Facebook email described as Man-in-the-Middle attack

The new email policy had been announced by Facebook in April – but it attracted little attention until it actually happened. “Clearly this [is] all part of the site's plan to get more people using the @facebook.com email addresses, thus making the social network even harder to extricate yourself from,” commented Graham Cluley from Sophos at the time.

Andrew Norton, writing on the Falkvinge blog, immediately saw something more sinister. He points out that any email sent to the Facebook email address, on any subject whether business or social, will never be seen unless the recipient logs into Facebook. “Unless you check a folder most aren’t aware of,” he says, “you won’t know of messages from non-Facebook associated email addresses. Meanwhile, Facebook has access to contact information and message contents, because of how they’ve changed your displayed information. This could in fact be described as a Man-in-the-Middle attack, for email.”

Now the problems are getting worse, with users reporting email mishaps. Rachel Luxemburg, an Adobe employee commented in her personal blog, “And even worse, the e-mails are not actually in my Facebook messages. I checked. They've vanished into the ether. For all I know, I could be missing a lot more e-mails from friends, colleagues, or family members, and never even know it.”

And then there are the apps given permission to access phone contact lists. “This morning my mother was complaining that many of the email addresses in her Droid Razr contacts had been replaced with Facebook ones,” complained one via Hacker News. “It would seem the Facebook app had been populating her address book with emails and contact photos, and decided to migrate all her Facebook-using contacts over to this convenient new system.”

However, not everybody is negative. Contributing to Forbes’ Great Speculations blog, Nigam Arora commented, “In my view the change is brilliant because it is good for the users, the marketers, and Facebook. I write about investments, this change is good for potential Facebook investors.” One thing is certain: investor confidence in Facebook is slowly returning. “I think Facebook is still a company that has a lot of opportunity for the business to expand, and the expansion opportunities have not been fully optimized," Herman Leung of Susquehanna International Group told AFP yesterday. Facebook’s stock has risen 20% since its post-IPO low. On Friday’s close it was at $31.09. Leung sees it rising to $48 over the next 12 months – and Facebook’s greater control over email content-based marketing opportunities can only help that development. 

What’s hot on Infosecurity Magazine?