Social networking site Facebook recently unveiled Facebook Messages, essentially a messaging system that merges the traditional email inbox with other communication platforms such as text messages (SMS) and instant messaging (IM). The idea, says Facebook founder Mark Zuckerberg, is to combine the “slower” email service with much faster modes of corresponding such as SMS and IM chats.
Observers are split as to the repercussions that the new Facebook Messages could have on the spam industry, with a number of well-known sites such as PC Pro declaring that “Facebook looks to kill spam with messaging system.” Other such as ComputerWorld are less sanguine however, observing that far from it, hackers and spammers will in fact be attracted to Facebook Messages.
At first glance, the inherent trust-based nature of a social network-based messaging system looks like the perfect tool for the combating of spam. After all, your friends would hardly send you links or malware that will harm you, isn’t it? And not only will the annoying spammers be automatically excluded from clustering up your inbox, the ability to look only at messages from your friends means that your online peers also play an inadvertent part in helping to sieve out fake or malicious messages.
Zuckerberg himself was quoted elaborating on precisely this topic, noting that: “Because we know who your friends are… we can do some really good filtering for you so you only get the messages you want.” While not incorrect, there are unfortunately a couple of dangerous assumptions made that can lead to an unfortunate false sense of security from unsolicited digital trash and link-baiting attempts.
Let’s take a look at a few of them here.
Are your friends really your friends?
The “friends” used by Facebook is really a misnomer originating from the desires of the social network giant to be the hub that facilitates your communication channel with people you already know. These days however, we befriend just about anyone who sends us a request; while many businesses have worked hard to garner a robust number of friends as part of their marketing and branding efforts. The herd mentality of blindly accepting friends request to the liberal dose of prize giveaways has resulted in network of friends that are really acquaintances or “friends of friends.”
Honestly, how can one be even sure that the identity of the new friend is who he or she claims to be, and not a bogus account created with ripped off photos obtained from somebody’s online photo gallery? In addition, spammers could just as easily create disposable Facebook identities, befriend you, and then proceed to spam via Facebook.
The use of automated tools
One minor point that is often missed by novice computer users has to do with how spam is practically never sent manually. In fact, it is common for criminals to remotely engage the use of compromised servers and computers systems from around the world to spam. Indeed, an entire ecosystem has sprung up in which tens of thousands of commandeered machines are “rented out” to spammers- for a fee.
On the same token, is it reasonable to expect these same hackers to refrain from writing automated tool that can sign up for Facebook accounts en masse from which they will be used to spam you, or from participating in the trading of compromised Facebook accounts?
The same tools that allow spammers to harness commandeered computers to surreptitiously send their spam also allow them to spy on their victims. It really is trivial to capture all typed keystrokes in order to obtain the password to legitimate Facebook accounts. From there, it is but a small step to spread spam and malware havoc by leveraging on the established web of trust.
As Charles Arthuron over at the Guardian.co.uk wrote: “I think that’s underestimating how peoples’ systems can be compromised. Remember that Facebook has seen scores of spam attacks and virus attacks which have spread at huge speed through the network… ”
Back to traditional defences
Ultimately, I feel that the ideal of the social network being able to defend users from spam is but a fallacious hope. Indeed, fellow writer John P Mello Jr recently blogged about how nicked accounts are the cause of spam sent via Facebook – the new Facebook Messages will certainly not be able to change this. If anything, the very fact that Facebook operates a spam prevention system underscores how spam detection and filtering are still essential components required in corporate and personal email systems. So don’t throw away your spam appliance just yet.