Why You Shouldn't Trust Facebook: Facebook Employee Speaks Out about Abuse of Privacy and Member Data


The following shows what we've been saying all along and why we never felt the need to volunteer certain personal and private information to Facebook, which could potentially put our privacy, safety, and security at risk.  Thanks to Jonathan Meola and Gawker for bringing the interview with an anonymous Facebook employee at TheRumpus to our attention.

Gawker explains the problem pretty well:

The abuse of private data by Facebook employees was pretty much inevitable; the simple act of amassing data tends to lead to corruption. What's sad is how lightly the social network reportedly controls its employees.
Now, to the interview.  Ironically, the Facebook employee "was anxious to preserve her anonymity."  TheRumpus explains:
Facebook employees, after all, know better than most the value of privacy. As she is not permitted to divulge company secrets, and would like to remain employed, her name has been omitted from this interview..."
So Facebook employees have the right to remain anonymous when they express controversial views which could get them fired, but G-d forbid activists with controversial views should try to protect their identity on Facebook, lest they get deactivated!  

The main points you should know (gathered from Gawker as per TheRumpus and tweaked by us) are the following:
  • Facebook records and archives information on whose profile you view, and monitor your relationships as they "judge how good of a friend" your friends are to you
  • At one point, Facebook staff widely used a "master password" that unlocked access to anyone's account. Use of this password has been "deprecated," i.e. discouraged, implying the password might still exist and work. What was the password? "With upper and lower case, symbols, numbers, all of the above, it spelled out ‘Chuck Norris,' more or less. It was pretty fantastic."
  • The Facebook employee is aware of at least two coworkers being fired for abusing their access to profiles; the employee herself also inappropriately access profiles.
  • Facebook employees can "just query the database" to find your Facebook messages, as their internal controls are lax on Facebook's backend since "your messages are stored in a database, whether deleted or not. So we can just query the database, and easily look at it without every logging into your account. That's what most people don't understand. 
  • It seems safe to assume that if this particular employee obtained unauthorized account data, and knows of two other people who did, the practice has been reasonably widespread at Facebook.
  • There's a ‘switch login’ button that any Facebook employee can click allowing them to login as you
  • Facebook runs "psychological analysis" where they "do eye-tracking to see where your eyes move while you browse Facebook"
  • Facebook tracks everything you do on Facebook:  "Every photo you view, every person you’re tagged with, every wall-post you make, and so forth"
As Gawker sums up:
Sensitive data hoards inevitably attract attempts at unauthorized access. Whether it's hospital employees peaking at celebrity medical records or federal workers abusing their wiretap access 100 times in two tears (dubiously claiming it  was an "accident"), people confronted with a pile of information feel compelled to start digging.

The best protection for a user: Throw as little as possible onto the pile.
See also:

 The JIDF relies on your support. Click here to support us.


Posted: Monday, January 11, 2010


Copyright © Jewish Internet Defense Force
All Rights Reserved

LEGAL:
The views expressed on this website do not necessarily reflect the views of the JIDF. The content is not intended to malign any religion, ethnic group, club, organization, company or individual. This site's intention is to do no harm, to not injure others, defame, or libel. All data and information provided on this site is for informational, educational, and/or entertainment purposes only. The Jewish Internet Defense Force (JIDF) makes no representations as to accuracy, currentness, correctness, suitability, or validity of any information on this site and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use, or access to this site. We are not responsible for translation or interpretation of content. We are not responsible for defamatory statements bound to government, religious or other laws from the reader’s country of origin. All information is provided on an as-is basis with no warranties, and confers no rights. We are not responsible for the actions, content, accuracy, opinions expressed, privacy policies, products or services or for any damages or losses, directly or indirectly, caused or alleged to have been caused as a result of your use or reliance on such information on the Jewish Internet Defense Force site. This site includes links to other sites and blogs operated by third parties. These links are provided as a convenience to you and as an additional avenue of access to the information contained therein. We have not reviewed all of the information on other sites and are not responsible for the content of any other sites or any products or services that may be offered through other sites. The inclusion of these links in no way indicates their endorsement, support or approval of the contents of this site or the policies or positions of the JIDF. We have the right to edit, remove or deny access to content that is determined to be, in our sole discretion, unacceptable. These Terms and Conditions of Use apply to you when you view, access or otherwise use this blog and the Website. The JIDF is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.
Related Posts with Thumbnails