Vegard Skjefstad

So you finally came around and deleted your Facebook account? Congratulations! Now it’s time to delete Instagram as well.

It’s Easter, which means a long weekend here in Norway. Thursday through Monday are holidays, and many people take the entire week off because schools and most kindergartens are closed for Easter vacation.

It’s common for Norwegians to head up into the mountains during Easter. They don’t do it to come closer to God, but to relax in their cozy cabins. Easter also means high tide in social media. People are not shy about sharing their photos of said cabins, snow, skiing, and of course, the evergreen Norwegian tradition of eating oranges and Kvikk Lunsj.

Many of these photos are shared on Instagram. It’s one of the most popular photo sharing services on the internet. In June 2018, Instagram had 1 billion monthly active users. These users have shared a total of 50 billion photos since the photo sharing service was launched in 2010.

On the surface, Instagram is pretty neat. But did you know that Instagram’s parent company is Facebook?

Can WebAuthn succeed where Universal 2nd Factor failed?

Back in October, 2015, I wrote about the FIDO Alliance, their U2F standard, and the YubiKey implementation by Yubico. The goal of U2F is was to describe a method for universal two factor authentication (2FA). Today, 2FA is usually done either by text messages, or by using a mobile application that provides one-time codes. U2F is aimed more at physical tokens, with the YubiKey the most well-known implementation.

I thought the idea of a physical token was brilliant so I shelled out for a YubiKey Neo. Since 2015, I’ve used it for anything practical exactly zero (0) times¹.

While using a physical token like the YubiKey for 2FA is a killer concept, U2F support was only implemented in Chrome, and only supported by a tiny handful of sites. Because of this, U2F never saw any wide spread adaption, and the YubiKey on my key chain continues to be dead weight. It’s not terribly heavy, but dead weight nonetheless.

Now, a new authentication standard, WebAuthn, is seeing the light of day. And it might succeed where U2F failed.

So you’re still on Facebook? Here are three good reasons why you should delete Facebook today.

It’s been a rough year for Facebook. First, it was the Cambridge Analytica data scandal. Whistleblowers revealed that personal information from over 87 million Facebook users was sold to Cambridge Analytica, a political data analysis firm that had worked for Donald Trump’s presidential campaign. Then it turned out Facebook had been scraping call and text message data with its Android apps for years. Everything was stored in Facebook’s databases.

And now, The New York Times has revealed internal Facebook documents that show the social network gave Microsoft, Amazon, Spotify and others far greater access to people’s data than it has disclosed. In some cases, companies were allowed to read, write and delete users’ private messages, and to see all participants in a message thread.