The biggest Facebook security hole

Seriously. Over and over again I lose access to my Facebook account (www.facebook.com/sylvain.poirier.714), because of a huge failure in the minds of the Facebook security designers. What happens ? The problem is NOT that anyone ever tried to hack my account, as far as I can tell. No.
On the contrary, it is because of the PARANOIA following which the Facebook security systems were designed, which decide to continuously and insanely classify my activities as "suspicious", and as a result temporary disable my access to my account.

What do I do so wrong ? Well, I travel. I often change the place from which I try to connect. I wish there was a way to tell Facebook what is the next place I will connect from, so as to not see it suspicious when I will connect from there, but there isn't. Ah also, another fault (I guess, I cannot check), is that I don't have any personal laptop or smartphone, by the cookies of which Facebook could still recognize my identity despite changing my place of connection (I hate smartphones which are too small, while laptops are too big to travel with and they got stolen when I tried to have one). So, many times my account is temporarily blocked under excuses of "security" and "protecting" my account, while I never asked them to be afraid for me.

Sometimes I can unblock my account by passing some test, other times I can't because their identification procedures fail, and I am extremely bothered at how they oblige me to spend time passing some exams trying to prove my identity, and sometimes failing because the conception of these exams is absurd. And of course, just because I fail to prove in its stupid eyes that I am the real myself, makes the Facebook system proud of itself by concluding that my account was really hacked, as it positively "found someone who has my password and still could not prove authenticity". Therefore it insanely feels right and necessary to oblige me to change my password. There is no way I can make it go otherwise.

One option is to receive an SMS. It did work in the past but in the last months before writing the present page it stopped working : their SMS are not reaching me anymore, while those from Gmail still do. At the time when I am writing this page, this blocking was happening several times in 2 days : at one same place, twice I unblocked by successfully passing a test, and once had to change my password, and still it became blocked again after this !!!!! Maybe this happens under the excuse that at every session the computer is cleaned up from all data so that facebook does not remember me by cookies... next time I recover my account I will take note of the list of all people I recently wrote to, so I will succeed at this test then... you can do the same...

Trying the method of recovering account by changing password, password is changed indeed but the account remains locked.

Now the problem is I cannot do without Facebook as this is what everybody else uses. I have no way to stay in touch and find new contacts and events otherwise. I am now deprived of social life by this failure.
Please share the link to this page on facebook or any other social network, thanks !!!! I posted this issue in Quora.

In another Quora question : How to unlock a Temporarily Locked Facebook account?, the following comment appears:

I just had a friend of mine post this on my Facebook timeline:

Lars has asked me to write on his wall telling you all that he has been locked out from Facebook after posting a presidential Bernie Sanders video.

Lars is asked to verify his identity and change his password, only to get the same message about being "Temporarily Locked" over and over. Lars has a Master in Computer Science and would never, ever fall victim to a phishing attack. The so-called "explanation" provided by Facebook does not explain why his Bernie Sanders post has been forcefully removed.

Being stuck in this eternal loop of being asked to change password and still not being able to log in makes it impossible to read and answer Facebook messages, so you are requested to revert to last millennium technology of sending text messages. Thanks!

Other quora questions I answered (please upvote):
Why should I hate Facebook?
What do you hate the most about Facebook?
What is your opinion about Facebook?
What would happen if Facebook were to shut down immediately without warning?
Why is the Facebook security code not being sent to my phone?

All this system has nothing to do with security concerns, really

If they were really interested to ensure the identity of user (prevent the risk of hacking), they would have provided a very simple and efficient solution : sending a code by email. This at least is a reliable, non-bothering solution. It does not have the risk of not working, unlike SMS which may not be received, or other tests which may fail for diverse mysterious reasons... This email code done after logging in with password, can be considered double security.
They are actually offering email code a means of changing password --- that is doable for users who are so badly identified that they didn't even need to give the existing password !!!! with the only "securisation" that after changing password they are sending an email to warn about change of password, which might be so cancelled. But if a hacker had the access to the mailbox which is needed to receive the email code then he may as well ignore or delete the received warning (to not let the real user receive it), can't he ???
So, having nothing to do with security, two possible hypothesis remain.

One hypothesis, which seems to be a bit more likely to me, is that they really "wish" to be concerned with security, but are incredibly, infinitely stupid in doing so. Well, Facebook is investing many millions in Artificial Intelligence. As I have argued on the topic, Artificial Intelligence seems especially fascinating to the people in lack of any natural one. Maybe, before undertaking such investment, they would rather need to stop investing millions in Artificial Stupidity instead.

The other hypothesis is the sadistic hypothesis : the deliberate will to bother. Or at least, the total, absolute absence of any concern for the interest of users. Even though, they did invest work in developing those procedures, and they are actually losing opportunities of profit by not letting for a while people using their service normally with advertising space. And not only to bother by the actual waste of time, but to get on the nerves of people by proceeding in random, unequal manners : making it a matter of chance who is bothered and how much ; making it depend on such absurd condition that some users will realize that they could have escaped some punishment if only they had done something differently, such as configured some friends help in recovery, or taken note of the exact list of people to whom they wrote in the last 2 weeks.... not that it would have made genuine sense to do so, but just because, this happens to be working like this under Facebook's Dictatorship of Nonsense.

One nonsense is the mixture of possible causes for this temporary suspension of account : is it because of logging in from a new place, or for the fault of friend requesting a stranger who did not like it, or for no reason at all ? While I might understand that friend requesting a stranger who does not like it is a kind of fault which might deserve some kind of punishment, logging in from a new place should not deserve any punishment. That is a black box, there is no way to know. And whatever the true cause or fault may be, the punishment is the same, that is, random and totally unequal between users only depending on how they configured their security, matters of chance and other nonsensical conditions. If someone is faulty of friends requesting strangers, at least he needs to be informed of the nature of his fault to not repeat it ! and instead of being banned from internet which is a total waste, a mere temporary disability to friends request people would have been efficient and appropriate. But without explanation and without uniform appropriate consequence, there is no possible room for correction.

Let me explain further by a comparison with driving. Imagine a taxi driver who works all day long, all year long. For many years he served many thousands of clients without any fault. One day he does not pay attention to something and commits a little infraction. Something little, not causing any accident, but doing a formal detail wrong causing someone being afraid. For this fault, his driving license is removed. As a result, people in need of a drive will go with other drivers with much less experience, who kept their license just because driving much less resulted in less risks of having their driving license removed. Does this make roads more secure ? Of course it doesn't.
Now let us come back to social networking. Someone can have intense networking activity, with many friends, and be appreciated by many people. He may be volunteer to do great things serving people, like me volunteering to provide free initiation to theoretical physics. Driven by the enthusiasm of popularity he may forget being careful when contacting new people, so that someday he may commit a little fault such as friends request to a stranger who does not like it. If that results in being banned from accessing one's account, then it loses at the same time all the contact with many people with whom contact was initiated and appreciated, who were interested to meet. Does this banning make the world more friendly ? I don't think so.

Access finally restored

After 2 days without access and a lot of worry, the second day no more trying, finally I restored access to my account. How ? Just like happened one month before: that, for mysterious reasons, in the list of offered security tests, appeared the very much simpler method "Give your birth day".

Access denied again - Facebook obliges users to violate their own terms & conditions, dangerously weakening "security" under the excuse of strengthening it

If I remember well, Facebook demands its users to never give their login & pass to anybody else.
However in a new so-called security procedure, after moving to a new place, I am again denied access to my account, it turned out to be useless to take note of the list of all users to whom I wrote in the last 2 weeks because this method is not offered anymore. Instead, is the option of approving the connection from a computer that was used before. But how do they think it is possible to do this approval, if not by giving one's login and pass to somebody else who will take care of this operation ???? By the way it is fortunate that there exists a method of email to write to people outside facebook, otherwise it would not even be possible to ask someone for doing this operation.

How wicked is the persecution so suddenly falling on victims of this nonsense

Not only they cannot anymore access their personal data, but they cannot either search for events, and all the rest of the world is also denied the right to view whatever they could write, either profile, posts, or private messages. For example, if in private chat a person A wrote some other contact address (email, phone, or other online contact data) to a friend B, then unless B actually copied this data (copying it as a reply in the same chat with A would actually suffice), as soon as A's account is temporarily disabled, B is also denied the right to read any of A's messages, thus cannot either try another way of contacting him.

Maybe the Chinese online social networks are more reliable, after all

I had a contact in China, and tried to argue for the use of Facebook over the Chinese, government-controlled WeChat. I thought and tried to claim nobody used WeChat outside China, especially because of that Chinese government control and censorship, but it is actually not the case: I learned that WeChat is actually well used outside China due to its richer functionalities. But accessing Facebook in China requires a VPN, which implies appearing to "connect from different places", which automatically results in these "temporary" (but hardly curable) disabling of account. Now that I see the FB account of this contact "temporarily disabled" for quite a while, the argument by government control is annihilated: the advantage of Facebook, which just comes by surprise to plainly deny users access to their own account, becomes far from clear. Maybe WeChat is actually much more free to use in practice after all...

So, replying some questions on Quora

Is Facebook completely secure?
What type of security problems does Facebook have?

Facebook is extremely insecure, unfortunately so-called “security experts” have no clue about this just because their “expertise” means being re-programmed into losing all common sense and having no clue about what true security means. True security as I see it, would consist in being secured against the following risks, actually much greater than all so-called “security risks” which these “experts” are only able to think about:

The risk of being over and over again denied access to your own account under fallacious “security” excuses, especially the re-occurrence of circumstances that can be actually normal for a number of users but which “experts” cannot figure out because they never put the nose out of their office, such as often connecting from different places using different devices (In particular using a VPN, which may be installed by default in some internet cafes, but happens to be a necessity for Chinese people who wish to use FB).

The risk of wasting a huge lot of your time and nerves desperately trying to comply to some completely absurd "security controls" designed by some absolute morons who happened by the hazards of an absurd destiny to have got some absolute power over your life (uh, the conditions of your rights to access your FB account), controls which seem to be much more designed to waste as much as possible of your time and finally fail to recognize your identity, than to fit any decent concept of security and verification (as if you obviously had to set it as the goal of your life to continuously care how to fit in such technological nonsense, otherwise hackers will be more likely than you to pass these tests which they are better equipped for);

The risk of having to bother some other FB users around begging them to use their account as the only way for you to check about upcoming events around, because for the above reasons you failed to access your own account to do this;

The risk of finding yourself obliged to send by email your FB password to someone you don't really know and ask him to access your account and change your password for you because that is the only possibly working method you can find in the list of available "security controls" that is offered to you : logging in from a computer at a place you have been before. Then begging him to repeat 3 times this operation with changing of password, until the temporary disabling no more re-occurs when you log in again from your side with these new passwords.

(No, really, I would not give a shit about people accessing my FB private messages and making them public, and I wonder who the heck would be interested to do so, and for what ??? the risk that any perverse individual would wish to do that AND succeed to get my password AND that I would be actually bothered as a result, seems to me infinitely smaller than the risk of being denied access to my account under the above fallacious "security" excuses and being very bothered about it...)


Homepage :

Set Theory and Foundations of Mathematics

Related pages (IT insanity):
What is wrong with Bitcoin
Why I hate Avast
The cult of cryptography