WTF FACEBOOK?

Posts : 1469 Join date : 2009-10-22 Age : 40

I knew facebook was evil, but not THAT evil.
When I go back in Firefox, it sometimes displays code accidentally.
So I used the "LIKE" button, went on browsing, went back and saw the code.
Studied it and discovered "cavalrylogger". I'm no computer crack, but the code looked really malicious.
Googled it and found that it is a KEYLOGGER by facebook.
Apparently, Facebook logs your every keystroke, passwords, emails, everything...WTF? Are they really doing THAT?

Can someone who knows his way around computers a little better than me go into this and tell me it isn't true?

Posts : 1002 Join date : 2009-11-09 Age : 36

I am not on FaceBook and I don't know what cavalrylogger is. If you share the code I can tell you what it does.

I do know however that FaceBook (and Google and other such companies) stores any information it can get. That is how they make money. It's called personalization. Maybe you're interested in the work of Eli Pariser and the like.

Posts : 1469 Join date : 2009-10-22 Age : 40

Thanks, I've read about the echo-chamber theory before, and it's an interesting development.

The code can be found here:
CAVALRYLOGGER
This code is what you get whenever there is a "LIKE" button.
I have a very, very bad feeling about this.

Subject: Re: WTF FACEBOOK? Mon Oct 03, 2011 9:40 pm

that's why a lot of the ads on facebook...and other sites...seem to be something you might be interested in

Posts : 1469 Join date : 2009-10-22 Age : 40

the B wrote:: that's why a lot of the ads on facebook...and other sites...seem to be something you might be interested in

I'm talking about something else (and I have personalized ads turned off).
I mean: do they actually log my every keystroke? that goes beyond personalized ads or marketing, that's a whole new dimension of evil and serves other purposes.

Subject: Re: WTF FACEBOOK? Mon Oct 03, 2011 10:22 pm

hmmm...how do we know swamp and hope are not logging our every key stroke????

Subject: Re: WTF FACEBOOK? Tue Oct 04, 2011 3:13 am

From what I can find online, Cavalrylogger is strictly related to the Like button tied to Facebook. I found a few posts on a Facebook Developers forum but this particular link seemed to have the best explanation.

http://stackoverflow.com/questions/4188605/what-is-cavalrylogger-and-do-i-need-it

Quote :

Okay so I had a look over the beautified version of this minified code and have noted the following:

By itself these are a bunch of utility functions.

CavalryLogger doesn't do anything with this file by itself because it doesn't exist, nor is it defined.

The code in question regarding key binding:

Code:: function KeyEventController() {
copy_properties(this, {
handlers: {}
});
document.onkeyup = this.onkeyevent.bind(this, 'onkeyup');
document.onkeydown = this.onkeyevent.bind(this, 'onkeydown');
document.onkeypress = this.onkeyevent.bind(this, 'onkeypress');
}
copy_properties(KeyEventController, {
instance: null,
getInstance: function () {
return KeyEventController.instance || (KeyEventController.instance = new KeyEventController());
},
defaultFilter: function (event, a) {
event = $E(event);
return KeyEventController.filterEventTypes(event, a) && KeyEventController.filterEventTargets(event, a) && KeyEventController.filterEventModifiers(event, a);
},
filterEventTypes: function (event, a) {
if (a === 'onkeydown') return true;
return false;
},
filterEventTargets: function (event, b) {
var a = $E(event).getTarget();
if (DOM.isNode(a, ['input', 'select', 'textarea', 'object', 'embed'])) if (a.type != 'checkbox' && a.type != 'radio' && a.type != 'submit') return false;
return a.getAttribute('contentEditable') != 'true';
},
filterEventModifiers: function (event, a) {
if (event.ctrlKey || event.altKey || event.metaKey || event.repeat) return false;
return true;
},
registerKey: function (f, a, d, g) {
if (d === undefined) d = KeyEventController.defaultFilter;
var b = KeyEventController.getInstance();
var c = b.mapKey(f);
if (is_empty(b.handlers)) onleaveRegister(b.resetHandlers.bind(b));
for (var e = 0; e < c.length; e++) {
f = c[e];
if (!b.handlers[f] || g) b.handlers[f] = [];
b.handlers[f].push({
callback: a,
filter: d
});
}
},
keyCodeMap: {
'[': [219],
']': [221],
'`': [192],
LEFT: [KEYS.LEFT, 63234],
RIGHT: [KEYS.RIGHT, 63235],
RETURN: [KEYS.RETURN],
TAB: [KEYS.TAB],
DOWN: [KEYS.DOWN, 63233],
UP: [KEYS.UP, 63232],
ESCAPE: [KEYS.ESC],
BACKSPACE: [KEYS.BACKSPACE],
DELETE: [KEYS.DELETE]
}
});
copy_properties(KeyEventController.prototype, {
mapKey: function (a) {
if (typeof (a) == 'number') return [48 + a, 96 + a];
if (KeyEventController.keyCodeMap[a.toUpperCase()]) return KeyEventController.keyCodeMap[a.toUpperCase()];
var b = a.toUpperCase().charCodeAt(0);
return [b];
},
onkeyevent: function (i, c) {
c = $E(c);
var d = null;
var g = this.handlers[c.keyCode];
var b, f, a;
if (g) for (var h = 0; h < g.length; h++) {
b = g[h].callback;
f = g[h].filter;
try {
if (!f || f(c, i)) {
var node = null;
if (window.Parent && Parent.byTag && c.getTarget) node = Parent.byTag(c.getTarget(), 'a');
user_action(node, 'key', c);
a = b(c, i);
if (a === false) return Event.kill(c);
}
} catch (e) {}
}
return true;
},
resetHandlers: function () {
this.handlers = {};
}
});

This code lets you bind keys to callbacks, and includes more human readable names for common keys. Take for example the usage here:

KeyEventController.registerKey('ESCAPE', Dialog._handleEscapeKey, a);
The ESCAPE key is registered to make Dialogs go away. handlers is also empty by default, so nothing is going to happen until you use registerKey or append to it manually. Note that this is the only instance of registerKey being called.

It also has a lot of AJAX utility functions. Can't really send anything to Facebook from your domain anyways because of same origin policy (unless you modified security permissions, but then that's your fault). Same thing with the cookies set.

There's also a history manger, but it uses an iFrame so it won't be able to read it from your domain anyways.

Finally the like button code I found is an iFrame, so it wouldn't need JS includes unless you were using javascript to create the iFrame or something.

With that in mind I don't see the need for you to include all this.

Posts : 1002 Join date : 2009-11-09 Age : 36

StoneyMaroney wrote:: Thanks, I've read about the echo-chamber theory before, and it's an interesting development.

The code can be found here:
CAVALRYLOGGER
This code is what you get whenever there is a "LIKE" button.
I have a very, very bad feeling about this.

This script doesn't seem to be harmful on first sight. Looks like normal event handling. You've got similar code on any website where you can type in text (like this one, any other forum, any search engine and so on). In general I wouldn't worry about their client side code too much – everyone can see it and I highly doubt that they would violate their own general business terms (or whatever it is you sign when you join FaceBook). The script does however call other scripts (like http://static.ak.facebook.com/common/history_manager.php). All of which are server side, meaning it might be not as easy to find out what they are doing. So, while I do think that FaceBook should not be trusted on any level this script does not make me more suspicious in particular.

An Austrian law student appears to be concerned with the same thing and is causing some media attention in Europe:

http://derstandard.at/1317019154026/Wiener-Studenten-machen-Facebook-Beine

(Sorry, German only)

Posts : 1469 Join date : 2009-10-22 Age : 40

Thanks for going over this, Haunz.
Yeah, I shouldn't be on facebook, and I know it.
The profile is fake to the max, but then my face gets tagged by friends all the time, so there is no anonymity.
I don't know how facebook needs all this script for a like button to merely appear on screen, without you pushing it, only seeing it,
and no matter on what site.
I dig all that code stuff, I wish I understood more of it, but there's no time to get into that.

Posts : 411 Join date : 2009-10-26

StoneyMaroney wrote:: I knew facebook was evil, but not THAT evil.
When I go back in Firefox, it sometimes displays code accidentally.
So I used the "LIKE" button, went on browsing, went back and saw the code.
Studied it and discovered "cavalrylogger". I'm no computer crack, but the code looked really malicious.
Googled it and found that it is a KEYLOGGER by facebook.
Apparently, Facebook logs your every keystroke, passwords, emails, everything...WTF? Are they really doing THAT?

Can someone who knows his way around computers a little better than me go into this and tell me it isn't true?

That does not surprise me.

Posts : 411 Join date : 2009-10-26

StoneyMaroney wrote:: Thanks for going over this, Haunz.
Yeah, I shouldn't be on facebook, and I know it.
The profile is fake to the max, but then my face gets tagged by friends all the time, so there is no anonymity.
I don't know how facebook needs all this script for a like button to merely appear on screen, without you pushing it, only seeing it,
and no matter on what site.
I dig all that code stuff, I wish I understood more of it, but there's no time to get into that.

Well, as much as I dislike my ex husband sometimes, he was right about the internet...it's THE BEAST...yannow, the one they talk about in the Bible?

Subject: Re: WTF FACEBOOK? Sat Nov 05, 2011 1:06 am

teh beast....how can something that brings me all kinds of free boobies 24/7 be called the beast????

Posts : 411 Join date : 2009-10-26

the B wrote:: teh beast....how can something that brings me all kinds of free boobies 24/7 be called the beast????

keylogger...they steal your information and sell it to the highest bidder. they take advantage of your obsession with boobs....by making money off it.

Subject: Re: WTF FACEBOOK? Sat Nov 05, 2011 8:09 am

I wish I cold make money from it Laughing

Posts : 1469 Join date : 2009-10-22 Age : 40

If teh B could make money out of his obsession for boobs, he'd be richer than Gazprom and the Vatican together Laughing

Posts : 411 Join date : 2009-10-26

StoneyMaroney wrote:: I knew facebook was evil, but not THAT evil.
When I go back in Firefox, it sometimes displays code accidentally.
So I used the "LIKE" button, went on browsing, went back and saw the code.
Studied it and discovered "cavalrylogger". I'm no computer crack, but the code looked really malicious.
Googled it and found that it is a KEYLOGGER by facebook.
Apparently, Facebook logs your every keystroke, passwords, emails, everything...WTF? Are they really doing THAT?

Can someone who knows his way around computers a little better than me go into this and tell me it isn't true?

Haha...As a conspiracy theorist, this doesn't surprise me. In fact, I've been referring to facebook as the global police, in jest, but really it isn't that funny. Seriously, how comes you can 'deactivate' your account but you can't delete it? We could all go offline and really put them out of business, but it's all gone on for too long. The internet IS the beast.

Posts : 411 Join date : 2009-10-26

I didn't realie that I'd already posted about this many months ago...damn it's been a long time.