Facebook appoints self world police, promises state attack warnings
Oh great. Now that Facebook's done this, does your online service need to, too?
Facebook has decided it will warn its data-generating, ad-clicking sheeple members when it thinks they are under attack by “state-sponsored actors”.
In a post published on Saturday The Social Network TM's chief security officer (CSO) Alex Stamos says the step is necessary “because these types of attacks tend to be more advanced and dangerous than others”.
Stamos wrote that “To protect the integrity of our methods and processes, we often won't be able to explain how we attribute certain attacks to suspected attackers.” The CSO also said “we plan to use this warning only in situations where the evidence strongly supports our conclusion.”
Facebook's heading into ticklish territory here because China's recently made it abundantly clear that it is not at all happy at being fingered for attacks. If The Social Network TM starts pointing the finger, it may find itself being rather unhelpful in the wider context of US foreign policy and therefore less likely to be shopped as an exemplar of US ingenuity.
Things aren't also going entirely Facebook's way in the developing world, where the Internet.org initiative has found plenty of critics for offering a very Facebook-centric view of the world. In India, the company's even been criticised as a neo-colonial force that disguises “... its rapacity with fine words about the civilising mission.”
If you are reading this dialog, a government really is out to get you
Facebook's call to action if it thinks you're being attacked by a nation-state is for you to change passwords, preferably after two-factor authentication. In the dialog above, it suggests you do likewise for all online services you use.
When you lead a market, as Facebook does, your actions educate the audience and change their expectations. Those among you who work at delivering online services may, therefore, now be reading about a new benchmark for security advisories. Do let us know how you define a state-sponsored attack, once you've sorted it out. ®