zlacker

[parent] [thread] 4 comments
1. akashs+(OP)[view] [source] 2012-06-23 18:51:25
I fail to see how this is a MITM attack
replies(2): >>teduna+k >>teilo+z
2. teduna+k[view] [source] 2012-06-23 18:58:32
>>akashs+(OP)
If someone wanted to send you a top secret email (as opposed to a facebook message), they'll send it to your email address, except now your email address is listed as @facebook. The "attack" assumes someone doesn't already know your email, has something top secret that they don't want facebook to know, and are so retarded they don't look at the address they're sending to.

It's a MITM attack on one particular means of distributing your email address, but it's not an attack on your email at all.

replies(1): >>noobis+t1
3. teilo+z[view] [source] 2012-06-23 19:04:46
>>akashs+(OP)
It is absolutely an MITM attack, if for no other reason that your email has no presumption of privacy once it is in the hands of Facebook. Read the TOS. They can do whatever they like with the data that passes through your account.

They are counting on your not noticing that they changed your publicly displayed email address, so that instead of a message going straight to you and bypassing facebook.com, it now goes to facebook.com. You still get the message. So do they.

◧◩
4. noobis+t1[view] [source] [discussion] 2012-06-23 19:29:33
>>teduna+k
Be fair; anyone who wants to send me a "top secret" email, but has to go to facebook to find my email address; I don't want them sending me their "secrets".
replies(1): >>pavel_+6K1
◧◩◪
5. pavel_+6K1[view] [source] [discussion] 2012-06-25 19:19:32
>>noobis+t1
Right, but that's not a choice you get to make.
[go to top]