Facebook's irresponsibility on user privacy means leak of 'most' user private data

By: (plus.google.com) +David Herron; Date: April 4, 2018

Tags: Facebook » Social Media Warfare

Buried in an announcement of changes being made to tighten user data privacy, Facebook admitted most people on Facebook could have had their public profile scraped. Uh, do what? Why is such an admission buried towards the bottom of a jargon-filled blog post? The core failing is a default setting for an obscure search feature in Facebook that has been exploited by some to inappropriately access user data on a huge scale. It may actually be time to abandon Facebook - as one article published recently said, it's time to Replace Facebook not Fix it.

The (newsroom.fb.com) admission came on March 4, 2018, as Facebook's Engineering team outlined An Update on Our Plans to Restrict Data Access on Facebook. The plans are reasonable, tightening access to a long list of API's which can be exploited to retrieve user data.

For example - the Events API conveniently allowed folks to add their events to online calendars. But the Events API also allowed access to the user data of others who've signed up for that Event.

Another type of change is that Facebook will require a higher level of scrutiny of any applications wishing to access certain Facebook API's. That's so Facebook can have tighter control over the types of applications, and not have a completely open door to any application to do anything it wishes.

While it's a good thing Facebook is looking to rein in which app's have access -- it means that for YEARS Facebook has not taken user privacy seriously.

The admission of a massive data leak came here:

Search and Account Recovery: Until today, people could enter another person’s phone number or email address into Facebook search to help find them. This has been especially useful for finding your friends in languages which take more effort to type out a full name, or where many people have the same name. In Bangladesh, for example, this feature makes up 7% of all searches. However, malicious actors have also abused these features to scrape public profile information by submitting phone numbers or email addresses they already have through search and account recovery. Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way. So we have now disabled this feature. We’re also making changes to account recovery to reduce the risk of scraping as well.

The feature in question arguably has some usefulness - making it easier for users to find each other. But it also let 3rd party miscreants gather information. It's not entirely clear just what data was available that way, but you can easily imagine some amount of data has leaked this way.

For that matter, all the other plans discussed in Facebook's Update also could well have leaked user data to miscreant 3rd parties.

Huge mistakes made by Facebook

Zuckerberg is now admitting he made huge mistakes with the design of Facebook. At times Facebooks people have said recently that for years Facebook has been struggling to keep up with the rapid growth rate - and therefore they hadn't thought through privacy policies as well as they should.

Um? That does nothing to make me feel better, how about you?

Zuckerberg is saying that while huge mistakes were made, he can fix them, that he started the place and he can fix it.

That's supposed to make us feel better?

Bottom line is that for years Facebook has been extremely lax about protecting user data. Instead Facebook has had a strong need for as many folks using the advertising platform as possible. Facebook's focus has been on serving corporations and others who want to exploit the user data collected by Facebook.

Therefore, Facebook needed those users to have as much flexibility in accessing/using this data as possible.

Therefore, to achieve those goals Facebook had to abdicate its responsibility to protect data about its users.

Therefore, Facebook deserves a huge punishment and even the death of Facebook.

In other news, Zuckerberg claimed that Facebook is not selling user data. But: Facebook is selling user data, even as Facebook does not sell user data

« The YouTube Adpocalypse enraged a YouTuber to randomly shooting people at YouTube HQ Learn to use Docker for application development and deployment »
2016 Election Acer C720 Ad block AkashaCMS Amazon Amazon Kindle Amazon Web Services America Amiga and Jon Pertwee Android Anti-Fascism AntiVirus Software Apple Apple Hardware History Apple iPhone Apple iPhone Hardware April 1st Arduino ARM Compilation Artificial Intelligence Astronomy Astrophotography Asynchronous Programming Authoritarianism Automated Social Posting AWS DynamoDB AWS Lambda Ayo.JS Bells Law Big Brother Big Finish Bitcoin Mining Black Holes Blade Runner Blockchain Blogger Blogging Books Botnets Cassette Tapes Cellphones China China Manufacturing Christopher Eccleston Chrome Chrome Apps Chromebook Chromebox ChromeOS CIA CitiCards Citizen Journalism Civil Liberties Clinton Cluster Computing Command Line Tools Comment Systems Computer Accessories Computer Hardware Computer Repair Computers Cross Compilation Crouton Cryptocurrency Curiosity Rover Currencies Cyber Security Cybermen Daleks Darth Vader Data backup Data Storage Database Database Backup Databases David Tenant DDoS Botnet Detect Adblocker Developers Editors Digital Photography Diskless Booting Disqus DIY DIY Repair DNP3 Do it yourself Docker Docker MAMP Docker Swarm Doctor Who Doctor Who Paradox Doctor Who Review Drobo Drupal Drupal Themes DVD E-Books E-Readers Early Computers Election Hacks Electric Bicycles Electric Vehicles Electron Emdebian Encabulators Energy Efficiency Enterprise Node EPUB ESP8266 Ethical Curation Eurovision Event Driven Asynchronous Express Face Recognition Facebook Fake News Fedora VirtualBox File transfer without iTunes FireFly Flickr Fraud Freedom of Speech Front-end Development Gallifrey git Github GitKraken Gitlab GMAIL Google Google Chrome Google Gnome Google+ Government Spying Great Britain Heat Loss Hibernate Hoax Science Home Automation HTTP Security HTTPS Human ID I2C Protocol Image Analysis Image Conversion Image Processing ImageMagick In-memory Computing InfluxDB Infrared Thermometers Insulation Internet Internet Advertising Internet Law Internet of Things Internet Policy Internet Privacy iOS Devices iPad iPhone iPhone hacking Iron Man iTunes Java JavaScript JavaScript Injection JDBC John Simms Journalism Joyent Kaspersky Labs Kindle Kindle Marketplace Lets Encrypt LibreOffice Linux Linux Hints Linux Single Board Computers Logging Mac Mini Mac OS Mac OS X Machine Learning Machine Readable ID macOS MacOS X setup Make Money Online March For Our Lives MariaDB Mars Mass Violence Matt Lucas MEADS Anti-Missile Mercurial MERN Stack Michele Gomez Micro Apartments Microsoft Military AI Military Hardware Minification Minimized CSS Minimized HTML Minimized JavaScript Missy Mobile Applications Mobile Computers MODBUS Mondas Monetary System MongoDB Mongoose Monty Python MQTT Music Player Music Streaming MySQL NanoPi Nardole NASA Net Neutrality Network Attached Storage Node Web Development Node.js Node.js Database Node.js Testing Node.JS Web Development Node.x North Korea npm NVIDIA NY Times Online advertising Online Community Online Fraud Online Journalism Online Photography Online Video Open Media Vault Open Source Open Source Governance Open Source Licenses Open Source Software OpenAPI OpenVPN Palmtop PDA Patrick Troughton Paywalls Personal Flight Peter Capaldi Phishing Photography PHP Plex Plex Media Server Political Protest Postal Service Power Control Privacy Production use Public Violence Raspberry Pi Raspberry Pi 3 Raspberry Pi Zero ReactJS Recaptcha Recycling Refurbished Computers Remote Desktop Removable Storage Republicans Retro Computing Retro-Technology Reviews RFID Right to Repair River Song Robotics Rocket Ships RSS News Readers rsync Russia Russia Troll Factory Russian Hacking Rust SCADA Scheme Science Fiction SD Cards Search Engine Ranking Season 1 Season 10 Season 11 Security Security Cameras Server-side JavaScript Serverless Framework Servers Shell Scripts Silence Simsimi Skype SmugMug Social Media Social Media Warfare Social Network Management Social Networks Software Development Space Flight Space Ship Reuse Space Ships SpaceX Spear Phishing Spring Spring Boot Spy Satellites SQLite3 SSD Drives SSD upgrade SSH SSH Key SSL Stand For Truth Strange Parts Swagger Synchronizing Files Telescopes Terrorism The Cybermen The Daleks The Master Time-Series Database Tom Baker Torchwood Total Information Awareness Trump Trump Administration Trump Campaign Twitter Ubuntu Udemy UDOO US Department of Defense Virtual Private Networks VirtualBox VLC VNC VOIP Vue.js Web Applications Web Developer Resources Web Development Web Development Tools Web Marketing Webpack Website Advertising Weeping Angels WhatsApp William Hartnell Window Insulation Windows Windows Alternatives Wordpress World Wide Web Yahoo YouTube YouTube Monetization