Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cloud
    • Cybersecurity
    • Networking

    Facebook Traffic Diverted to China Raising Privacy Concerns

    By
    Fahmida Y. Rashid
    -
    March 25, 2011
    Share
    Facebook
    Twitter
    Linkedin

      A number of Facebook users may have made a detour to China recently on their way to connect with friends.

      Some of the network traffic heading to Facebook’s servers in Palo Alto, Calif., was re-routed to first pass through Chinese and Korean servers, according to Barrett Lyon, a network security expert who flagged the incident on March 22. Lyon suggested in a blog post that it was probably an accident.

      “This happens all the time-the Internet is just not a trusted network,” Lyon said.

      A similar incident surfaced almost exactly a year ago on April 8, 2010, when a Chinese ISP incorrectly published a set of BGP (Border Gateway Protocol) instructions that could have potentially affected 37,000 networks. The incident lasted only 18 minutes, and China Telecom, the country’s largest ISP, denied trying to hijack Internet traffic. Experts speculated it was an accident because of how quickly it was fixed.

      Lyon’s analysis was for AT&T customers only. As customers browsed through Facebook, the network traffic first went to Chinanet, one of the largest ISPs in China, and then to SK Broadband in South Korea, before reaching Facebook’s ISP, Lyon said. Usually, traffic from these customers would have gone over the AT&T network directly to Facebook’s network provider.

      Lyon used the trace-route tool to discover which network providers the traffic hopped through on its way to Facebook. It’s unclear how long this routing was in place, or whether it affected other ISPs.

      While this kind of re-routing can happen “all the time” as network operators can easily make mistakes working with BGP and routing tables, Lyon was still concerned about the incident in light of China’s censorship activities.

      “I prefer to know that when I am on AT&T’s network, going to U.S.-located sites, my packets are not accidentally leaving the country and being subject to another nation’s policies.”

      China aggressively censors the Internet and activists have worried about the government snooping on their citizens’ online activities. As the government exercises tremendous control over the ISPs, the government can see personal information, intercept email and view online activity.

      “What could have happened with your data?” Lyon wrote. “Most likely absolutely nothing.”

      Lyon said that “it’s possible” Facebook data, such as session ID information, personal data, messages, photos, chat conversations, and relationship information to “friends” could have been revealed, but noted it was only speculation at this time.

      Users who have already enabled HTTPS on their Facebook accounts can breathe a little easily, as their information would have been encrypted during this side jaunt through China. The Secure Sockets Layer means Chinanet could see there was traffic going to Facebook, but would not be able to see the contents of the traffic. Lyon criticized Facebook for rolling this feature out as an optional one, instead of enabling it for all users by default.

      Twitter also recently rolled out HTTPS, but it’s also optional. Google uses it by default for its mail.

      High-profile sites should also not be allowed to route to non-authenticated networks, he said.

      Facebook or AT&T should have notified customers of the problem, Lyon said. Facebook did not respond to requests for comment.

      Fahmida Y. Rashid
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×