Incompetent IT staff blocks Facebook to “secure” network.

Having worked as a web developer for a number of years I have a little experience setting up and securing networks and web applications. Concordia university has recently banned facebook access from wired terminals (but the wireless network remains unblocked). Here is Concordia’s reasoning:

“Starting September 1, 2008, Facebook can no longer be accessed from desktop computers with a wired connection to the Concordia University network.

Facebook is still accessible at Concordia if you connect using a wireless network connection. It is also accessible in all residences.

The university has decided to implement these restrictions because of concerns that the continuing reliability of the Concordia network could be compromised because of spam, viruses and leaks of confidential information related to Facebook use. Although accessing Facebook using a wireless connection may present some security risks, the potential danger to the main Concordia network is greatly reduced.”


Now I would love to hear how Facebook compromises security anymore than hotmail access.  I can guarantee that it does not, and I believe this shows how social networking applications are misunderstood. Looking back to Enkerli’s presentation on enthusiasm and technology adoption, it really shows how it takes more than just a teacher to experiment and use new communication technologies. A lazy IT department can opt for the “quick fix” (just block it) which in turn makes it extremely difficult for teachers to make use of it.
In fact, I doubt this has anything to do with IT security, and I would bet “higher ups” outside the IT department played a large role in making this decision. Any Concordia staff care to comment or let us know how this decision was made? I’ll start digging into this today, and see what more I can uncover.

(field notes from my conversations with students at Concordia about the facebook ban)

Interestingly students are already working around the ban by using various proxy servers.   (this lets you login, but using such proxy’s is probably an even greater security threat depending on who runs the proxy service). Some features also do not work when logged in through the proxy server [think of a proxy as a server in between Facebook and you, which accesses Facebook on your behalf and gets around the access ban. The proxy can feed you whatever it wants, so it could be recording passwords etc].

See also Dimitri’s discussion about how the facebook ban affects student run organizations at the university.

[note, article in paper i read discusses how social viruses can be transmitted through facebook… so yes, if someone is in a group, and gets a message to check out a website, and then downloads a virus, there can be security threats.]


4 responses to this post.

  1. Not to defend them but I wouldn’t be so quick as to blame IT. While it’s possible that they had pressure from ConU’s administration, my guess is that they took this step because “something happened” about Facebook use on university computers and IT found this way to be the most effective at nipping the problem in the bud. Because they mention phishing and applications specifically, I’m guessing the issue had more to do with social engineering than with network security. And while Fb may not be more insecure than Hotmail, it might be an easier target for phishing attacks or even for the use of some browser exploits.
    Keep in mind that there’s an issue of liability. To a certain extent, ConU is responsible for use of its infrastructure.
    People’s attitude toward Fb varies greatly. Since I became more active on Fb (been on the platform since 2005, became more active in 2006), I’ve noticed a lot of changes in people’s perspective on Fb. Some of those who were most vocally “against it” have since become Fb enthusiasts. While journalists do occasionally play Fb as a major threat (it sells copy), the SRC has recently addressed the existence of a “vote swap” Fb group without any kind of “Fb is dangerous/evil” comment. Academics have been using Fb more and more in their work and I even have a friend who used a Fb group as a kind of ad hoc “course management system” (as a pseudo-Moodle, if you will). And ConU has, not uncharacteristically, adopted a fairly reasonable approach to Fb, in the past. Some IT people I’ve talked to there have expressed a desire to learn more about it, discussion about privacy issues were fairly thoughtful, and there wasn’t any advice given against Fb before this block.
    Now, I must say, I was disappointed by the block and the block does require me to change my ways for a few things. Basically, I need to either use ConU’s wifi to use Fb (on my iPod touch) or I postpone my Fb time to when I’m off-campus (i.e., almost any time). I would have a much tougher time if ConU were to ban Gmail. I don’t care about Hotmail but I think the potential for disruption of a Hotmail block is large enough that ConU would probably try to find other workarounds before blocking Hotmail.
    Keep in mind, use of ConU’s infrastructure is subject to relatively clear rules. Especially the wired network and other equipment. While there are academic uses for Fb, it’s safe to say that a high proportion of Fb use is only indirectly related to research, formal education, or university-related service. Those uses of Fb which would fit most directly in ConU’s usage policy are still a bit harder to justify than, say, checking email. Especially if you think about the difference between being on-campus and being off-campus. While it’s certainly convenient to be able to spend some time on Fb while on campus, Fb use isn’t tied to local access the way library resources are (or were, before ConU added VPN support). IOW, you don’t need to be on-campus to use Fb and use of ConU’s computers is mostly for things that are either exclusive to campus or at least much easier to do on-campus.

    Yeah, I know, this comment is longer than your post. I don’t see that as a problem.


  2. I’d love to know “what happened” to motivate the block. I also worry about phishing attacks through Facebook proxies which are becoming popular. I suppose teachers wanting to use facebook would have to rely on off-campus access, but it sure is a stumbling block for properly integrating these kind of techs.

    Thanks for the insights. [pardon the short reply, I’ve only been blogging part time in the past few weeks due to my ridiculously over-my-head renovation that I’m digging myself out of.]


  3. Just saw, on Fb, some comments about phishing and other dangerous behaviours. I’m guessing something did happen, recently. And/or, people are being proactive about protecting Fb user.
    Yes, the proxies are dangerous. But people who use them are likely to be more careful about their data than the casual user. Besides, in terms of liability, they’ve left ConU’s “jurisdiction.” There might even be a campaign to prevent use of proxies on public computers.

    BTW, what seems to be an important point is that access to Fb through ConU’s WiFi has not been blocked. This kind of implies that IITS isn’t on an anti-Fb mission and that the main issue is ConU’s own infrastructure. In fact, it helps making a difference between personal computers and public computers. Some people (especially full-time staff, including faculty) seem to assume that the computers on their desks are their property. This has multiple consequences for not only security but other dimensions of maintenance.
    In the case of computers at the library or in other computer labs on campus, the fact that they’re shared is very obvious. But there still needs to be a lot of care taken in terms of the human side of security.


  4. In my office right now. From home, I commented on a friend’s joining of a Fb group about a political issue. Getting a Fb notification that another comment had been posted. Excellent occasion for interaction about social issues (in this case, “first past the post” electoral systems and Duverger’s law). Clicking on the link in the Fb notification to “see this comment in context” (and possibly add a new comment).
    Page Load Error. Network Timeout.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: