Friday, April 15, 2016

DANGER - Facebook Messenger

Imagine your email software has this feature:

As you are reading an email you are corresponding with person A, there is a button. By clicking it and selecting another person B, all the emails you have with person A in the past are immediately forwarded to person B, without warning.
The email forwarding is executed virtually. Instead of physically forwarding each mail one by one to person B's mail server, basically your mail software gives access to Person B, at his own leisure, to browse EVERY of your email with person A. If you had done this by mistake, there is no process to cancel because the "forwarding" process is complete the moment person B is selected. There is no Undo option. You can scream and run round the room, but person B will continue, at any time in the future, to be able to read EVERY single email you had with person A.

If you are a careful person that would never do such a silly thing, person A could click the Add button and the outcome will be exactly the same.

The above is essentially what Facebook chat is about.

The moment a conversation participant Adds someone (can be anyone that pops up in the auto-complete list when you type some characters) to a conversation, that person has read access to every single message in the existing conversation back to the very first message, which could have been written many years ago. There is no cancelation option. The beautiful thing is the the person newly added can take his time to browse through your entire conversation, any time in the future, from any computer, by simply logging in to www.messenger.com. No other software or app is necessary. There is no time expiry.

A touch of finesse is that if you, in a moment of panic or frustration, delete the entire conversation from your account, that person can continue to read ALL the messages, while you are now locked out! The Facebook chat delete function is to remove the person performing the delete operation from a conversation, not the other persons in the conversation. Sweet, isn't it?

Don't worry, there is no one to call for help, because there are no phone numbers available.

Facebook support persons helpfully explain that Adding is like forwarding email. Like email, you cannot retract an email once it's forwarded. The slight difference is that you are not simply forwarding an email, but the complete Inbox, Sent folder, offline folders, archive folders, backup folders, etc.

If you are in a group conversation, whether it be private family matters or confidential company plans, anyone in the conversation, intentionally or otherwise, can just simply Add another party and the damage is done, COMPLETE, courtesy of Facebook technology.

When you Add a person to the conversation, the following warning message is missing:
By Adding xxxxx, you are authorizing her to read every existing message in this entire conversation. She will be able to read all of them even if you Remove her from the conversation in the future. Warning: there is no Undo function and the release of messages is irreversible. If this is not your intention, click Cancel to abort.
It is a simple matter to remove a person from a conversation's access list when he/she is Removed from the conversation, so that the damage can at least be limited to a few pagefuls. But maybe the Perl language used at Facebook has some limitations.

You have been warned.

Tuesday, April 12, 2016

DO NOT USE FACEBOOK MESSENGER for group messages

Unless it's OK for your EVERY message to be published to the whole world, Facebook Messenger must not be used for any group conversations.

I am referring to Facebook chat groups, not Facebook groups. There are basically no options to control Facebook chat groups.

Any member of the conversation can add any person, Friend or not, to an existing conversation!

So, even if there were no ill intentions, an accidental addition of someone else means TOTAL COMPLETE leakage.

Even if you Remove that unintended person immediately, that person can view the WHOLE conversation, every message, since the group was created. There is no way to stop this.

In the first place, while you can easily Add a person to a conversation from www.messenger.com, there is no way to Remove him or her on this same site. You have to do it from the Messenger app from the phone or facebook.com.

Removal of a participant merely stops new messages from going to that person. He or see can still continue to see EVERY single message in the conversation up to the time the Remove was done. He can do this at his own leisure, any time in the future, for as long as he likes, from any computer in the world, by just signing in to www.messenger.com.

So if you were having a discussion on some confidential or commercially sensitive stuff, the moment someone is accidentally added, every message in the discussion can now be viewed by the whole world. There is no gate to lock.

In contrast, WhatsApp allows a participant to see only new group messages created after the time he or she joins a group.


Saturday, April 9, 2016

The Gap

I did not take out my calculator when I wrote this, but I think it will help a skeptical world if we can gather more evidence of what happened between 4,000B.C. and 3,000B.C.

Which of and how did Shem, Ham or Japeth become your great, great... grandfather? How did the two kangaroos on the ark land in Australia?

The answers are meant and waiting to be discovered.  "It is the glory of God to conceal things, but the glory of kings is to search things out." - Proverbs 25:2 ESV