Facebook Nazgûl

There's a great old tweet from Matthew Green:

Screenshot of tweet from X user @matthew_d_green, display name "Matthew Green is on BlueSky", text of: "I would liken Tor to putting on Sauron's ring. The wearer is invisible to ordinary beings, like Men, but highly visible to the Nazgûl." Posted 5:21 PM, Oct 23, 2014; 922 likes, 828 retweets, as of this blog post

I'm not a Tor expert, or even a Tor user, so I wouldn't trust my interpretation here to match Green's intent. But the dramatic stakes are preserved if I go with something like, "Tor saves you the risk that normies are snooping on your network activity secrets, but incurs the new risk that your shadowy, sophisticated exit node operator can compromise it instead."

I think about the tweet a lot because I made a similar trade when my first kid was born:

  1. We wanted a way to share baby pictures,
  2. with extended family,
  3. without just posting the pictures for the whole world to see,
  4. so we set up a private group on Facebook.

On Facebook! We wanted to preserve our privacy, so we turned to Facebook. This Facebook.

And it's worked, as far as I can tell. It was very easy to get my extended family set up see baby photos: they all had Facebook accounts. And normie snoops can't pull up photos of my kids, the way you can pull up photos of me.

Anything I built myself for this purpose would have been worse on both counts. I wouldn't have been able to get my grandparents, aunts/uncles, etc., all a way to prove their identity to my hand-rolled access control system. And I would be much more likely to have screwed something up in the hobby-level-effort implementation vs. Facebook's professional engineering, rendering it all normie-snoopable.

But the as far as I can tell part, that part two paragraphs ago, is the Nazghûl part. I am not sharing my baby photos with you, the normie reading this blog. But I am sharing them with Facebook.

I doubt they're doing anything too-too diabolical with them. Probably they've pieced together how many kids I have, of what basic ages and genders, to show me the right ads. Less likely, but more much offensive to me: maybe they've set up shadow profiles for the kids themselves, so that they can someday show them the right ads.

I am just left stewing in the irony, wishing there were an obvious and easy way for a comfortable-building-a-website guy like me to not rely on Facebook for access control lists.

links

social