Despite the privacy concerns that seem permanently stuck to Facebook like toilet paper on the bottom of someone’s shoe, I remain loyal to the big lug. I participate in many groups and causes, and thoroughly enjoy socializing with friends I haven’t seen since childhood. I had an experience with a group invite on Facebook today, however, that has caused me some concerns, an experience I would like to share with you.
The invite in question involves a group called “DISLIKE BUTTON is here – ADD it now!” At the outset, I should state that this group is not directly affiliated with Facebook. It is just a group set up by a third-party, ostensibly to operate their “dislike” button.
Here’s How It Starts…
I received the invite to “DISLIKE BUTTON is here – ADD it now!” from a trusted colleague. Intrigued by the name, I joined. Once I joined, the group had some instructions on how to supposedly activate the button. The first red flag, albeit minor, that popped up for me was when the instructions expressly stated that, if not followed to the letter, the button would not work. Never mind, I thought, thinking in my mind how nice it was for the creators to so explicitly instruct the user.
Is This Misleading By Artifice?
Subsequently, the instructions required me to link over to something called “The Artifice,” and to “like” that. Hmmm…I thought, a pesky, lawyerly voice in the back of my mind reminding me that “artifice,” in legalese, is something along the lines of trickery or deceit. It’s not quite a full-blown lie, but shady and unethical nonetheless.
Possibly A Scam?
Still, comfortable with the source who initially invited me and thinking that I would like a “dislike” button, I continued. I indicated my “like” for The Artifice. (Disclaimer: The Artifice may, in fact, be completely legitimate and above-board, but at the time of writing this post, I still lack sufficient information to indicate to me why users of Facebook would need to “like” this other group for a “dislike” button to work.)
Getting More Suspicious By The Minute
The final step in these instructions required me to load a Firefox add-on for the “dislike” button to work. I became even more concerned when the add-on download page revealed that it had not been reviewed by Mozilla. Furthermore, why did I need to go through all the previous steps if all I had to do was download an add-on to Firefox in the first place? Many other Facebook-related applications work as add-ons without the extra instructions that accompanied this one.
OK, But Did It Work?
Not surprisingly, the “dislike” button did not work. As it turns out, it did not work for the person who invited me either. I can’t blame her because, in order to get to the instructions I just laid out, a Facebook user had to invite not just one of their friends – but all of their friends!
I have not been able to make this app work on Facebook or any other site or blog that I maintain. I did some research on my own, discovering hat this “add-on” has been around since November 2009. It has been subject to some mixed reviews, with bloggers and users indicating they could not make it work either. As a result, I uninstalled the add-on from Firefox. I recommend that – if you are not successfully using this add-on, uninstall it from Firefox. Furthermore, view this group invite with suspicion, or better yet, ignore it.
Facebook Invites Can Be As Dangerous As Email Scams
This experience reminded me just how easily a potentially malicious attacker could gain entry into your system (a.k.a. invading your privacy) under the guise of something legitimate. Recently, I wrote an article here on “tab-nabbing,” which garnered much reader interest. “Tab-nabbing” is a form of “phishing;” for example, scam emails you may have received. Unlike traditional email scams which rely on initially tricking a user into believing their legitimacy, however, “tab-nabbing” works secondarily by changing a trusted website that is in use into a bogus, look-alike website capable of stealing sensitive data like passwords, credit card info, etc.
Interestingly, if this “dislike” button application is malware of some sort, it relies on similar user vulnerabilities that “tab-nabbing” does. Consider:
In order to use the “dislike” button, a Facebook “friend” had to invite me to its Facebook group. It so happens that the Facebook “friend” who invited me is, herself, quite techno-savvy. Consequently, I completely trusted the reliability of the invite.
Second, I didn’t have time to think too long or critically about the invite because I was having a fairly stressful and busy day. Many are prone to mistake under similar conditions. It initially even came across as though it might be something associated with Facebook itself.
Hobbled by these three factors, I followed suspicious instructions, “liked” something on Facebook I had never heard of, gave it access to my data and friends, and downloaded an add-on to my Internet browser that had not been evaluated. This Facebook group may be legit and it may be that the “dislike” button works for many people on Facebook or elsewhere. Even if that is true, I view any application with immediate distrust when it fails to work, having followed instructions to the letter. With Facebook apps, that failure smacks of a buggy application possibly designed to gather user data, market activity, or “like” votes. At worst, it could be malware in which you just invited your Facebook friends to “share.”
Open Invite To Creators Of “DISLIKE BUTTON is here – ADD it now!”
If the creators of the “DISLIKE BUTTON is here – ADD it now!”group/app are reading this, and wish to respond or correct anything stated in this article, I invite you to do so. If you are legit, I like your idea, can tell that a lot of other folks do too, and would like to make it work for me. I will write further about your application, and you are invited to contribute an article yourself. If you are a user of this application on Facebook or elsewhere, I would also like to hear any comments you have, positive or negative. All substantive comments will be featured here and on my blog, Ampli-Gistics, given the continuing importance of Internet security issues to all users, not just attorneys.