Skip to content

Blog

When is iMessage not iMessage? (When it’s facebookexternalhit/1.1)

Facebook is a company that engages in unethical behaviour. Its ubiquity and its necessity for many people’s social lives undermines people’s ability to meaningfully grant or withhold their consent to its policies.

I take no pride in seeing this coming in 2010, and I have refused to use any of their services consistently since.

So I was surprised, to say the least, when I sent a link over iMessage that I knew would be unique, but saw a request being made for it by the facebookexternalhit/1.1 bot user agent. This URL should not have ever been seen by anyone but me and the recipient. I took the time to verify that the only access to this URL was by myself and the recipient.

“GET /some-secret-url HTTP/1.1” 200 – “” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/601.2.4 (KHTML, like Gecko) Version/9.0.1 Safari/601.2.4 facebookexternalhit/1.1 Facebot Twitterbot/1.0”

It turned out that the facebookexternalhit/1.1 request (also identifying as Twitterbot!) was issued by the same IP address that I had. How could I be a Facebook/Twitter bot? How could it be that some Facebook code was running in my network? (I’m pretty particular in blocking large numbers of domains relating to Facebook properties.)

It turns out that this message preview in iMessage seems to make a request for the URL using this user agent string. It doesn’t identify itself as iMessage in the user agent string at all!

I’m satisfied that I answered the question — and indeed I understand the nature of user agent strings and how everybody pretends to be something else for compatibility. I expect a service to add to the user agent string, though. Chrome pretends to be Safari, which pretends to be “like Gecko”, which pretends to be “Mozilla/5.0”.

So why can’t iMessage add “iMessageLinkPreview/1.0” or something to the user agent string?

Horse

Horse (Path)

I have missed Instagram’s filters since it was gobbled up by Facebook — a change which meant I could not continue using it.

So, it is nice to have similar functionality in Path. The added bonus is that unlike in Instagram, your photo is not rescaled down to quite the same degree!

Above is a, hopefully tastefully subtle, use of Path’s filters in this photo of a horse in rural Dorset.

Facing up to Facebook Privacy

Facebook is one of the most important social platforms on the internet today. I joined it probably several years ago now, not long after Facebook Applications were introduced.

Those of you that follow me on my personal Twitter account, @strategyoracle will probably know that I keep that account protected — i.e. only those that request to follow me and I allow can read my tweets. I do that because that is the way that I feel most comfortable using the service and it is how Twitter is most useful to me. I have tried using that account both publicly and privately, and ultimately it was more useful and more comfortable to keep it protected.

On Facebook, I have also used the privacy options to make Facebook a tool that is useful to me and that I feel comfortable with. I was able to keep most of my information inside a small group of trusted friends and in doing so, I felt comfortable using it and sharing with it.

In recent years, though, the degree of control that Facebook gives you has eroded. This EFF post demonstrates how the service and its privacy policy has changed in this respect since 2005. I have found it more and more difficult to feel comfortable using Facebook in the context of these changes.

The final straw came today.

Now, it seems that any ‘connection’ that you make — whether it be with a friend, or a page that you ‘like’, has to be public.

Facebook came up with a screen asking me to make many ‘page’ connections public, based on my interests and activities that I had previously entered. Even leaving aside the fact that it showed me interests I had previously deleted from my profile, I was horrified to learn that unchecking all of the boxes to share the information actually removed all that information from my profile! There is now apparently no way to restrict information such as my activities and interests and only show that to trusted people. It’s share all, or have nothing, when it comes to this information.

It is quite clear to me that this is now the choice:

You either use Facebook as publicly as they want you to (even as that changes in the future), or you don’t use it at all.

I choose the latter. Assuming I don’t get convinced otherwise in the next few hours, I consider it pretty likely that I will delete my Facebook account. After all, I can always create one again later.

I am hugely disappointed that it seems Facebook doesn᾿t seem to respect people who are more private by nature. I am sorry to all those who may prefer Facebook as a medium for communication and will not be able to contact me there.

UPDATE: I went ahead with the delete. I can always create an account again later and remember you can always send me an email or request to follow me on Twitter (or follow my public Twitter account too).