Yesterday around midday I discovered that I could no longer post status updates to my Facebook page. This was no big deal, and would have represented the elimination of a major weekend time-suck, except for one thing. I couldn’t figure out why this was happening, which sets off a little alarm in my brain that Something Might Be Wrong, Something That Might Represent A Bigger Problem.
I don’t worry about being hacked. On the other hand, I never worried about identity theft until my debit card was canceled because someone managed to duplicate it at a gas pump that had been bent to this purpose in West Philadelphia: the next day I went out and bought a shredder. Similarly, before now, despite legendarily sloppy password use for many years, I have never been hacked. And yet, I thought uneasily as I fiddled with a Facebook that was behaving strangely, there’s always a first time.
Slightly later in the day my concerns about Facebook grew. My ability to comment on other people’s pages was erratic: sometimes it worked, and then sometimes I would get a message that the comment had not been accepted and I should “try again.”
In an effort to diagnose the source of the problem, I wrote to a relative who lives across town. My theory was that perhaps Facebook had been overwhelmed with posts from the Oligarch University class reunions occurring just a few blocks away from my house. Nope. That person’s page was in good working order. That evening, I learned that the link between my Twitter account and Facebook was broken, as was the link between Twitter and this blog. That’s when I started to worry that I had been hacked, since — stupidly — years ago I had used the same password for Twitter, Facebook, my original Blogger platform and the gmail account attached to all three of them. And, since I never log out except when I clear my cookies, I had neglected to change Facebook and Twitter when I changed the gmail password.
So I went to work to change those passwords, and the passwords for everything else just in case. As you can see everything is now in good working order between the blog and the Twitterbox. But I was still unable to comment on Facebook: as I tried different routes into the problem (for example, changing the password) it withdrew more functions from my control. This was more worrisome, as I realized that I now had no ability to suspend or delete the Facebook account if it had become infected with something, or had become a conduit to the rest of my system.
I then found an obscure diagnostics page where Facebook tells you how many sites are currently logged in to your account.
Three. One from Shoreline (me), one from Ohio (huh?), and one that didn’t appear on the screen at all. That was super worrisome.
Just try solving a problem on Facebook some day and see how far you get: it’s made for people who have moral anxieties, not security concerns. I logged the Ohio person off. I logged myself off and then tried to log in again: no dice. I then moved to the trouble shooting pages, which are mostly responsive to “family issues,” bullying, suicide, eliminating pornography, what to do about Facebook pages belonging to deceased friends and relatives, and spam. Hacking concerns that that it helps you with are embarrassing but rarely disastrous (for example, sending your friends spammy messages saying that “you just won a free iPad” and they can too by clicking on this link, or that you lost your wallet in Bosnia and that you need $1000 hasta pronto.)
I learned that it is impossible to contact a real person at Facebook — either by telephone or by email — who can help you at a moment when you are starting to wonder if your system has been compromised. Worst of all, Facebook doesn’t communicate with its clients by email when they report a concern (as I did by putting one of its not particularly relevant questions to my own use.)
The only communication I received made no sense. At 9:30 AM, when I was in an airport, I received a message saying that at 6:30 AM someone had tried to log on to my Facebook using a smartphone. I had tried to do that at 9:30 — but I had just woken up at 6:30 and was pretty sure I hadn’t checked Facebook before making coffee. (were they referring to 6:30 in Cupertino perhaps?) If it wasn’t me who had logged on at 6:30, the message said, click this link for instructions. Was it me? I didn’t know. I clicked the link. It didn’t work.
I now realize that what might have triggered the intervention that cut me off completely was the unusual amount of troubleshooting by me, and the fact that by googling “My Facebook has been hacked” I came up with this link and clicked it: but since I had not found the link on the troubleshooting page, I did not know if it was a legitimate Facebook link. It’s possible that I was hacked, and it’s also possible that some flaw in the system that affected me but not others was at work. Or some combination of the above: the unseen person who was logged on, and the Ohio person, work for Facebook for all I know.
But that’s the point: I don’t know. What prevented Facebook from sending me an email to let me know there was a systemic problem, or that they were aware of what was going on with my page and that they were fixing it? What prevents them from installing a well-placed button that allows a client to alert someone immediately when they think there might be a security breach and get a response in LiveChat?
I suspect it is the practical limitations of running a company that has billions of customers worldwide and would be overwhelmed if even a percent of a percent of them asked a question every day. If that is the case, here is my question: do I want to participate in an activity, one that exposes me to hackers, that is run by a company that can’t — or won’t — communicate with me when they realize something is wrong? My guess is that even a strong password could be easily hacked by someone who knew what s/he was doing.
Following the news that Facebook’s IPO was far less successful than everyone (except perhaps Morgan Stanley) imagined it would be, and that whatever is bothering the money people could have more serious ramifications for the company’s stability, questions about how a fast-growing company protects the security of our home computers are as important as how it uses the data it collects on all of us.
Yet, when I imagined just finding a way to kill the account and be done with Facebook forever, I paused. Sentiment? Not really. I know that what is important about me to Facebook is how I can be monetized: packaged with other consumers like me and sold to corporations. And yet, Facebook would not be so successful if it were not more than that in all of our lives. The platform has played a significant role in allowing me to communicate with colleagues, scholars, academic bloggers and public intellectuals. We crack jokes on line, boast about our students, and post madly in between grading papers. When we defend dissertations or get tenure, we post it and several hundred people who actually care tell us what a milestone it is.
Facebook also also plays a critical role in helping me, and others, publicize our writing to audiences who might otherwise not be aware of it: the non-bloggers see the blog posts; the bloggers — who are often in other periods and fields — can get a glimpse of the mild-mannered
Clark Kent historian that I am by day.
My Facebook is all better now, and I haven’t deleted the account. I probably won’t. It’s still the best publicity around, and it certainly beats talking on the phone ten times a day. And yet, I don’t like it that for over a day there was something deeply wrong with Facebook that I — a tech-savvy person — had few instructions on how to fix, and about which it was impossible to communicate with the company, except through their own, increasingly funky, platform. If Facebook succeeds as a public company — and it isn’t clear that it will — it will have to think about what it is willing to invest in the serious user of online media.
Is Facebook worth the trouble? Today I decided yes. Tomorrow? I’m not so sure.