[FilterSweep]

From Wikipedia[0]:

> Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.

Honest question: When you take a look at the "manipulation of people into divulging confidential information" part, wouldn't this, by definition, incriminate the vast majority of the modern ("Internet 2.0") web, WRT unremovable-cookies, tracking, "analytics", and so forth?

I fully admit there is a difference between downloading a random AdobeFlashPlayerUpdate.exe or MacKeeperApp.dmg from a malicious site and having all your personal data and information about you sent off to a 3rd party company......but where do we(or Google, here) draw the line?

Just last week, Facebook started gleaning contacts from my phone and injecting them into the "People you may know" page - these were people I did NOT want on my Facebook - ranging from business contacts to tinder matches. I knew this was (sadly) standard behavior for users of the Facebook App, or users of "Facebook for Mobile", but I have never given my phone number to facebook, not once, and I only access it via a mobile browser.

Is it social engineering to see my recent searches in the Amazon app on mobile reposted on Facebook on my desktop Web browser?

[0]: https://en.wikipedia.org/wiki/Social_engineering_(security)

[huehehue]

IIRC, you have to auth to Tinder with a FB account. Not saying that nothing shady is happening, because I believe it is, but note that there are hundreds of ways for a company like FB to connect the dots. Post locations, event invitations, friends of friends, searches, ads/trackers, even your behavior/patterns on the site. The only real options, IMO, are to delete FB or accept the uphill battle.

[e40]

IIRC, you have to auth to Tinder with a FB account.

Wow. Just wow. That seems like such a horrifically bad idea. The worlds represented by FB and Tinder are almost diametrically opposed and I imagine that people who use both would never want any mixing. We are one FB bug away from some serious embarrassment.

[Raphmedia]

Fun fact:

Tinder (as of my last login last year) displays an user liked pages along with their interests and then only their first name so that there is some "privacy".

I used to put all that data through Facebook Graph search and it would get me their full name and contact information, which in turn would lead me to their email address, which would lead me to their addresses or phone number.

Fun, fun time. It's a good thing that I am not the kind of person who would abuse of such things.

[username223]

Mind-boggling indeed. I guess you could do worse by using your FB auth on Ashley Madison, but not by much.

> We are one FB bug away from some serious embarrassment.

FB has been squirreling away phone and credit card numbers for awhile, along with DoBs, family members, birth cities, and pet names (i.e. "answers to common security challenge questions"). I wouldn't be surprised if a lot of this information has already been stolen, and is being used for things worth more than a bit of embarrassment.

[FilterSweep]

I believe part of what I'm seeing is a facebook bug. Namely, they are supposed to see me show up on Facebook, having given FB permission to peruse their contacts, but I'm not supposed to see them, if that makes any sense (permissions granted, and what not).

[FilterSweep]

This is correct, however, the exchange of phone number has to be parsed through the text exchanges on the app (regex dashes and 10-11 digits....simple yet creepy), validated with an actual person (no fake numbers!), and Facebook needs permission from tinder to process such information.

As developers this isn't hard to implement, but it is a bit extreme.

There is also the question of business contacts, whom I have only had connection with via Voice Call and Text message (no external app and permissions given), showing up in my feed. Of course, this could be permission given on THEIR side that is reciprocating on my end, but again, this implementation is also extreme (ly possible).