The following shows what we've been saying all along and why we never felt the need to volunteer certain personal and private information to Facebook, which could potentially put our privacy, safety, and security at risk. Thanks to Jonathan Meola and Gawker for bringing the interview with an anonymous Facebook employee at TheRumpus to our attention.
Gawker explains the problem pretty well:
The abuse of private data by Facebook employees was pretty much inevitable; the simple act of amassing data tends to lead to corruption. What's sad is how lightly the social network reportedly controls its employees.Now, to the interview. Ironically, the Facebook employee "was anxious to preserve her anonymity." TheRumpus explains:
Facebook employees, after all, know better than most the value of privacy. As she is not permitted to divulge company secrets, and would like to remain employed, her name has been omitted from this interview..."So Facebook employees have the right to remain anonymous when they express controversial views which could get them fired, but G-d forbid activists with controversial views should try to protect their identity on Facebook, lest they get deactivated!
The main points you should know (gathered from Gawker as per TheRumpus and tweaked by us) are the following:
- Facebook records and archives information on whose profile you view, and monitor your relationships as they "judge how good of a friend" your friends are to you
- At one point, Facebook staff widely used a "master password" that unlocked access to anyone's account. Use of this password has been "deprecated," i.e. discouraged, implying the password might still exist and work. What was the password? "With upper and lower case, symbols, numbers, all of the above, it spelled out ‘Chuck Norris,' more or less. It was pretty fantastic."
- The Facebook employee is aware of at least two coworkers being fired for abusing their access to profiles; the employee herself also inappropriately access profiles.
- Facebook employees can "just query the database" to find your Facebook messages, as their internal controls are lax on Facebook's backend since "your messages are stored in a database, whether deleted or not. So we can just query the database, and easily look at it without every logging into your account. That's what most people don't understand.
- It seems safe to assume that if this particular employee obtained unauthorized account data, and knows of two other people who did, the practice has been reasonably widespread at Facebook.
- There's a ‘switch login’ button that any Facebook employee can click allowing them to login as you
- Facebook runs "psychological analysis" where they "do eye-tracking to see where your eyes move while you browse Facebook"
- Facebook tracks everything you do on Facebook: "Every photo you view, every person you’re tagged with, every wall-post you make, and so forth"
Sensitive data hoards inevitably attract attempts at unauthorized access. Whether it's hospital employees peaking at celebrity medical records or federal workers abusing their wiretap access 100 times in two tears (dubiously claiming it was an "accident"), people confronted with a pile of information feel compelled to start digging.See also:
The best protection for a user: Throw as little as possible onto the pile.