The BBC and numerous other websites have posted articles about a large scale data mining effort that collected personal information of 100 million FaceBook users and then posted these details online. You can download the data here (mind you, it is 2.79Gb).

Seeing as it is Summer and probably slow for news, now that the World Cup is over, news agencies start publishing silly tempests in teapots.

All the information is publically available on FaceBook – which means anyone can go and find it themselves. All this “exploit / hack / security breach'” does is is collate all the information in one place. Since this is publically available information, there is no breach of privacy - Google or any other search provider collects the same information any time it crawls FB.

This is not to say FaceBook did not have issues with privacy. In the early days, if you knew the ID of a user, you could bypass the security settings and browse accounts without being friends by simply hand crafting a URL with their user ID.

FaceBook still has a security issue (maybe more, but this is the one I notice): when I log in, if I type my password incorrectly, FaceBook shows me the following page:

This is wrong because FaceBook confirms my account exists, just that the password was wrong. The proper way to handle authentication failure is to fail BOTH the account and the password and have the user re-enter both. The way FB does it rewards ‘accidental’ or ‘random’ account names by telling me they exist. For example: I entered the account richard@some-popular-email-provider.com and was rewarded with:

Which gives me the full name of the person at the given e-mail address (assuming he doesn’t use an alias on FB). While not terribly revealing, it does allow me the potential of personally addressing him in some sort of confidence scam e-mail:

Dear Richard ,

Routine monitoring of Internet traffic is showing that your account has been accessing illegal Internet content.

Please contact the Internet Security Task Force within the next 5 business days to assist in our investigation of this activity.

Regards,

Buzz Lightyear

Chief Security Honcho ISTF

Anyway ...

I think the best last word on this FaceBook scandal comes from this satirical news article. A few choice quotes of which are:

Facebook user Sharon Bott was outraged, telling reporters, “So you’re saying that when I put holiday pictures on Facebook, and set it so that anyone can see them, then anyone can see them? That’s outrageous!”

and

Welsh hacker Dewey Thomas said that it was not just Facebook that was allowing unscrupulous people access to limited amounts of publicly available and relatively harmless personal information.

“Only this morning I got the names, addresses, and phone numbers of thousands of Cardiff residents, simply by opening a phone book.”

Let’s face it, if you don’t want information public, then don’t put it in a public place.

Comments

mattbg

0

 

 

Completely agree -- it's making news out of nothing.

But it does kind of highlight the fact that most people don't know what privacy means... and that, even though Facebook gives a multitude of privacy controls, understanding what they really mean is beyond the capacity of most users.

I haven't been on Facebook for a long time, but even though I have a decent understanding of privacy, I couldn't really come to a good understanding of how private my data were on that system.

They may have changed this since I last looked but who would imagine, for example, that if someone sent you an e-mail on Facebook then they would have limited access to your profile just because they sent you an e-mail?

I'm reading a Harlan Coben novel at the moment and tricking people into revealing Facebook information is part of the plot... it is not that difficult, and most of it is plausible. It's a privacy minefield.

Tuesday 03 August 2010, 12:00

richard

0

 

 

Agreed. I think an evolutionary "explanation" of this might go something like this:

Our notion of privacy is basically limited to being out of sight or out of earshot. However, the Internet provides a false sense of anonymity, which lulls us into a false sense of security. If I can't see, hear, or sense you, then you must be outside of my privacy circle and the intimate things I share with 2 or 230 of my friends are somethign you can't / don't see.

An alternate explanation could be:

People are inherently self-centred and are focussed primarily on themselves and their immediate sphere of privacy; they are not concerned with spillage outside of their privacy zone, but they are concerned about intrusion within that zone (an example might be playing music loud enough for everyone on the bus to hear, or sidereal smoke drifting fom the table beside you).

I tihnk SUmmer tends to be slow and, consequently, a silly season for news.

Sunday 29 August 2010, 05:07

Please login to post comments or replies.