spam all of your Fakebook friends (sorry for the typo!).

I must add that this kind of hack is not new. Most websites have an “I forgot my password” feature that allows you to type in your e-mail address, get an e-mail with a special link, and then reset the password without knowing the existing password. Hackers have been able to exploit this in exactly the same way as I have described above. But at least that added a layer of complexity to the process, and that complexity makes it easier for you to discover that your accounts have been hacked. Facebook has just dispensed with that, and made it ultra-convenient for this hack. Sure, they could argue that your e-mail account being hacked is not their responsibility, but I don’t think leaving a back door for anyone to get into their service on the basis of a compromise elsewhere is justified. Imagine you had accounts with two different banks, and bank B had a function that allowed all your money to be withdrawn provided someone had your card and pin for bank A! “Ludicrous!” you would say, and I would agree. Which is precisely my point.

The second security setting to set on both your Facebook and e-mail accounts is to activate two-factor authentication, and not to use your e-mail address as your second authentication source (why this is a bad idea should be quite evident by now), but rather to use your cell phone number to receive an authentication code via SMS. Of course, this means surrendering yet another piece of your data to Facebook, but hey, relax, they are spying on—oops, not spying, monitoring you—so much, they probably have that data anyway. For example, Facebook is tracking your web browsing history).


In short, then, be savvy when you use Facebook. Accept that you are paying for the service you are using with your privacy, and decide whether that is an acceptable trade for you. If not, quit the site, delete your account, or at least start restricting your use of the site. There really is no other way. And make sure you have checked your privacy settings, and that you have a good password and two-factor authentication set up.


Spurious correlations and Big Data

I have been a Time magazine subscriber for decades. And while I generally enjoy being informed, I also read Time knowing that they have a definitive ideological slant, which is very evident in their over-reporting of certain topics. So I read Time carefully, knowing that I do not agree with all their viewpoints, and also that I should not believe everything I read. Time is also not generally known for graphical excellence—in fact, you will easily find Time being used as fodder for examples of how not to do charts. And I also find it amusing to look at their charts and infographics, although I must add that there are definitely times that Time does get it right (and in all fairness to them, it is unfortunately so that when they do get it right, we don’t find people singing their accolades).

I am, as I have indicated in an earlier post, doing a lot of work with Google Trends data. One of the biggest challenges with this data is the problem of dimensionality or overfitting, which, simply put, means that when we have data on masses of predictor variables, we are bound to find some which, by chance, correlate well with our variables of interest—in other words, the more dimensions we add, the more likely we are to run afoul of spurious correlations.

I have just again browsed through some of Tyler Vigen’s hilarious spurious correlations, like the 0.99 correlation between the number of lawyers and suicides or the .093 correlation between per capita cheese consumption and people who died by becoming tangled in their bedsheets. (Which in itself raises some interesting questions, like “How do between 400 and 900 people in the US get it right to get so tangled up in their bedsheets each year?” Perhaps the statistic includes infant deaths, which would be very tragic).

In fact, it seems you can “prove” anything with research these days, including, for example, that intelligent people are messy, cursing insomniacs (also here), who like trashy movies, and appear to be lazy (but note, again, how popular media slants research findings to support what they want it to say, not necessarily what it does say).

I also unearthed an old issue of Time (1 August 2016) to see this: Political foods.

   Time 2016-08-01 Vol188 no5 p17a  Time 2016-08-01 Vol188 no5 p17b  Time 2016-08-01 Vol188 no5 p17c

You can also read more on this page and this page.

This has to be one of the most spurious of all spurious correlations, and is a good example of overfitting. They have a big data set (Grubhub’s data). They choose 175 dishes. Then for each dish, they calculate the correlation between the number of orders and the two percentages of Democratic and Republication votes. That’s two correlations for each dish, for a total of 350 correlations. Presumably, each district is a data point: This page notes that they ran “correlations between the share of orders for 175 dishes and the average share of votes going to Democrats or Republicans in each district.” And then they just chose those dishes that showed the highest correlations.

Here, it is much more likely to say that certain foods enjoy more support in certain geographic areas (or are more freely available in certain areas, as Time does acknowledge), just as the Republican and Democratic parties also enjoy more support in certain geographic areas, but it is one of the most trite deductions imaginable to claim that one is more likely to eat certain foods because of one’s political affiliation (or, heaven forbid, that the food you eat determines how you vote—Time suggests, hopefully in jest, that “Of course, we all know that eating a hamburger makes you more likely to vote Republican”). the correlation should at least make sense. For example, certain religions have certain dietary prescriptions, and so an association between religious affiliation and dietary preference makes intuitive sense, but political affiliation being directly associated with dietary preference just makes no sense. Indirectly, maybe (e.g., if certain religious or cultural groupings tend to hold a certain political affiliation), but not directly.

Remember that correlation is only a measurement that shows the degree of association between two variables (not even agreement, as Bland and Altman pointed out). So remember that correlation does not prove anything. That also does not mean that nothing is proved by correlation. The main point is that correlation should be correctly understood. It only shows the association of two variables. But there must at least be some understandable link between the variables, and, more importantly, all spurious variables must be excluded.


Getting proper access to all the files on your PC

Microsoft thinks you’re an idiot. No wait. I could get into trouble for saying that. Microsoft doesn’t think you’re an idiot, they just treat you like one. Oh wait. That might get me into trouble too.

Ok. What should I say? Most Microsoft products seem to have this dual contrasting dynamic–often brilliant products dumbed-down to the lowest common denominator. A simple example is how Windows Explorer by default does not show you fie extensions. The simple fact of the matter is that file extensions are meaningful, and that not showing them is problematic and does nothing to help people learn about why they are important. Another classic example, of course, is the files that are stored on your PC that store all the program data, etc., that are needed for the PC to run and for programs to run on it. Microsoft seems to believe that most people don’t understand how these files work, and don’t seem to trust most people with these files, and so they purposefully hide them from the general public. Now that’s fine if you really are an idiot, but if you have a modicum of brain cells (and I will get into trouble if I say that you obviously do, if you’re reading this post!), and you need to copy system files (e.g., to add BibWord styles to your Word armoury), or change file extensions, for example, then that gets in the way. Windows Explorer, which is meant to give you access to your files, hides that kind of capability away.

Here’s some options for getting to that important information, despite Microsoft’s attempts to protect you from yourself.

First prize would be to ditch Windows Explorer completely, and to get a proper file manager, like Total Commander. I must add that I do not get paid for promoting Total Commander, but this must be one of my all-time favourite programs. I have owned a license for this program for close on two decades now, and it has never disappointed me.

And let me also add that in Total Commander, you also have to set a program option to get it to show you system files–here it’s considered a setting for experts only! Well, consider yourself about to become an expert…

But what if you need to change these kinds of settings, and you don’t have Total Commander on the PC in question?

Well, the simple answer is change your Windows Explorer options. Here’s how.

Step 1, of course, is open Windows Explorer (right click on the Start button and choose Explore, or press the Windows key and E on the keyboard). Notice that in newer version of Windows, the menu is hidden (this can also be activated in the options–second setting in the options window we will see below):

 Press Alt to reveal the menu, and then select Tools, Folder options… (Alt, T, O):

Now select the View tab, and choose the Show hidden files, folders, and drives option:

That will give you access to all those system files Microsoft was trying so desperately to hide.

Now, for the file extensions, deselect the Hide extensions for known file types option:

Click on OK, and you’re good to go!

This is what a folder looks like without the file extensions shown:

And this is what it looks like when they are shown:

And this is what my C:\ drive looks like when the system files are hidden:

And this is what it looks like when they are displayed. Note that the system folders are fainter than the ‘normal’ folders:

One last trick. If you don’t have Total Commander with its dual file browsing windows, you can get a poor (i.e., better than none) simulation by manipulating your Windows Explorer display. Firstly, open two Windows Explorer windows, and then size one to the left half of your screen, and one to the right half of your screen. With Windows 7, this is easily done by pressing the Windows key and the Left and Right arrows respectively. The end result looks like this:

Now you can easily drag and drop from one window to the other.

Good. Now, go copy those files!