This is going to be a brief review, folks, as Mr. Robot is diving in the deep end with the psychological intrigue and going much easier on the technological angle, at least for now.
But first, a warning…
WARNING:SPOILERS AHEAD – SCROLL DOWN TO READ ON
The thing about metadata…
A throwaway line from Elliot’s metadata monologue caught my attention. He mentioned that metadata from photos posted on Facebook and Instagram can reveal a lot more about the photo taker than they realize. He utters this line just after he picks through the trash outside Darlene’s FBI-furnished apartment – likely looking for clues about who else might be living there, as we’re unsure if he even realizes this is also the FBI hideout. However, he soon discovers that Darlene and the FBI didn’t cover their tracks well enough from their hacks against him. He was easily able to figure out where they were and – putting the pieces together – what they were trying to do to him thanks to metadata he found.
Elliot’s comment about social media and metadata won’t surprise anyone who’s concerned about their privacy online. Indeed, he’s right that many, if not most, social media users don’t realize exactly how much information about themselves they’re freely and publicly offering, and how much that information can assist someone with a little bit of social engineering experience and some malicious intent. What’s more, plain old camera EXIF metadata can also give away a great deal more than photo snappers might realize (and even cybersecurity experts can forget this now and again.)
We often remind Naked Security readers to lock down social media accounts to maximum privacy levels, disable location-based posting, and remember that what you post online is out there forever. Since this likely isn’t news to anyone reading this review, use Elliot’s line about social media metadata as a reminder to check the privacy settings on your own social media accounts or those of any friends or family who might not be as tech-savvy. (Or any friends you have who might work for the FBI in Mr. Robot, as apparently they could also use a reminder.)
Other notes
- Dom revealed that, as suspected, the FBI did actually get phished by Elliot’s email in last week’s episode. Color me gobsmacked, I apparently gave them too much credit last week, thinking SURELY the FBI wouldn’t make such a basic mistake? But yes, really, they did. The FBI agent didn’t even check the link in the email in a VM?
- We see a little not-so-subtle social engineering going on in the bar as Darlene gets some information out of Dom over drinks. It seemed that Dom was being a bit too easily socially engineered, but in the end she’s as human as anyone else. Still, you’d think an FBI agent might be a bit more on guard… so perhaps Darlene wasn’t as successful as she thought.
Still, overall not a great look for the FBI in Mr. Robot. They got phished and socially engineered in one episode. I think they might be overdue for some security basics training, don’t you?
EXIF data is removed from Facebook uploaded images anyway by default.