Quoting Andrew McGlashan (andrew.mcglashan@affinityvision.com.au):
[2] http://twit.tv/show/security-now/404 -- How Facebook Monetizes (May 15 2013)
One's faith in this as a credible source of information is somewhat impaired by their citation of third-rater IT drone Steve Gibson, of all people, as 'the security master'. Anyway, the only surprise in this subject would be the notion that anyone might be unaware that Facebook are selling its users as product, which they are most certainly doing, indeed. It suffices to visit any Facebook page and check using NoScript to see the array of tracking methods they throw at people, and that aspire to track even logged-out users. Additionally, one might point out that the smartphone market's whole 'start with a pproprietary, vendor-controlled OS, then install and run a variety of untrustworthy codebases from nowhere-in-particular' user culture is essentially hopeless, i.e., there is -no- prospect for reasonable security, having thrown that away at the beginning. And that's not including their other obvious data-mining measures. I personally use a Debian laptop and (primarily) an old PalmOS PDA[1] to house my sensitive data, and eschew smartphones for now, because the security model for all Android mobiles is ridiculously porous (even CyanogenMod to a degree), and the telco data plans in my country are outrageously overpriced as long as I'm footing the bill. The core of my computing centres around the Debian server in my garage (the linuxmafia.com box), which is a fine platform with a readily understandable and controllable security model and which I can rely upon to work for me and not three-letter spook agencies. [1] Although it's an opaque proprietary OS, PalmOS as implemented on classic PDAs like my Palm TX is a single-tasking, standalone OS, hence it has a simple, readily understood threat model. The killer app in my opinion is Martin B. Pool's Keyring, http://gnukeyring.sourceforge.net, an open-soruce 3DES datastore for security tokens. I keep anything and everything security-sensitive there, airgapped from all networks.