Are the Feds spying on your Facebook account?

The Tunisian government is hacking its own citizens' Facebook pages. Will our government do the same?

Worried that Facebook is selling you out to advertisers and marketers? Consider yourself lucky. You could live in Tunisia, where the government is waging war on its citizens and trying to squelch dissent by stealing their passwords and hacking their blogs, email, and Facebook accounts.

Per Danny O’Brien of the Committee to Protect Journalists:

Based on reports of users in the country, Tunisian authorities appear to be modifying web pages on the fly to steal usernames and passwords for sites such as Facebook, Google and Yahoo. Unknown parties have subsequently logged onto these sites using these stolen credentials, and used them to delete Facebook groups, pages, and accounts, including Facebook pages administrated by Sofiene Chourabi, a reporter with Al-Tariq al-Jadid, and the account of local online video journalist Haythem El Mekki.

Evidently, Tunisians who use the state-run Tunisia Internet Agency to access Facebook, Yahoo, or Gmail are getting log-on pages with an extra ten lines of Javascript in them. The code capture their names and passwords, similar to how phishing scams work over here. It then redirects them to their normal accounts.

[ See also: 10 stupid social media predictions for 2011 ]

(The TechHerald has more details on the technical aspects of this, including links to the offending Javascript for you code geeks out there.)

Can anyone prove the government is doing this? No. But the Tunisian government hasn’t exactly been subtle about censoring its citizens, and it’s the only explanation that makes sense.

Can the same thing happen here? Not exactly. Which isn’t to say the NSA (or some other three-letter house of spies) isn’t snooping on your Facebook, Twitter, Gmail, etc.  They’re just doing it at a macro level, behind secure doors at major ISPs, combing the data stream for God knows what to protect us from terrorists. (Insert your own definition of “terrorist” here.)

The difference is whether the spooks want you to know they’re spying on you. In Tunisia (as in China, Iran, North Korea, et al) the spies don’t bother to cover their tracks very well; the more paranoid and fearful people are, they less likely they are to make trouble. With the NSA, I think, they’d rather catch the bad guys unaware. Just my humble semi-uninformed opinion.

(Note: I just re-watched Three Days of the Condor last night, so I might be especially attuned to Spies Behaving Badly.)

In a somewhat related note, this week the White House has announced plans for a national cyber identity to be administered by the Department of Commerce. The idea is that you’d have some way of verifying that you are who you say you are when conducting business online, thus thwarting scammers, phishers, or Tunisian government agents.

I’m not one of those whackos who believe the current administration is out to eviscerate the Constitution and turn us all into an army of socialist zombies.  (I only wear my tin foil hat on special occasions.) And like other privacy advocates I applaud the decision to use the Dept of Commerce for this job instead of, say, Homeland Security. But I wonder what this will do to the concept of Internet anonymity.

I’m not a fan of anonymity when it’s used by cowards to, say, leave nasty comments on blogs. (You know who you are.) But anonymity is often an essential element in political dissent, especially for those living under repressive regimes.

I worry that once “trusted identities” are available, they will move from voluntary use to a de-facto requirement – kind of like credit cards are today. Try to operate in our society without one and see how far you get. The ability to remain anonymous is something we need to protect.

ITworld TY4NS blogger Dan Tynan is sure he’s being followed, especially on Twitter. Enjoy his less serious side at eSarcasm (Geek Humor Gone Wild) or follow him on Twitter:@tynan_on_tech. (See?)

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon