Facebook just announced that it is allowing people to send money to each other:
I’m wondering if this is a good idea or not. Well, I don’t mean I’m wondering if a company should transfer money between people. I’m just wondering if it’s a good idea that Facebook does it.
Facebook Messenger’s money transfer feature is another reason to uninstall the Facebook App from your phone. Here’s why.
The Spy Who Facebooked Me
If a phone is programmed to call people without your knowledge or consent, it’s because somebody added the code to do that. It’s not an accident the phone was programmed to make phone calls and listen to your room without your knowledge.
Well, that’s what Facebook did. Facebook can call it a “bug” all it wants, but the fact that the feature was added in the first place is a admission prima-facie by Facebook that the company was intent on turning your phone into a surreptitious listening device. There’s no other conclusion you can come to.
An obsession with protecting people’s privacy is baked into my DNA somehow. Working in healthcare helped cement the belief that third party data is inherently risky. And companies have uncommon responsibility to protect private information.
Facebook trying to use your phone without your knowledge is simply reprehensible. I feel bad for unsuspecting users and wish that adding secret phone calling as a “feature” would be outlawed, honestly.
My Facebook Interview
Prior to Facebook’s Spy-Phone-Gate, I had interviewed at Facebook.
In preparation of my interview, I wrote a blog article about one of Facebook’s slip-ups in the privacy department, and how I would advocate for changes to prevent that kind of thing from happening.
Long story short, I showed up for an interview. Got a tour .. the place looked like it did in The Social Network and everything. I was excited. And it was obvious that they knew how I felt about privacy, cause I was there after posting my blog on privacy.
The white boarding portion went awesome, and things seemed fine. The guy interviewing me seemed excited I was there. Then it came my turn to ask questions. This one seemed to stun the interviewer:
Q. So, who owns the product specification and standards? Who signs off on the mobile software before release?
And I got a surprising answer (paraphrased):
A. Nobody “owns” them. The developers just work on something they think is ‘cool’, and if the group likes it that feature is released.
I took that to mean that the only oversight of mobile applications were the engineers. Executive oversight, in particular, didn’t seem to be that important to Facebook employees. I took that also to mean there were no independent code audits of Facebook’s mobile applications.
Judging by the phone calling issue that popped up in 2014, I can’t say I was wrong in thinking Facebook had a massive problem.
And it seems to have gotten worse. Everything Facebook has to say about its money transfer feature lacks any sense of security for financial transactions. That’s bad.
Facebook’s Code Release Oversight …
You can also read about how Facebook describes it’s process, which is only about half the work that should be done to ensure a mobile app even functions, let alone respect user privacy:
How Facebook Ships Code
Facebook’s Ryan McElroy on Code Reviews
More Questions Than Answers
I’m left to wonder:
Who reviewed the code for the payment feature? Well – nobody except the developer apparently and that’s not good enough for a public company to release a public app.
Security standards used? Like ones that credit card processors rely on? None, apparently. That’s bad. Very bad.
Is Facebook security good enough to handle financial transactions through messenger? The magic eight-ball says no.
No other conclusion can be possible because these questions are ignored in Facebook’s press release.
Perhaps if you’re lucky, when the money transfer feature screws up, the Facebook app will dial Zuckerberg so he can listen in. Not that you’d know the phone dialed of course.
I’ll let you read these links to decide whether or not you want to trust Facebook with your credit card data:
Facebook data exposed.
Facebook app blacklisted.
Some issues with Facebook’s app.
Seven Annoying Attacks Facebook Misses