backtop


Print 20 comment(s) - last by tastyratz.. on Jul 30 at 11:21 PM


The torrent could be viewed as Facebook's first digital "phonebook" equivalent, or a gross invasion of privacy, depending on how you view it.
Third party has no association with site, but made liberal use of its data policy

You could call security consultant Ron Bowes analytics masterpiece either Facebook's first digital "phonebook" or a gross violation of privacy.  Either way, Mr. Bowes appears to have quite legally used a cleverly crafted web crawler code to gather details on over 100 million users who either intentionally or unintentionally failed to obscure their profiles from search engines.

Ron Bowes, who heads Skull Security, posted the archive on the torrent site 
The Pirate Bay and it already has around 13,000 active users downloading or uploading it. 

The archive contains names, profile URL, and unique user ID of all 100M users, scraped from the popular social networking site, which currently claims a user base of over 500M users.

Facebook, in a statement to 
BBC News say the archive seems like no problem at all to it.  It states, "People who use Facebook own their information and have the right to share only what they want, with whom they want, and when they want... In this case, information that people have agreed to make public was collected by a single researcher and already exists in Google, Bing, other search engines, as well as on Facebook... No private data is available or has been compromised."

Simon Davies from the watchdog Privacy International, though, calls the data mining an "attack" and comments, "Facebook should have anticipated this attack and put measures in place to prevent it... It is inconceivable that a firm with hundreds of engineers couldn't have imagined a trawl of this magnitude and there's an argument to be heard that Facebook have acted with negligence... People did not understand the privacy settings and this is the result."

Facebook has rolled out multiple privacy settings changes in what seems a clear attempt to mine and make available users' data.  Many users of the popular site don't even seem to realize their information is being shared, or that the site's CEO claims that customers no longer care about privacy.

To manually opt out of being search-engine indexed go to Account > Privacy Settings > Applications, Games, and Websites (link near the bottom, in a box) > Public Search > (Uncheck box).  It's a good idea to keep an eye on the various pages in the privacy settings section if you're worried about such things, as they frequent receive changes, as mentioned.

A user lusifer69 who comments on the torrent page on 
The Pirate Bay writes, "This is awesome and a little terrifying."

If there's one thing that the incident indicates, its that there's an increasing legal gray area surrounding online data collection (for example, look at the recent Goatse Security harvest of 100,000+ iPad buyers' emails and ICC IDs.).  Also, users are by and large mostly unaware of their increasing visibility online.  That may spell trouble, should people put such harvested data to ill-use.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Facebook
By MrTeal on 7/29/2010 10:51:25 AM , Rating: 2
quote:
Facebook, in a statement to BBC News say the archive seems like no problem at all to it. It states, "People who use Facebook own their information and have the right to share only what they want, with whom they want, and when they want... In this case, information that people have agreed to make public was collected by a single researcher and already exists in Google, Bing, other search engines, as well as on Facebook... No private data is available or has been compromised."


That's lovely for Facebook to say, but it is complete BS. I have a FB profile, and I try to keep pretty on top on my privacy settings and don't post up anything that I wouldn't want getting out anyway. Even with that, Facebook makes changes and opts users into new marketing schemes or privacy leaks and waits days or weeks before bowing to the pressure to put an opt out button in the settings. It wouldn't be that hard for someone to cull all the newly available data before FB graciously allows you to set it to private again.

Honestly, if you use this service do so under the impression that your mom, your gramma, your kids and your boss, as well as a billion other people or so on the internet will one day have access to everything you put on Facebook. You have a right to privacy, but honestly us Facebook users are like a battered woman who gets abused but every time accepts the apology and believe that next time, things will change.




RE: Facebook
By Homerboy on 7/29/2010 11:02:42 AM , Rating: 3
it's not really "BS" its the truth. Nothing these people compiled could have been compiled by literally going to each user's page one at a time. They just automated the process.

If there is something you DONT want the general public to see or know about you, don't put it online. If you still want to share that information online with friends or relatives or whatever, make sure you take the time to do so in a secure, private manner (Facebook has the setting available).


RE: Facebook
By MrTeal on 7/29/2010 11:15:24 AM , Rating: 4
quote:
Nothing these people compiled could have been compiled by literally going to each user's page one at a time. They just automated the process.


True, but that's not the issue. The problem is that Facebook continually changes its privacy policy, with very little notification and no clarity to its users.

http://www.allfacebook.com/2010/05/infographic-the...

When Facebook makes a change it should default to the highest privacy levels, or at the very least the equivalent to what the user had before. They don't do that, and that's what gets them in trouble. If you sign up and the privacy policy says that only people in your network can see your friends, you should have to explicitly agree to a change to that. The way it works now, you get a little notification at the top that there's been a change to the privacy policy, and your friend list is by default now shared with the entire internet. Even if you change the settings back to a more secure one, that information has been exposed, possibly for days or weeks if you're an infrequent user.


RE: Facebook
By Quadrillity on 7/29/2010 11:22:28 AM , Rating: 3
quote:
If there is something you DONT want the general public to see or know about you, don't put it online.

I agree. Even though FB and others are acting like complete idiots about privacy, the end user is ultimately responsible.

Bottom line: YOU CAN NOT HAVE PRIVACY IN PUBLIC PLACES.


RE: Facebook
By Samus on 7/29/2010 5:05:40 PM , Rating: 2
no wonder facebook is so slow...it seems everybody is datamining it around the clock.


RE: Facebook
By Alexstarfire on 7/29/2010 11:30:28 AM , Rating: 1
I'm with MrTeal on this one. It has little to do with if they can actually view your profile or not. The problem is that when you make a new account that the default privacy setting aren't very private. The default privacy settings allow everyone to view everything you do. I set everything the way I wanted to when I first made my account, and the subsequent changes when they became available. I'm in the minority though.

The policy of opting-out is stupid. It needs to be the other way around where you can opt-in if you so choose. So many of the privacy settings get changed and sometimes even reverted because Facebook is so piss-poor about privacy concerns. They could care less. It's understandable since they get probably get more money if more information is available, but that's still very bad on their part. If they didn't sneak in new privacy policies every month, set up for you to opt-out of of course, then it wouldn't even be much of an issue. Everyone should change their privacy settings when they make an account and those that don't aren't very smart. You can't counter human stupidity no matter how hard you try. They can, however, make your info private by default, which they should. Especially considering what they keep saying.


RE: Facebook
By Homerboy on 7/29/2010 11:44:09 AM , Rating: 3
Wait... you mean the user may have to take some proactive actions in setting up their account? Its a FREE SERVICE and everything is explained in the ToS. It is not FB's responsibility to babysit people is it?

I simply dont get DT/AT readers and commentors. Everyone cries for more personal responsibility and accountability, but then something like this pops up and its FB's fault for not protecting the user.

If FB locked everything down and required people to "unlock" so friends and family could see stuff, people would bitch about it being too hard to set up and actually use the service.

Make no mistakes, I'm sure FB intentionally leaves these things "open" as this is part of their makerting/revenue stream why wouldn't they? It's their service. They can run it as they see fit.


RE: Facebook
By bhieb on 7/29/2010 12:39:10 PM , Rating: 1
Yes it is in the TOS, and I have no problem with loose privacy settings initially that I have to change to be more secure. I'm joining a "social" network that by it's very nature is not "private". Fine I get that, users need to be smart and change the defaults.

HOWEVER the point you are missing is that FB should not change the rules AFTER you have made these changes. If your on vacation for a week and FB makes a policy change that exposes your data, in what plausible universe is that OK with you? I'm not talking about a NEW user account, as I agree with you (learn to RTFM so to speak). I'm talking about an existing account that I've already set to private.


RE: Facebook
By Alexstarfire on 7/29/2010 6:20:59 PM , Rating: 2
I think you missed the part where I mentioned that this doesn't really affect me. I make sure my privacy settings are set properly every time they go and add/remove/change them. The whole read the ToS is ridiculous though. I'm sure even you don't read the ToS for everything you sign up for. Yes, people should know what they are getting into before they do, but ToS aren't simple by any means and EVERYONE agrees with that, even the US courts. As a result, people pretty much never read them. As I said though, you can't get around human stupidity. If you default it to private then people won't figure out how to unlock it, as you said, and they will complain about that. If you default it to open then people complain about it being hard, or can't figure out how, to lock down and complain about privacy issues. Can't have it both ways and either way the consumer is complaining. People can't complain about privacy and then not protect themselves. That just makes no sense. These guys violated nothing so I don't know why anyone cares about them. That said, this should be more about FB than these people. Almost everyone complains about their stuff being too open on FB. Yes, it is rather public, but it's not like going into an amphitheater and just shouting out your information to everyone there. If everyone is complaining about it it seems to me that it should start off more locked down.

BTW, even at the most stringent settings your friends would still be able to see everything on your page. TBH, that's about how it should be. I have very little that I even allow friends of friends to view. I don't know how it is for others, but almost no one wants everyone to be able to see their information, so why have new accounts default just about everything so that everyone can it? That makes no sense. Also, either way you look at it users are going to have to be proactive. I don't know why you think it wouldn't be no matter what they do.


RE: Facebook
By markuss232 on 7/29/2010 11:05:01 AM , Rating: 2
quote:
The archive contains names, profile URL, and unique user ID of all 100M users


Better watch out or someone might take over your Farmville account too. Unless this article isn't telling us about all the information gathered then I don't see what all the fuss is about.


RE: Facebook
By tastyratz on 7/29/2010 11:08:02 AM , Rating: 2
Agreed,
This is rather abusive of a company. I myself also get extremely irritated at the automatic opt in policy for new accounts with MANY services, not just Facebook.

If for example your information is sold to a marketing agency and your opted in before you can manually opt out - chances are your information is fed to them instantly before you have the oppertunity to opt out essentially forcing every single customer to opt in.

I for one would love to see laws in place where any information is to be sold licensed or distributed to a third party require explicitly pre established consent SEPARATELY from the providers terms of service.
Unchecking after signing up is too little too late...

Who is with me there?


RE: Facebook
By OUits on 7/29/2010 11:27:21 AM , Rating: 2
Well, to be fair, you should read the ToS and Privacy Policy before your account is even activated, much less filled out with marketing nuggets. If you sign up, fill out your whole profile, amass friends, upload pictures and THEN check to see what's being shared, you're going about it all wrong.

You should (I know people don't, and it's even viewed as unrealistic):
1. Read the Tos and Privacy Policy to understand what is being shared.
2. Sign up if you still really want to after reading the above.
3. Tweak your privacy settings.
4. Fill out information and otherwise interact with the site.


RE: Facebook
By geddarkstorm on 7/29/2010 1:53:26 PM , Rating: 2
All well and good, until they change the TOS on you, and sell off all your previously unshared data before giving you the option to prevent that, again. How many times has that happened now?

This is why the responsible thing is just not to use such stuff for anything but fluff.


RE: Facebook
By tastyratz on 7/30/2010 11:21:02 PM , Rating: 2
Precisely
As per agreeing to new mandatory TOS it defaults your settings.

Yes you should always read the TOS, but at that point in every TOS for everything you ever sign up for sign your life away.

My proposal is mandating that "opt in" and affiliate sharing legally NOT be allowed to be incorporated in the TOS nor required for participation. Opt out unless otherwise specifically selected.
Blunders like this would be a thing of the past.


RE: Facebook
By NewBro on 7/29/2010 11:52:44 AM , Rating: 3
Honestly I fail to see what the big deal is. Keep hearing all these articles about people complaining about FB privacy issues this and that yada yada yada... It's not like it costs you $10/month and you're forced to use it.


RE: Facebook
By Unspoken Thought on 7/30/2010 4:14:59 PM , Rating: 2
It's the principle of being underhanded and devious to make money off of you. But it is true; If you don't like it, don't use it.

Trials & Tribulations of the Status Quo™

Tune in next week for....


RE: Facebook
By cruisin3style on 7/29/2010 3:53:09 PM , Rating: 2
Haha, harsh analogy. I'm not even sure people believe facebook will do right by them the next time. Facebook is just too ubiquitous for many to think of shunning it.


"We shipped it on Saturday. Then on Sunday, we rested." -- Steve Jobs on the iPad launch














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki