Saturday, October 31, 2009

Facebook Safety & Million Member Facebook Groups

Two of my friends today invited me to join "Million User" facebook groups. Not that it matters really, but the two groups were:

PETITION FOR FACEBOOK TO INSTALL A DISLIKE BUTTON...NEED 1,000,000 MEMBERS ASAP..INVITE EVERYONE YOU KNOW TO JOIN

and

If 1,000,001 people join, Facebook will re-install the old News Feed!


The first group, IN SIX DAYS, has grown from 1 user to 401,200 users! Some of you are cheering saying, YES! Now Facebook will be FORCED to have a "Dislike" button!

The second group now has 719,000 users! HINT: Despite the topic, Facebook is not going to re-install the old News Feed.

Would you like to see the secret truth about why people create "million user groups"?

Enter the seedy world of the online advertiser. Not the Madison Avenue advertising companies, but the punks who sit at home and devise ways to advertise their wares through spam, SEO (search engine optimization), and social network spam. They are making more money than you, and filling our lives with virtual junkmail, and in many cases, malware.

Note that what they are doing below is probably NOT illegal. Slimy, yes. Illegal? No. Although it may violate Facebook rules, that's an issue for Facebook, not the police.

Here's an example post from a forum on a "Black Hat" website. The forum is in a group called:

Black Hat Forum > Black Hat SEO > Social Networking Sites > FaceBook

The user "almir" is a typical user there. After each of his messages to his shady advertising friends, he signs with his own advertisement -- claiming that he controls a Facebook Group with 550,000 members, and he'll post your message to his group for $800. Almir says that between his groups, he has about 2 million people he can post to on Facebook. At his peak he was making about $250 per day from his ads, and he says on a good day, he could make $600. Lets see. 365 * 250 = $91,250 per year. Not bad money for making up reasons that a million people should join your group.

Another user there, "LeDave", claims he controls more than 100 Facebook groups, and the ads that he posts there generate between 6,000 and 7,000 clicks per day to "ClickBank". (ClickBank is an affiliate advertising site where you get paid every time someone follows your link. Following the links makes money for the guy controlling the Facebook group. If the users BUY things, you get a commission.) LeDave claims he was the creator of the "1,000,000 members against the new facebook layout" group. He claims he grew that group to more than 3 million users! Why? So he could make money selling links to his members!

One of the other members has a group with 1.5 million users. He offers to help newbie advertisers "get launched" by recommending their group to his users for the low low price of $100 per recommendation.

(this information from the thread . . .

http://www.blackhatworld.com/blackhat-seo/facebook/130560-facebook-groups-finally-getting-makeover-hard-make-viral-group-again.html

)

So, remember that the next time you join a "million member group", what you are really doing is helping these advertisers make it easier to spam you with their ads. While it may seem a great "social cause", its not. Nobody cares if 1 million people join the group. Except the guy getting paid for it.

Here are a few other "of course, we should join that!" million member groups:

I bet I can find 1,000,000 people who hate cancer
Members: 1,609,864 members

I bet I can still find 1,000,000 people who dislike George Bush!
Members: 968,146 members

1,000,000 Hamish and Andy Fans by 01/01/10
Members: 731,824 members

1,000,000 AGAINST THE NEW FACEBOOK LOOK!!!
Members: 713,565 members

"WE HAVE TO SAVE FACEBOOK" PETITION - 1,000,000 PEOPLE NEEDED!!!!!
Members: 466,648 members

I Bet I Can Find 1,000,000 People Who Just Want Peace
Members: 379,282 members

Not saying that all those groups are advertising driven. Just suggesting that its a serious possibility.

Yes, I like Facebook! (But not all the Apps)



Are you surprised? Yes, I'm a Cybercrime Investigations guy who likes Facebook. I give a "Privacy & Security" lecture to our CIS 105 class each term at the University where I warn of the dangers of Social Network Sites, but when used properly, I love Facebook (for play) and LinkedIn (for work).

In my lectures I warn of things like having your privacy settings set too broadly - sharing your information with the whole world - and things like installing Applications without understanding who wrote them or what their Terms of Service are.

Facebook has been getting better with setting rules for their developers, but its still important to know what access and rights developers have to your personal information when you use their apps. My general rule is that if I don't know the developer, I don't install the app. For instance, I play PopCap games in Facebook. I've used their apps for years, I've worked with their tech support, and I trust them to do the right thing. I have no idea who wrote the Facebook Application "How Long Will You Survive When Zombies Rule the World", but 1,461,000 Facebook users have trusted them to do the right thing with their personal data. To install the app in Facebook (as with every app) I am cautioned:

By proceeding, you are allowing How long will you survive when zombies over run the world? to access your information and you are agreeing to the Facebook Terms of Use in your use of How long will you survive when zombies over run the world?


I'm not so trusting with strangers. (No offense, Zombie dudes. Random example from things I was invited to install today.)

Those "Terms of Use" link you to the "About Platform" page, which reminds you that when you install an application, you are giving the developer of that application permission to access such things as:

your name, your profile picture, your gender, your birthday, your hometown location (city/state/country), your current location (city/state/country), your political view, your activities, your interests, your musical preferences, television shows in which you are interested, movies in which you are interested, books in which you are interested, your favorite quotes, your relationship status, your dating interests, your relationship interests, your network affiliations, your education history, your work history, your course information, copies of photos in your photo albums, metadata associated with your photo albums (e.g., time of upload, album name, comments on your photos, etc.), the total number of messages sent and/or received by you, the total number of unread messages in your in-box, the total number of "pokes" you have sent and/or received, the total number of wall posts on your Wall, a list of user IDs mapped to your friends, your social timeline, notifications that you have received from other applications, and events associated with your profile.



If you want to know more about Applications on Facebook, here are the new policies that Application Developers have to agree to follow -- Facebook: Developer Principles and Policies.

Tips for Facebook Users, From Facebook


I know the guys at Facebook and have been very pleased with how pro-active they are with responding to security issues, and with warning their users. If you haven't seen these steps, you should definitely check them out.

Facebook: Protecting Account Security

Facebook: Privacy Settings and Fundamentals

There are lots of other great tips from Facebook. I would encourage users (and parents of children who use Facebook) to visit their Help Center to learn more.

No comments:

Post a Comment

Trying a new setting. After turning on comments, I got about 20-30 comments per day that were all link spam. Sorry to require login, but the spam was too much.