Facebook has been battling privacy and security concerns for quite some time, and in yet another event, it turns out that they’ve been storing millions of user passwords in plain text.
Now, in Facebook’s defense, you can’t control the actions of all your employees, and humans will be humans–but this was their public response to the incident: https://newsroom.fb.com/news/2019/03/keeping-passwords-secure/
Here’s a recap of their response:
- They found a problem: “As part of a routine security review in January, we found that some user passwords were being stored in a readable [plain text] format within our internal data storage systems. “
- ‘Some user passwords,’ means: “We estimate that we will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users.”
- And to help your confidence: “To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them.”
- Please be aware that: “There is nothing more important to us than protecting people’s information.”
- Their suggestion is that users change their passwords and implement 2 Factor Authentication.
A meme (or several memes) has become quite popular in the Elastos community in which Rong Chen explains Elastos, simply, as something of an “Internet Condom” that prevents viruses and…other unintended consequences. While humorous, it is actually quite a “fitting” example.
Any crypto enthusiast would immediately recognize how crypto could have prevented such a problem. Any crypto project with DIDs (Decentralized Identifiers) would be able to say that a DID used as a login would’ve made sure that no one, not even Facebook, had access to the user’s account except the user themself.
But any Elastos fan would’ve recognized that the DID sidechain paired with Elastos Carrier and Runtime would be the answer to much more than Facebook’s security issues, because any time there is a human involved, or an institution with access to centralized and unencrypted data, there is a much higher chance of infection and long-term consequence–in fact, it’s essentially inevitable as we’ve seen from the near-daily hacks of major institutions that have leaked incredibly sensitive information and have cost trillions of dollars in damages, annually.
Some estimate that annual damages to the US may be as high as 100 billion, and this infographic tells it all:
Another CyberSecurity report estimates that total damages worldwide will be in the range of 6 trillion dollars by 2021, up from 3 trillion in 2015. This is more than the global trade of all illegal drugs combined, and more than all damage inflicted by natural disasters, annually.
Elastos is a so-called “condom” for the entire Internet, and not just for a single database like Facebook’s. With Carrier and DID sidechains, Elastos Runtime and Hive, all (most) data could be protected across all (most) operating systems and all (most) devices could be supported. I say, “most” because there’s always that human element that decreases the security of good design; after all, that’s why condoms are only 98% effective when used correctly, and 85% when used in general (if you missed Sex Ed, here’s your round two).
In Facebook’s case this time, it was human error and maybe they did get lucky, but their answer isn’t good enough and we’ll never actually know if amongst the hundreds of millions of users affected, were some people actually harmed? The number of individuals affected is so high that it’s arguably impossible to know, confidently, that every individual is safe.
It is my opinion that Facebook’s formal response might be likened to teenage lovers excusing each other’s mistake of having unprotected sex. There is “no evidence to date” that anyone got pregnant or picked up a disease (yet). There is “nothing more important” to them than being responsible. If a teenager said these things, and yet continued on without changing their ways to a much safer method, we would all roll our eyes in disbelief.
If user information could be protected to 98% effectiveness with a .01 mm Okamoto (Elastos) condom (I should get a referral link for this product placement), why wouldn’t it be adopted?
The answer is this: awareness and education.
People just aren’t aware that they are engaging in unprotected Internet practices, and there is a safer way without any compromise to user experience. Thus, it’s up to us–the CR–to educate them about how to use the Elastos digital condom for a safer internet experience.
Do you have a suggestion on how we could increase awareness? What is your idea for an educational campaign on safer internet practices?
“Drug store condom sales grew slowly from 1984 to 1988 except for a 20 percent increase between 1986 and 1987 (Table 1). Sales of some styles grew more rapidly than others. Between 1986 and 1988, sales of all latex condoms increased 25 percent (226.1 to 283.4 million). The biggest percentage growth was in latex condoms with spermicide which increased 116 percent (23.2 to 50.1 million). Latex condoms without spermicide increased 15 percent (202.9 to 233.3 million). Natural membrane condom sales increased 7.8 percent (14.4 to 15.6 million). Sales increased both in areas with a high incidence of AIDS and in the remaining US between 1986 and 1988 (Figure 1). Sales in the high incidence areas were growing throughout 17 of the 18 two-month periods. In contrast, sales were not growing in the remaining US until the beginning of 1987, and sales stopped increasing in July-August 1988. In both areas, condom sales grew rapidly throughout 1987 and early 1988 following the release of the Surgeon General’s report in November 1986. Media attention to condoms also increased. Condoms were rarely mentioned before the report, but were increasingly cited in articles, editorials, and cartoons thereafter, reaching a peak in February 1987, when 182 items appeared in the 19 newspapers indexed by Newspaper Abstracts.”
-Increase in Condom Sales following AIDS Education and Publicity, United States JOHN S. MORAN, MD, HARLAN R. JANES, THOMAS A. PETERMAN, MD, MSC, AND KATHERINE M. STONE, MD