ADOTAS – On Tuesday Facebook cofounder and CEO Mark Zuckerberg traveled to Washington, DC, to meet with Republican members of the Senate’s high-tech task force and encourage them to tweet less and post on Facebook more… What? Oh no — he was discussing Internet privacy with them… Isn’t that like having the fox detail the best way to protect the hens?
Oh, I kid (possibly just exaggerate), but the event reminds me of former Senator Ted Stevens’ (R-AK) infamous “series of tubes” remark in 2006 during a debate on net neutrality — this widely publicized and ignorant description of the Internet was particularly depressing since at the time Stevens was chairman of the Commerce, Science and Transportation Committee.
When it comes to tech (well, actually most issues that require complex thinking), congresspeople tend to be unlearned at best and more likely misinformed, hence why the word “legislation” is akin to nails on a chalkboard for digital marketing folks. Agency regulation… That’s a story for another day.
But perhaps cynical me is running wild these days with the recent load of news that bolsters the theory that Internet privacy truly is an oxymoron: a website leaked private listserv emails between “liberal-leaning” journalists and think tankers; the Google Alarm introduced by Free Art and Technology that screams when Google collects data from you… which occurs on just about every website; and now an online security expert has assembled and posted on a file-sharing site a articulately wrapped package of 100 million Facebook users’ information.
Online security consultant/researchers Ron Bowes (whose name has appeared misspelled as “Bowles” in several places — Freudian slip much?) used a crawler code to scan the Facebook directory, which lists all users that are sharing even the teensiest bit of personal information, and then erected a file that can be easily searched and used for compiling of user information.
He uploaded the 2.8 gigabyte file, which included the code he used to collect the information, to The Pirate Bay, an infamous Swedish site that indexes BitTorrents (and recently introduced a dating service — find your media pirating match!). Though it wasn’t in the site’s top 100 torrents — how could it compete with the top duo, “The Twilight Saga: Eclipse” and “Hot Tub Time Machine”? — it still had 3,306 seeders and 10,062 leechers when I checked on it.
“Scary,” “terrifying” — Well, maybe it would be if all of the information couldn’t be found in the public domain. Yeah, you could find everything in the file through good old search. Facebook released a dead-on statement:
“[I]nformation that people have agreed to make public was collected by a single researcher. This information already exists in Google, Bing, other search engines, as well as on Facebook…. No private data is available or has been compromised. Similar to a phone book, this is the information available to enable people to find each other, which is the reason people join Facebook.”
More than one commenter on The Pirate Bay suggested that the file would never have raised an eyebrow if the BBC hadn’t started shrieking about it.
“Facebook should have anticipated this attack and put measures in place to prevent it,” Simon Davies of Privacy International told the BBC in that article. “It is inconceivable that a firm with hundreds of engineers couldn’t have imagined a trawl of this magnitude and there’s an argument to be heard that Facebook have acted with negligence.”
Yeah, “attack” is a pretty strong choice of words; hyperbole, you might say.
Actually, my hat is off to Bowes for his ingenuity in gathering and assembling the data. I’m kinda confused why he’s giving this away because there are plenty of marketers who’d pay. Bowes told the BBC that the file was created as part of his work on the Nmap Security Scanner, in particular a took called Ncrack that tests organizations’ password policies by subjecting them to “brute force attacks; in other words, guessing every username and password combination.”
Apparently Bowes used the Facebook Directory to assemble a list of common names to use for these attacks, and ended up releasing the data because he thought it would be of interest to the community.
He was right — it’s the actual compiling of the data that is freaking out the public and some of the media, all of whom seem shock that something like this could be done. Perhaps it’s not just congresspeople who are ignorant of the ways of the Internet. At the very least, there will be another dustup about Facebook’s default privacy settings and there will be more screaming about the company slacking in educating the user base (though I think many users are equally guilty of being willfully incurious).
In a blog on Bowes’ website skullsecurity.org, which appears to have been swamped beyond its bandwidth, “As I thought more about it and talked to other people, I realized that this is a scary privacy issue. I can find the name of pretty much every person on Facebook.”
And that’s actually where the problem is, another extension of Facebook’s false advertising — the idea that there are private accounts.
In its statement on the file, Facebook said: “If someone does not want to be found, we also offer a number of controls to enable people not to appear in search on Facebook, in search engines, or share any information with applications.”
But Bowes discovered that private accounts could still be discovered by outsiders — if they were friends with anyone who was searchable, they could be found. Unless all your friends on Facebook are private as well — unlikely is an understatement — your name is out there for the taking. And if you switch your privacy settings now, you’re still SOL because Bowes’ file represents that moment, and will forever display the information gathered when he went crawling.
Thus there is no such thing as privacy on Facebook. In general, I’m sick of supporting notions of “online data privacy” because it doesn’t exist. No legislation or regulation is going to change the fact that if you share something on the Internet, it’s up for grabs.
Don’t like that? Disconnect.