Facebook's Portal & Privacy

Good morning people,

Recently one of our children has given us a device known as Portal and which is produced by Facebook, the idea being to assist communications between ourselves and our children & grandchildren. And in this it works very well, is easy to use, and seems far better than Skype. It works by connecting to our home network by wifi, and hence to the internet via high speed broadband.

But, I do have a nagging suspicion about Facebook.

To put it bluntly, I don't trust them to not use the access onto the home network to start snooping around my computers, and let's face it, these American corporations are not known for their respect of peoples privacy, hence the uproar by various countries/organisations.

Now, my home network consists of three laptops, all running Linux Mint 19.3, all using SSH to connect with the router (a BT Homehub 5) and with each other for the purposes of data transfer, and have been set within the router to use fixed IP's on the home network. I suspect that I need to use GUFW on each laptop, but don't really understand what I'm doing. What I want to do is to set each laptop to allow traffic between the three laptops, and the internet, yet prevent any traffic to/from Portal aimed at the laptops. So far, I have also set Portal to use a fixed IP as well.

So, any ideas? Thoughts? Suggestions?

Peter G. Shaw

Edited By Peter G. Shaw on 15/02/2021 09:32:05

I have the Amazon equivalent - the Echo Show - which does similar things to the Portal but has been around a bit longer. The use of GUFW (Graphic Uncomplicated FireWall) can't hurt but the Portal will, as you suspect, try to steal data mainly things like address books and phone numbers which are already allowed within WhatsApp that it uses for communication. I am afraid we are fighting a bit of a losing battle against these internet giants. I have sold my soul to Amazon I fear they already knew a lot about me before I got the Echo Show as I had an account, probably even down to inside leg measurement as I bought trousers once I note that the Portal also uses Alexa so they have doubtless sold your data to Amazon already.

Good Luck

John

These devices sound a bit like the "telescreens" featured in Orwells 1984.

Hi Peter,

Only my opinion of course but I would not have any of this type of devise, Alexia, the Google one etc in my home, from what little I understand - not a lot - they all snoop and learn "far ower much"

I don't even allow Facebook to have access to my photos, I did but then found they had put together a compilation of my photos on my page !!!! switched it off henceforth. I no longer use Google as a search engine I use DuckDuckgo with no tracking.

Maybe I'm being paranoid but I just do not trust this type of technology.

John

My Daughter and I now have Portal tv and are both impressed with its abilities particularly how it follows you around the room, via whatsapp it gives my wife and I a good video view of our nearly two year old Grandson, as regards spying on us electronically I doubt its no worse than all the other devices we already use.

I get a report from google once a month as to where I have been as its tracking my phone, I just feel that because of my job it could be used by the authorities to see who I visited should I become positive with the virus.

Martin P

If running Mint (which is based on Ubuntu), UFW should already be installed, but not activated. UFW can be set-up without much bother from the command line.

First find out which IP address has been allocated to the Portal. (Fire up the portal, then login to the router and see what's connected. Something like: 198.168.1.50 ) Substitute whatever this for IP_ADDR below.

Then, on each laptop, open a terminal to get a command line and type:

1. sudo ufw allow ssh
2. sudo ufw deny from IP_ADDR to any
3. sudo ufw enable

Step 1 ensures you don't stop yourself from using ssh.

Step 2 tells ufw to ignore any and all requests from IP_ADDR.

Step 3 switches the firewall on and it should start automatically at reboot as well.

What the Firewall is doing, or working at all, can be checked with: sudo ufw status

In the event of trouble, the firewall can be turned off with: sudo ufw disable

If you prefer the graphical interface, it can be installed with: sudo apt install gufw

After installation, gufw can be started from the desktop in the usual way, or from the command line with: sudo gufw

Not used gufw myself, but I think the REPORT tab lists existing connections, one of which might be Portal, and a block rule can be created by clicking on all the Portal entries. If there's no sign of Portal, then it's probably not exploring that computer.

Brief word on Firewalls. Although Linux is fitted with a firewall, it's usually OFF by default. This is because Linux (and Apple), minimise the number of services switched on by default. No point in a firewall blocking access to services the computer isn't providing. The strongest security is to have it switched off! Microsoft Windows is more open, in that operating system services are often activated even if they're not needed yet. The advantage is user convenience - things 'just work', easy peasy, and it's all delightfully simple. The disadvantage is running services are security loopholes; open ports can be found, explored, understood and exploited by outsiders. It's one reason why Firewalls and Anti-virus measures are mandatory on Windows systems.

The legitimacy of an outsider using a service active is blurred. After all, the computer allows it, and by implication so do you! Facebook and others argue using your computer enables them to make customers happy, which is true. But it's at the cost of privacy intrusions many would forbid if they knew about them. The long-term risks of big data and multiple privacy leaks are enormous, and failing to understand is no protection.

Dave

JohnF,

Unfortunately, it was bought for us by our elder son mainly, I think, for his 5 year old daughter, to talk to us without parental assistance. But it does enable family group chats with upto, I think, four groups. I have to say that when he first mentioned it to me, I did look on the internet and discovered that there is a PC version so I started reading the small print - and almost immediately gave up when I came across something along the lines of "You agree that we may have access to.....". It was at this point I started saying things like "Not on your nelly, mate. I've managed for 77 years without such a thing: I can manage a few more without it." Plus a few more uncomplimentary remarks. Anyway, it's here now, and our youngest son set it up to use our LAN. And so a rearguard action is required.

And like you, I am now using DuckDuckGo in place of Google, especially as Google, and YouTube, are now both asking you to login before using their facilities. Again, "Sod off, mate. I've managed quite well up to now without you!"

Dave/SOD,

Thankyou for your reply. I've a sneaky suspicion that after much messing about, and not really getting anywhere, I've sort of ended up doing what you suggested. By accident, of course. The problem was that the internet stuff for GUFW is, I think, based at/aimed at earlier/different versions of GUFW - I'm on v 18.04.0 - and the info I found at some stage or other did not agree with what I had on screen. Then, this morning I found the genuine Ubuntu instructions which used the command line and UFW, and it all started to fall into place. This, then, is what I have done:

All three laptops use their own fixed address - set up in the router. To which I have added Portal. The idea being that I now know what connection any device should be using.

All three laptops have had SSH Server added via the command line. (sudo apt update, then sudo apt-get install openssh-server)

All three laptops are then set up to access the other laptops , a long winded affair which involves typing in all sorts of information (File/Connect to Server)

Once set up, then by using, via the command line on each laptop, something like:

sudo ufw allow ip address to any for both the other laptops, followed by

sudo ufw deny ip address for the Portal.

Using GUFW then shows (under Rules):

22 ALLOW IN 192.xxx.y.zz1

22 ALLOW IN 192.xxx.y.zz2

Anywhere DENY IN 192.xxx.y.zz3

where 192.xxx.y.zz1 (&zz2) are the IP addresses of the two computers, and 192.xxx.y.zz3 is Portal.

So, hopefully, I've improved my security somewhat.

Cheers,

Peter G. Shaw

If you are on VirginMedia and probably most other ISPs your modem / router will allow for a visitor wireless network. This allows you to give a visitor a connection SSID and password for their phone etc that is different from your main one. They can connect in all the usual ways but are blocked off from anything else in your house.
Few people use this facility, I'd completely forgotten about it myself until a minute ago but it should be possible to use it for your Portal thus blocking the snoopers without any fafing around with other firewalls.

Hello Bazyle,

Thanks for your suggestion. Unfortunately, I can find no reference to such a thing. Maybe the router is too old, being as far as I can tell, about 5 years old.

Peter G. Shaw

Perhaps if you google your ISP or router name and "guest or Visitor network" you will find something.
On my VirginMedia SuperHub 3 (over 4 million in service) I get:
A

B

C

Digression: By chance doing this reminded me I had turned off the 5GHz network a year ago for some tests. It is always best to have both frequencies with the same SSID and password so that your smarter devices can seemlessly switch depending on range and you move around.

They might ask you, but you can still view YouTube videos without logging in, so possibly not too much of an issue?

Rob

Life in Britain is beginning to resemble Airstrip One rather too much

Mike

I would guess that in 20 years (perhaps sooner) if someone entered my house (either because I left it unlocked or because he picked the lock) and stole whatever he wanted inside, that would be accepted as part of life and legal. My fault for not nailing the door shut and barring it with iron

Especially if the guy was filthy rich to start with.

Well, I've had a good look around for Guest services with BT & the HomeHub5. It does seem to be a no-no unless I am prepared to spend money on additional/replacement equipment and then mess around setting it all up. As a result, I have come to the conclusion that my present setup (fixed IP's for the laptops and Portal) along with allowing communication between the laptops whilst at the same time denying any attempts at communication between Portal and the laptops is about the best I'm going to get.

I thank you all for your thoughts.

Peter G. Shaw

Big Brother IS watching you; all part of the bigger globalisation by the big Internet providers, whom no doubt have governmental connections via subsidies / finacial backing for new developmental work etc. George Orwell wasn't far wrong.

George.

Hi Guys,

It seems that most internet providers,

A: Want you to leave your router permanently switched on.

B: They use your router to expand their WiFi coverage at your expense.

C: Have back doors into your router.

D: Don't like you using or trying to use a third party router.

I agree with securing your computers and other internet enabled devices. I have a Smart TV and it continually wants to have an internet connection, which is hard to prevent since there are so many WiFi connections around. Even switching WiFi off it switches it back on again, usually silently. I think some of these TV's even have cameras.