Is Algeria Deleting Facebook Accounts?

belmolis writes "Algeria is reported to be shutting down ISPs and deleting Facebook accounts in an effort to prevent anti-government protests from escalating as they did in Egypt. Is it likely that they are deleting FB accounts? Unless Facebook is cooperating, this would either require hacking FB to obtain administrator privileges or cracking the password of each account they wish to delete."

Unencrypted cookie auths

[jroysdon]

The problem is that you may send your username and password over HTTPS, each page after that you send your auth cookie over plain ol' unencrypted HTTP. Someone is capturing those auth cookies and using them to send delete commands to Facebook (no doubt after capturing all of the info and friends).

Use HTTPS Everywhere [eff.org] and force all your traffic that can be to be using HTTPS.

Re:Unencrypted cookie auths

[icebike]

That cookie is renegotiated after each https login, and it is specific to one session. You can't clone it from another station.
Even if you do manage to intercept it, Man in The Middle attacks are notoriously hard to execute, (you have to actually BE in the middle) especially for a bunch of thugs in jack boots.

Still, you can just look at press photos to see that the Algerian uprising will fail.
In a Muslim country, you can simply count the number of women in the photos. If its not at least 10 percent, the police will use all force necessary, and will ultimately crush the protest.

Re:Unencrypted cookie auths

[Anonymous Coward]

That cookie is renegotiated after each https login, and it is specific to one session. You can't clone it from another station.
Even if you do manage to intercept it, Man in The Middle attacks are notoriously hard to execute

Quick, someone tell these guys [wikipedia.org] that hijacking FB sessions should be difficult.

Re:

[sortius_nod]

Indeed, I mean, I didn't hijack my fiance's Facebook to show her how vulnerable it is the other day. She totally didn't freak out.

Re:Unencrypted cookie auths

[SlappyBastard]

Somehow I suspect that controlling the ISPs makes a man in the middle exploit a tiny bit easier.

Re:

[h00manist]

Yes, a man in the middle is doable. But as there are no confirmations of these deleted accounts or exactly what happens, I would think it is more likely that "facebook account deleted", after translation from facebook-newbie-user-speak, and from languages tranlations, could mean a variety of things. Like "Access temporarily restricted due to unlicenced content". I work in a cybercafe with these users every day... have heard descriptions of the simplest things that practically require an detective work to

Re:

[mr100percent]

"In a Muslim country, you can simply count the number of women in the photos. If its not at least 10 percent, the police will use all force necessary, and will ultimately crush the protest."

Um, have you noticed that these aren't particularly religious people who led the protests in Egypt and Tunisia? They're not even using Islamic words in their protests eg they're talking about the Watan and not the Ummah.

Re:

[icebike]

No clue what they are talking about.

But I notice a lot of signs in English, and a lot of women in the streets. The mere fact that women are allowed to participate without a brother or husband present is refreshing.

I'm not sure this means they are less religious. Maybe just differently religious.

Re:Unencrypted cookie auths

[mr100percent]

People over and over again seem to fall for this mistake. Saudi Arabia is the only country that requires women to be escorted with a "mahram." No other Muslim country makes this claim that it's a requirement, and Muslims worldwide have condemned Saudi Arabia for being too chauvinist. Muslim scholars and shaykhs far and wide have said that Saudi is taking things way too far and that the Quran doesn't call for such things (and it doesn't if you read the text). The Muslim world at large has no desire to oppress women the way Saudi does; more women than men work in Morocco, for example, and Pakistan and Bangladesh had women Prime Ministers, and even Iran has more women in parliament than the US does in Congress.

If the protestors in Egypt were 100% Muslim only (and they weren't given than Egypt is 10-20% Christian), you'd still see women in the streets walking around uncovered. Cairo is the Hollywood of the middle east, home to a large music and film industry and even scantily dressed women.

Re:

[icebike]

People over and over again seem to fall for this mistake. Saudi Arabia is the only country that requires women to be escorted with a "mahram." No other Muslim country makes this claim that it's a requirement,

That's nonsense, and you know it.

While the Taliban ruled Afghanistan mahram was the norm.
In many tribal zones in Pakistan this is still the norm.

But that's just one part of the problem. Shall we talk about Honor Killings [typepad.com]? That practice is actually spreading, even to Canada and the US.

Re:

[Zumbs]

... but it is not a law in Pakistan (or Afghanistan). By your own admission it is only happening in remote areas in Pakistan and Afghanistan. Your assertion amounts to stating that the Amish does not like technology, the Amish are Christians, so is is nonsense saying that Christian countries are technologically advanced.

Shall we talk about Honor Killings [typepad.com]?

So, when you see that your position is weak, you change try to change the topic?

Re:

[icebike]

My position isn't weak, yours is delusional, and the Amish have nothing to do with the topic under discussion. You can walk away from being Amish. You won't be hauled into court [cnn.com] by the state and put on trial for your life simply because you changed your beliefs.

You don't want to discuss honor killings I see. Is that because your position is destroyed by their very existence?

These are all facets of the same problem. Egypt is far more advanced in the the area of women's rights than most countries in the r

Re:

[ultranova]

Now you are doing it again: Looking at a small, remote group and asserting that their actions are general for more than 1 billion people. With no evidence what so ever.

Egypt is not remote by any stretch of imagination. And the article linked to is evidence. Not proof, of course, but evidence.

Re:

[Zumbs]

The article is on honour killings, not on requirements of women having to be accompanied by men, which is the topic of this discussion. To recap (for newcomers), mr100percent noted that the vast majority of Muslim countries neither condone nor practice that women must be accompanied by a man when leaving their homes, noting that "Muslims worldwide" condemn Saudi Arabia on that practice. Icebike replied that that is nonsense because women in parts of Afghanistan and Pakistan has to live under this rule. I re

Re:

[Antique Geekmeister]

It doesn't have to be "law", if it's enforced by custom. The observation is relevant: if women are not physically there as part of protest movements, it's a sign that they are either kept out of public events, or that it's only the men who are interested in the issue. Such movements are very likely to be controllable by police or military force, and will be so controlled by governments with any power left.

_Failed_ revolutions are a dime a dozen. _Successful_ revolutions, or changes of regime imposed from ou

Re:

[mr100percent]

Individuals in those places may be doing it but its certainly not a requirement nor the law. The Taliban are not considered legitimate by a wide swath of the Muslim world and were overthrown by the Northern Alliance, a group that also calls itself Muslim and doesn't practice that requirement. Is it that hard for people to grasp that the super majority of 1.5 Billion Muslims don't do that sort of stuff? Whenever a country like Algeria comes up, someone always brings up the false stereotypes about Muslims. Do

Re:

[AGMW]

...The Taliban are not considered legitimate by a wide swath of the Muslim world ...

I do wish more Muslims would stand up and be counted when it comes to Muslim extremists, be they Taliban or whatever. If it was my religion being desecrated in such a fashion I'd be screaming from the rooftops for them to stop committing such atrocities in the name of Islam!

Of course, maybe there are such people shouting and the press doesn't give it air-time. The press/media may have their own agenda!

Re:

[TheRaven64]

I grew up in the UK in the '80s, when there were periodic bombs going off as a result of Irish terrorist activity. There were two loose groups, one claimed to be Catholic, the other claimed to be Protestant. I don't recall Christians in America condemning these terrorists for desecrating their religion. In fact, I remember the head of the IRA going on fundraising tours of the USA and coming back with a lot of money to buy guns and bombs to kill civilians with.

There have been a lot fewer deaths from terr

Re:

[Velex]

It's a macho thing. I've seen this with Christians as well. People who believe they're being persecuted tend to want to take up the most extreme, literal position possible.

*sigh* I'm sure I'm going to get modded troll for the next part.

The other problem is that in order to take the position you're taking, you have to ignore wide swaths of religious law. I haven't given the Quaran a read-through yet, but there's a lot of things Christians are supposed to do that they don't. For example, women aren't

Re:Unencrypted cookie auths

[mr100percent]

Muslims inside Egypt and out condemned that attack. Fortunately, such attacks are few and far between. Look at the aftermath, when terrorists attacked a church around Christmas, thousands of Muslim Egyptians attended church services [huffingtonpost.com] in Egyptian churches, in order to serve as human shields in case of another attack. They held candlelight vigils outside and put crosses on their facebook pages as well.

Let's look to the last 2 weeks. A photo has been spreading all over Twitter of Egyptian Christians making a human chain to protect Muslims from police attack as they were praying in Tahrir square [myweku.com] on Friday. On Sunday, Egyptian Muslims returned the favor [nydailynews.com], protecting them while they had prayer services. This is a great moment for Muslim-Christian unity in Egypt.

Re:

[mr100percent]

Well you should be optimistic. Mubarak the dictator is out, and democracy looks like it will be slowly coming in. The dictatorship was what was preventing the new churches.

Re:

[chimpo13]

I've had these arguments with friends but once people have decided Islam is to blame, it's hard changing minds. Right wing/lefties it doesn't matter. It's not science where you can give a composing argument for most people.

I'm in Saudi now. Foreigners get it different but I still don't try to talk to women. They can get in trouble by talking to single men of any religion. Oh, and the veils here pre-date Islam. Still it's a crazy culture and I'm glad I didn't grow up in it.

Re:

[mapkinase]

Apparently you missed the moment when three Fridays in a row Tahrir square turned into a one of the largest Masaajid's in the world.

Check out last Friday with the internationally famous Qari Jibreel leading Salaah:

http://www.youtube.com/watch?v=mk-PKovjKzY [youtube.com]

Re:

[h00manist]

"In a Muslim country, you can simply count the number of women in the photos. If its not at least 10 percent, the police will use all force necessary, and will ultimately crush the protest."

Um, have you noticed that these aren't particularly religious people who led the protests in Egypt and Tunisia? They're not even using Islamic words in their protests eg they're talking about the Watan and not the Ummah.

Had some Arabic friends, learned some things. Islamic culture has pros and cons like everything else. They require good manners, dignity and respect in general. Western people don't normally know this, the media/military focuses on negative aspects. So this comment on women appears actually well informed. In general, as a culture, they treat women with more respect, protecting them. Yes, there are well known cases with that turns upside down too. In general, I think political opinion and participation

Re:

[Z00L00K]

It's no problem being in the middle if you control the network - like if you are a government.

Re:

[Toze]

especially for a bunch of thugs in jack boots.

I hate to tell you this, but being evil doesn't make people stupid or inefficient. The Nazis managed to build ingenious radar targeting systems for bombers, they developed their own jet fighters, and they did horrific but informative medical experiments on innocent people. "Thugs in jack boots" are perfectly capable of using or creating technologies to use for evil.

Re:

[mapkinase]

And that is why Egyptian and Tunisian revolutions failed for 19 days in a row.

Re:

[icebike]

Let's see -- you are in the government, facebook is outside your country, and it's _hard_ to ensure that all facebook connections get routed through your MitM box?

Well in some governments, that would be far more likely than anyone using firesheep. But other posters insist that you are still asked for your password over a SSL connection when deleting accounts.

I don't know about Algeria's internet structure, but something like this would be pretty hard to set up quickly if there were more than a few backbones. The traffic load would be enormous, you would have to filter every FB access and selectively delete the accounts, AFTER successfully pulling off your MitM.

I ser

Re:

[jamesh]

Facebook requires HTTPS to access account settings. Nothing else to say.

Plenty more to say. As long as users go to 'facebook.com', and as long as the browser interprets that as "oh you mean http://facebook.com/ [facebook.com]" then all bets are off. Facebook may force the URL to account settings to https, but if there is a 'man in the middle', they connect to facebook via https for you, but rewrite all the url's you get sent as http, and most users won't notice.

You have to use https _everywhere_ or else you've given a MitM a chance to proxy your connection, and DNS spoofing is all that's requ

Re:

[jonwil]

No, what happens is that you go to facebook.com which resolves to a machine run by the ISP or government (due to DNS hijacking). This machine goes to the real facebook.com over https, retrieves the page and sends it to you as http. You log in on this page which sends your details to the fake ISP server who sends them on to Facebook.

Re:

[Firehed]

Most (if not all) of Facebook's account settings pages go over an HTTPS connection. I'd be astonished if there isn't one for auth that's secure-only, since it's effectively pointless if you're trusting cookies that could have been exposed over an http request for requests that require decent authentication.

Of course, Facebook is hardly known for its security. I turned on the HTTPS-everywhere setting the moment it was available on my account. I did spot a "c_user" secure-only cookie that contained only my us

Re:

[icebraining]

Does Algeria have a CA trusted by the browsers?

Legal/security threats or confusion

[h00manist]

If they have national ISP level intercepting and filtering, it's possible the accounts are simply being denied access, and these "deletions" are confused newbie level reports spread by rumour. They could also simply be using some Algerian legal or security argument to force Facebook to delete accounts. Much easier and more typical of an oppressive, controlling regime. High level Intelligence, using undetectable methods, are not required there, I think those are more typical of countries with pseudo, form

Re:

[iammani]

Auth cookies cannot help you delete accounts (or even change password) in well-designed site. The website prompts for the password to make sure its you.

Re:

[/dev/trash]

HTTPS Everywhere is great if you have 3 minutes for every minute to do something. I used it while on vacation and I was forced to use Barnes and Noble. Slow Slow slow slow.

Re:

[epine]

HTTPS Everywhere is great if you have 3 minutes for every minute to do something. I used it while on vacation and I was forced to use Barnes and Noble.

The bar to resist dictatorship keeps going up. First you have to learn HTTPS Everywhere, then you have to learn tabbed browsing, cyclic tasking, and delayed gratification.

https should have become the default long ago. As it stands, I'm sure the Algerian santa is keeping a list. One shouldn't have to stand out by defending oneself against man-in-the-middle.

On the other hand, the portion of the rebel alliance with "allahakbar" as their FB password were unlikely to put up stiff resistance against sand-troo

Re:Unencrypted cookie auths

[Frosty Piss]

The problem is that you may send your username and password over HTTPS, each page after that you send your auth cookie over plain ol' unencrypted HTTP

No.

This is *NOT* the problem at all.

The problem is that ridiculously entrenched tin-pot dictators continue to believe that they can control to populous like they did in the pre-Internet days when all you had to do was shut down a few newspapers and "disappear" their enemies.

Sure, there's obviously a technical process going on, but the root of the problem has nothing at all to do with computers or networks, it has to do with a fundamental change in the dynamics of how populations are controlled by despots.

Why shouldn't they believe?

[SuperKendall]

The problem is that ridiculously entrenched tin-pot dictators continue to believe that they can control to populous like they did in the pre-Internet days when all you had to do was shut down a few newspapers and "disappear" their enemies.

Worked for Iran.

The internet means nothing if the despot is determined.

Re:

[Frosty Piss]

Worked for Iran.

Things are a changin'

Re:

[SuperKendall]

Things are a changin'

In Iran?

When?

The world hung those poor Green Revolution people out to dry, but good. I don't think you'll see revolutionary spirit there for about another generation, as most of the leaders of the current one are busy getting tortured and raped in jail cells currently.

Ugly, but that's how it sits.

Re:

[Brian Blessed]

The problem is that ridiculously entrenched tin-pot dictators continue to believe that they can control to populous like they did in the pre-Internet days when all you had to do was shut down a few newspapers and "disappear" their enemies.

Enemies like Julian Assange? Despite not yet managing to disappear him, the US has had some success in controlling the bulk of the population to view him as an evil figure.

- Brian.

Re:

[MattW]

I have no idea how fb works because it's an abomination and I avoid it as much as possible, but - having coded sites and auth schemes from scratch (after 5 years in network security), I can say: it's a poor site that allows an http:/// [http] cookie to perform a delete when they use https:/// [https] for a login.

Generally, if there's a need to have some high-security functions but some low security interactions, you take the login over https:/// [https] then set TWO cookies; one of them with the "ssl-only" flag set; browsers will

Re:Unencrypted cookie auths

[GuruBuckaroo]

This entire thread, with one notable exception, is entirely, horribly uninformed. As the only other worthwhile poster points out, the Firesheep plugin proves that once you have the FB cookie (which can be sniffed via MITM attack or over Wifi), you can hop onto a Facebook session from any computer. Maybe not a shortcoming with the idea of login cookies, but certainly a shortcoming in Facebook's handling of them. Second, about two weeks ago FB started officially supporting an HTTPS-Always preference. There's a checkbox in Account, under Security, that forces all connections (and I do mean all, even connections to other subdomains) to use SSL. No plugin needed. As much as I enjoy Facebook, and correctly monitor both security settings AND what data I allow it to access, I'm really happy that Firesheep showed how piss-poor their security was. It gave the final push to my campaign to secure the "public" wifi hotspots our company offers to it's guests.

Re:

[brunes69]

Do you think the majority of facebook users know about this hidden option? It should be enabled BY DEFAULT, just like Google does with GMail.

Re:

[Maestro4k]

Algeria's probably taken a page from Tunisia, and is stealing logins like Tunisia did [theatlantic.com]. That was just last month, I'm surprised people have forgotten about it already.

Facebook responded to Tunisia's attempts then, from the article:

Sullivan's team rapidly coded a two-step response to the problem. First, all Tunisian requests for Facebook were routed to an https server. The Https protocol encrypts the information you send across it, so it's not susceptible to the keylogging strategy employed by the Tunisian ISPs.

The second technical solution they implemented was a "roadblock" for anyone who had logged out and then back in during the time when the malicious code was running. Like Facebook's version of a "mother's maiden name" question to get access to your old password, it asks you to identify your friends in photos to complete an account login.

They rolled out the new solutions to 100% of Tunisia by Monday morning, five days after they'd realized what was happening. It wasn't a totally perfect solution. Most specifically, ISPs can force a downgrade of https to http, but Sullivan said that Facebook had not seen that happen.

I have no doubt that if they're seeing something similar they'll implement the same thing to block Algeria from continuing to do this.

Re:

[Smallpond]

The problem is that you may send your username and password over HTTPS, each page after that you send your auth cookie over plain ol' unencrypted HTTP. Someone is capturing those auth cookies and using them to send delete commands to Facebook (no doubt after capturing all of the info and friends).

Use HTTPS Everywhere [eff.org] and force all your traffic that can be to be using HTTPS.

Why assume a sophisticated technical solution when the more likely explanation is the $5 wrench? [xkcd.com]

Users

[Anonymous Coward]

It would also require that 'users' have delete priviliges regarding their own account.

Re:

[Aerynvala]

LMAO and me without Mod Points

Re:

[msauve]

You say that as if Facebook is the poster child ("think of the children") for security.

Re:

[guttentag]

To clarify for anyone who doesn't get the joke, you can't "delete" a facebook account. You can "disable" your account, but facebook still keeps all your data forever. So centuries from now archaeologists can dig up their data center, excavate the hard drive platters and find out who was friends with who and what kind of music they liked. If only we could see Moses's facebook tablet... we'd know so much more about ancient Egypt! Then again, if Pharaoh had seen Jochebed's [wikipedia.org] facebook tablet, he would have se

Re:

[Xacid]

Yes, yes you can.

Here: http://www.facebook.com/help/contact.php?show_form=delete_account [facebook.com]

Re:

[yotto]

I did that about 6 months ago. I just checked and my account is still there. In fact, it got reactivated so now I have to "delete" it again.

Re:

[The Good Reverend]

Well, then obviously you did plan on using it again. Maybe FB is just psychic...

Algeria Internet NOT shut down (yet)

[mbone]

The consensus in the networking community is that the Internet to / from Algeria has not been shut down. See the Renesys [renesys.com] blog for more details.

The situation with regards to social media is more uncertain, with reports of both blockage and routine service.

Re:

[pgn674]

Yeah, I saw that too. So, if this Telegraph article's summary text "Internet providers were shut down ... across Algeria" is shown to be completely incorrect, then the accuracy of the of text in the summary, "Facebook accounts deleted across Algeria," can be taken into question, assuming both statements were investigated the same amount by the summary writer.

Impossible?

[Shuntros]

I thought it was impossible to actually delete a Facebook account? Sure, you can deactivate it, but not delete as far as I can remember.

Re:

[Xacid]

Here: http://www.facebook.com/help/contact.php?show_form=delete_account [facebook.com]

Re:

[takowl]

There is a form that tells them to really delete it. They don't draw attention to it, and it's separate from the "deactivate account" option, but a search in the help centre does bring it up [facebook.com].

No password encryption

[neo00]

Last time I checked, by default login credentials are sent without encryption over http. Stealing the password is very easy in this case. Everyone should make sure to use https instead. There's an option in the user account to enable https all the time.

Re:

[blincoln]

HTTPS doesn't do much good if the country in question implements transparent proxies at the borders of their national network infrastructure that decrypt SSL traffic, inspect the contents, then re-encrypt it with an SSL certificate issued by one of the authorities registered for that country (which is certainly within the realm of possibility for most governments). Have you ever looked at (let alone modified) the list of SSL authorities that your web browser trusts by default?

Re:

[fuzzyfuzzyfungus]

https://www.eff.org/observatory [eff.org]

The punchline: Unless you are using an atypically paranoid browser config, there are a Lot of CAs and subordinate CAs(some of them known-slimy, others known-incompetent), whose certs your browser will silently trust.

What would be nice would be a mechanism for tracking the cert-chain of websites of interest over time and from various endpoints on the internet. Companies do, legitimately, get tired of getting shafted by Verisign, er, um. switch certificate providers; but

Re:

[emt377]

The punchline: Unless you are using an atypically paranoid browser config, there are a Lot of CAs and subordinate CAs(some of them known-slimy, others known-incompetent), whose certs your browser will silently trust.

Yeah, this just illustrates how worthless web certs are. Any government with a CA within its borders can get a cert to impersonate anyone or anything. So can any criminal organization in the same country as long as their government is sufficiently corrupt. The way it SHOULD work is that another party proves knowledge of a secret I gave them when I registered, so I can know when I contact them that it's the same organization I registered with and not an impostor. Plaintext can be avoided without certs; j

Re:

[devman]

Except you have no way to know you who you were talking to you when you registered in the situation you described above. I think CA's and SSL is fine, but I think the browser should flag EVERY cert the first time you've seen that particular fingerprint, so that the motived among us could scrutinize the CA chain every time it changes.

Re:

[icebike]

A pretty wide range of Algerian providers (Telecom Algeria, Wataniya Telecom Algeria, SPA Anwarnet, Smart Link, Orascom/Djezzy, etc.) have direct international connectivity, as seen in the BGP routing table. See here [renesys.com].

That makes it pretty hard for a tin-horn dictator to proxy all of these. (Algeria is not known as a great source of networking expertise).

I suspect it would be much easier to put up a dummy facebook server (honypot) and simply have it deny all log in attempts. A few dns entries at each ISP

Re:

[blackest_k]

Algeria is not known as a great source of networking expertise

I really think you should think about what you are implying here, because logically for algeria to have internet connectivity at all there has to be some competent network engineers working there.

Googling Population of Algeria reveals a population of 34,895,470 roughly half that of the UK and huge compared to my countries 4 million (Ireland).

Just how much networking expertise is needed?

I'm pretty sure Algeria will have it's own share of educated, highly intelligent Engineers. In fact when you reeled off a

Re:

[icebike]

I'm sure there are competent people there. If nothing else, the companies hired to manage their networks would recruit them from anywhere. The government employees are more likely to be cronies of the powers that be than they are to be competent.

The point is, they are unlikely to have an excess of them hanging around against the day when the government decides to filter every facebook posting, and set up a man in the middle attack on each one. It takes a lot of people and a lot of coordination to start s

Re:

[blackest_k]

i remember the controversial album cover on wikipedia

http://en.wikipedia.org/wiki/Virgin_Killer [wikipedia.org]

In December 2008, the image again gave rise to controversy when the British Internet Watch Foundation placed certain pages from Wikipedia on its internet blacklist, since it considered the image to be "potentially illegal" under the Protection of Children Act 1978.[3] This resulted in much of the UK being prevented from editing Wikipedia, and significant public debate of the decision. The decision was reversed by the IWF after four days of blocking.[4]

That was easy enough to do in the UK, i would think most places have some kind of blocking in place. Even if its just to try and stop access to pedographic (maybe not a word but it could be) porn.

Re:No password encryption

[emt377]

HTTPS doesn't do much good if the country in question implements transparent proxies at the borders of their national network infrastructure that decrypt SSL traffic, inspect the contents, then re-encrypt it with an SSL certificate issued by one of the authorities registered for that country (which is certainly within the realm of possibility for most governments). Have you ever looked at (let alone modified) the list of SSL authorities that your web browser trusts by default?

When I was in Vietnam recently, which blocks Facebook, they operated by intercepting DNS. They'd either make lookups fail or make them resolve to their own proxy. Before we realized this my wife uploaded a bunch of photos which then mysteriously disappeared overnight. We got around this by me firing up squid on my linode and using this as our web proxy, by IP address. (Authenticated obviously.) This way names are resolved in the good ole USA, geolocation says we're there (so get stuff in English), etc - AND the local government doesn't get to stick its grimy paws in my DNS lookups. To stops us they'd have to identify me personally, and spend resources on a single individual - and given we were foreign tourists they probably couldn't care less. After all, we'd leave in a few weeks and then we'd still post and say all the same things regardless. If we were locals we'd probably get on a watch list... They DID spend extra time on my exit processing at the airport, where the official wandered off with my passport and was gone 5-10 min.

Re:

[dmomo]

Firebug says different. I hit http://www.facebook.com/ [facebook.com] and see a post only to "https://" for the actual login.

A third option...

[Dhalka226]

Facebook must be cooperating or they're hacking each individual account? I think you're missing a third option [xkcd.com].

Re:

[Confusador]

No, I think that's covered under 'Facebook's cooperating'. Not that I think that it would take a lot to convince them to give up, that's basically their business model, but 'do this or we won't let you accept payments in our country' is basically all the rubber hose you need.

Sounds like a great way to...

[physicsphairy]

1) Alert people their communication is insecure
2) Let them know the government is concerned about their ability to organize
3) Piss them off

All without actually causing them much inconvenience. Last I checked, Facebook made it easy to restore an account, and even if they've changed that, Facebook almost certainly has retained the data and made it clear in Tunisia they were willing to fix the problem for those affected by sabotage.

Re:

[fuzzyfuzzyfungus]

I can only assume that the Algerian government is minimally concerned with the fact that Facebook can restore profiles from the bowels of their titanic data mines and maximally concerned with disrupting efficient organization among dissidents and potential dissidents.

The jackboots start at a numerical disadvantage; but they start organized and comparatively well equipped. The dissidents enjoy potential numerical superiority and a PR advantage; but they start poorly organized and only partially mobilized.

Re:

[jack2000]

You see that's the problem, "key figures " should be avoided at all costs. The populace needs to be thought about decentralized revolt.
Applying network experience to sociological problems ftw.

If it's even slightly true, Algeria is "next".

[Anonymous Coward]

Dunno anything about facebook - who really gives a shit anyway, right? - but if Algeria really is trying to mess with its people's Internet activities, it all but guarantees they are the next regime to face the revolutionary wrath. So to speak.

It's the Streisand Effect to the nth degree.

Re:

[jack2000]

Why even care, nuclear power is so much easier to harvest and closer to home.

Hacking individual Facebook accounts won't work

[dido]

Given how Facebook's infamously buried 'delete my account [facebook.com]' feature works, hacking individual accounts won't in general be sufficient to delete them. Well, with access to the account they could change the password to a random one to prevent the legitimate owner from logging in and preventing the deletion, but the account simply appears deactivated to others until that happens. Facebook cookies on the owner's computer could also conceivably cause any efforts at account deletion to be frustrated. If they "deac

Probably "brute forcing" the facebook accounts

[DustoneGT]

Algerian .gov is probably just hitting them with wrenches [xkcd.com] until they give up the passwords.

Re:

[jmcvetta]

God I'm sick of that cartoon.

Yes, it's fucking obvious that a government can send thugs to beat the crap out of a person until he divulges a password. However, this is expensive (wrench wielding henchman isn't exactly a career that makes mama proud, so you need to pay them a lot); intrusive (you need to bust into someone's house to do it, and you might just get shot in the process); and likely to provoke violent backlash from the beaten person's family & friends. Probably works great under normal cond

Re:

[Opportunist]

Nah, wrench wenches are pretty cheap. I mean, look at McD, burger flipper ain't really the career choice that makes your parents show around pictures of you in the workplace either, but I didn't see a shortage of flippers yet.

That's the beauty of today's work, everyone can find a place he belongs to. Some work with their brain, some with their brawn, but everyone is equally valuable. Or so they said in the PC classes I had to take.

Re:

[Opportunist]

Wasn't it 72 virgins?

OMFG, the recession hit the afterlife now!

More likely explanation

[M. Baranczak]

Some of FB's servers went down. Some paranoid Algerian guy, who may or may not have good reason to be paranoid, noticed this, and assumed that it was targeted at him personally. And a rumor got started.

Re:

[M. Baranczak]

Some of FB's servers went down. Some paranoid Algerian guy, who may or may not have good reason to be paranoid, noticed this, and assumed that it was targeted at him personally. And a rumor got started.

So say the government lackeys . . .

Actually, I work for the Mossad. But I'm on vacation right now - the above post was for free.

Well

[jav1231]

Anyone who would setup that hideous new photo viewer is capable of most any evil.

Did the same thing in Tunisia

[kabloom]

Tunisia also tried packet sniffing to steal the Facebook passwords of everyone in the country, so they could delete the pages that were being used to coordinate protests. I'm sure it's only a matter of hours before someone at Facebook employs the same solution for Algeria [theatlantic.com], forcing everyone in Algeria to connect by SSL and turning on face-based identity verification, a feature whose introduction has already been discussed here on Slashdot [slashdot.org]

Re:

[mr100percent]

I think it was more the Tunisian ISPs capturing the page and inserting their own javascript code before sending it to the client.

Re:

[kabloom]

You're right. The original article I read didn't discuss exactly how the attack occurred, but once I knew what to search for I found an attribution to JavaScript pretty fast [jgc.org].

Still, both kinds of attacks have exactly the same defense.

why give the benefit of the doubt?

[jmcvetta]

Do we have any reason at all to suspect that Facebook is not cooperating with the Algerian regime? So far FB has never done anything that would make me afford them the benefit of the doubt. I would be shocked - nay, it would strain my belief - if they didn't willingly cooperate with the government.

Re:

[coolmadsi]

I thought when they noticed the Tunisian government were doing bad things with their website they pushed HTTPS on all Tunisian users, which would have slightly hampered the governments attempt to control communications.

If Algeria is next, we can hope for Libya too

[G3ckoG33k]

If Algeria is next, we can hope for Libya too. Unfortunately, Libya's Khaddaffi known for his sex orgies has a likeminded friend in the senile Italian clown Berlusconi.

North African girls?! Who supply them? Are they traded goods?!

Yahoo writes [yahoo.com]: "Silvio Berlusconi, the long-serving prime minister of Italy, is facing multiple scandals that are entertaining and deadly serious. Italian prosecutors are seeking a fast track trial for Berlusconi on a number of charges. The charges include abuse of power and having

Re:

[Corbets]

So much for innocent until proven guilty, eh?

An unsubstantiated claim?

[benfell]

I notice that the story linked above [telegraph.co.uk] doesn't substantiate the claim. The only reference appears in a teaser (above the byline) which I'm guessing might have been written by an editor rather than by the reporter. It's a helluva rumor to start--I've been seeing all over the place all day.

Dumbasses

[bedouin]

When they shut the Internet off here in Egypt it only made people more pissed. Nothing to do inside then you go outside and join everyone else. If you work from home then you're even more pissed off.

Article says nothing about Facebook

[DocJohn]

While the headline and blurb suggest that indeed Facebook is being targeted in some manner, the article body itself makes absolutely no specific reference to Facebook. What this suggests is that the headline and blurb (introductory text to the article) were written by someone else -- an editor, usually -- who either didn't read the article very carefully, or made an assumption about what is actually being done.

It's odd how this could have been published as-is on a respected news website like the Telegraph.

I wish they would delete mine.

[ThurstonMoore]

The best I could do when I wanted to delete my Facebook account was deactivate it. It occasionally gets reactivated when someone hacks it and I have to deactivate it again.

Re:

[belmolis]

What's the evidence for this?

Re:

[G3ckoG33k]

How do you hijack a group?

Re:Elections

[fuzzyfuzzyfungus]

They do have elections, though I'm not sure how hiqh-quality they are thought to be. The fact that said democracy has been continually operating under emergency powers since the end of the Algerian Civil War probably doesn't make people entirely cheerful.

Ultimately, though, I suspect that they are hitting the same demographic/economic crunch that has caused trouble for other states recently: Fairly high unemployment(particularly among the large portion of the population that is fairly young), rising costs of staple commodities, and the perception(generally accurate) that the state is corrupt and exploitative in favor of some well-connected elite. Even in well-functioning democracies, that demographic circumstance will produce substantial volatility. If the state is having any legitimacy issues: boom. (On the other side of the coin, as our dear friend Putin can attest, if you preside over a period of improved wellbeing for the population, people will eagerly forgive egregious corruption and repression...)

Re:

[Opportunist]

The question that interests me more than whether or not Algeria has internet access or not is: Can it happen to me when (not if) we do the same?

Re:

[Internetuser1248]

I think there might be remnants of mine left too, do I have to move to Algeria or do i just need to talk smack about them online?