Cleaning up Facebook “Friend” list

I created my Facebook account in 2007, when Facebook was slowly making its trend in this side of the world. And then I made the worst mistake – adding anyone.

Continue reading

Advertisements

Remove imported (stolen) contacts from Facebook

I have reasons to believe that it rather steals contacts from your phone rather than politely synchronizing them.

Once you install Facebook, it forces you to install Messenger aside. If you don’t it will keep sending you new message notifications but not letting you read them. So you install Messenger.

Next, when you set up Messenger, they show you some an eye-candy stuff, and convince you to enable uploading your contacts, call and text history. This is where the problem begins. I don’t want to upload my contacts to Facebook, but Facebook developers have set up things in a way that it will convince most users to do so. Bad.

So here’s my normal routine when installing Messenger:

Text anyone in your phone: NOT NOW
Is your number up to date? NOT NOW (why the hell do I have to let people look me up on my phone number?)
Skip phone number? SKIP (are you effing kidding me now?)

So even after completing these three steps, Facebook Messenger won’t stop bugging you with Contacts Upload and Friend Finder stuff. I remember I accidentally touched a ‘Get Started’ button somewhere and it immediately started uploading my contacts. Just like a fish put back into the water!

I got panic and turned off WiFi immediately, but what’s done is done. After meddling with the Facebook and Messenger apps, I was able to turn off ‘Continuous contacts upload’. You can find that in the Facebook app settings.

After a bit of struggle with Facebook on web, I was able to find the following URL. Now, this URL is very important. I even recommend you to bookmark and share it with friends.

https://web.facebook.com/invite_history.php

Go to that URL, and you will see your past invitations (by any chance if you had previously shared your email password with Facebook) and other contacts stolen from your email account in one place. Scroll all the way to bottom and you will see a hyperlink saying “Remove all contacts”. Click it, and after a couple of confirmations, it will delete your imported contacts.

Towards the top of the same page, there’s a hyperlink saying “See contacts you’ve uploaded in Messenger.”. Click it, and then click the “Delete All” button. Don’t even bother reading the confirmation, just hit “Delete All” when it tries to convince you to keep them. That’s it!

Now I’m even more careful when working with the Facebook and Messenger apps.

 

Getting old Truecrypt to work with Xenial

Truecrypt died two years back.

Despite their warning I continued to use it for encrypting some of my data, because I believe Truecrypt was rather killed by a hidden hand – not actually because of any unfixable vulnerabilities.

So, straight to the topic; a new Ubuntu LTS is here and everyone is upgrading. I wanted to install it from the scratch this time. Therefore first of all I took backups using Truecrypt that I have been using since 2014. (My laptop had Ubuntu 14.04 LTS until right now)

All went so smooth until I tried to mount my encrypted Truecrypt volume with the previous Truecrypt 7.1a binary I had. It has been previously compiled into one single executable binary, and the architecture was the same (x86_64).

The error was;

error while loading shared libraries: libwx_gtk2u_adv-2.8.so.0: cannot open shared object file: No such file or directory

Mmm… dependency problem! I tried to install libwxgtk-2.8 from official Ubuntu Xenial Xerus repositories, but the only available version was 3.0. Installing version 3.0 did not address the issue.

After trying out a couple of other options I figured out that easiest option is directly downloading and installing dependencies from the Launchpad. It fixed the issue!

So, this is what worked for me:

$ cd /usr/bin
$ sudo ln -s /opt/truecrypt truecrypt    #Note: I put my previous binary in /opt
$ mkdir /tmp/wx
$ cd /tmp/wx
$ wget http://launchpadlibrarian.net/219037037/libwxgtk2.8-0_2.8.12.1+dfsg2-2ubuntu2_amd64.deb
$ wget http://launchpadlibrarian.net/219037033/libwxbase2.8-0_2.8.12.1+dfsg2-2ubuntu2_amd64.deb
$ sudo dpkg -i *.deb
$ truecrypt &

I believe this is the time I should be looking for an alternative encryption solution, because eventually dependencies will also get old and die, completely killing Truecrypt.

 

More on constructing passwords

So, that happened and I had to spend a considerable amount of time choosing new passwords.

I really didn’t write about how I manage my passwords. I thought about writing this tip because it’s a game of battle between convenience and confidentiality.

People choose weak passwords because they are easy to remember. But easy to guess at the same time. People use the same password with many websites so they have to remember only one. However, a stolen password unlocks an entire treasure for an attacker.

Despite there are password management tools available I completely rely on my brain. But how many to remember? I have 50+ things to protect with passwords. Am I going to use a single password for all? No! Am I going to use 50+ different passwords? Again no! This is where you have to balance between convenience and security.

First I add all of my things (machines, routers, encrypted archives, websites) into a task management tool. I don’t remember each of them in hand, so as I remember them I add them to my backlog.

My backlog has several lists.

  1. Physical assets – computers, backups, routers, mobile phone, etc
  2. Office – work related ones, anything that belongs to my employer
  3. Finance – bank, anything that has access to my money
  4. Critical – email, anything that has a serious impact on my privacy
  5. Medium Importance – as it says
  6. Low Importance – I don’t mind losing these accounts
  7. No SSL – websites that are non-HTTPS
  8. Untrusted – websites that I suspect for storing passwords in plaintext

Passwords built for each of these sets will follow a different text pattern that is a synthesised fake word. Want an example? Read about how Google caught Microsoft red-handed and you’ll see a couple of examples there. I synthesise fake words that do not even exist in the English dictionary. Fake words that I haven’t even googled to find out existence. While it’s all echoing in my mind, I don’t even whisper them in the shower.

Next thing is l33t. I make it pAr3!@|ly l33t. Randomly by making sure my new contains upercase, lowercase, numbers and punctuation.

Eight different fake buzzwords –> eight password skeletons –> many number of passwords

That’s how changing passwords work for me. It’s could be several hours of effort. Next steps are training my fingers for the new password, and then following my to-do list to change 50+ passwords, one list at a time.