Why You Shouldn't Trust Facebook with Your Data: An Employee's Revelations

[safeguy]

Why You Shouldn't Trust Facebook with Your Data: An Employee's Revelations

The abuse of private data by Facebook employees was pretty much inevitable; the simple act of amassing data tends to lead to corruption. What's sad is how lightly the social network reportedly controls its employees.

There's a great interview on TheRumpus.net with an anonymous Facebook employee. Here are some of the things she divulges:

* As of a few months ago, Facebook records and archives information on whose profile you view. (Apparently this was already publicly known.)
* Facebook has 200-220 million active users, and more than 300 million total accounts, including disabled accounts and potential fakes.
* At one point, Facebook staff widely used a "master password" that unlocked access to anyone's account. Use of this password has been "deprecated," i.e. discouraged, implying the password might still exist and work. What was the password? "With upper and lower case, symbols, numbers, all of the above, it spelled out ‘Chuck Norris,' more or less. It was pretty fantastic."
* The Facebook employee is aware of at least two coworkers being fired for abusing their access to profiles; the employee herself also inappropriately access profiles.
* Facebook employees can "just query the database" to find your Facebook messages.

The picture that emerges is one of loose internal controls on private data access. Sure, the master password has been replaced by a system in which Facebook staff must log a justification when they view users' private profile data. But the employee said managers aren't "on your ass about it," leaving the door open for situations like this one:

When I first started working there, yes — I used it to view other people's profiles which I didn't have permission to visit. I never manipulated their data in any way; however, I did abuse the profile viewing permission at several initial points when I started at Facebook.

It also sounds like controls are lax on Facebook's backend database:

Your messages are stored in a database, whether deleted or not. So we can just query the database, and easily look at it without every logging into your account. That's what most people don't understand.

It seems safe to assume that if this particular employee obtained unauthorized account data, and knows of two other people who did, the practice has been reasonably widespread at Facebook, recent "crackdown" or not.

Sensitive data hoards inevitably attract attempts at unauthorized access. Whether it's hospital employees peeking at celebrity medical records or federal workers abusing their wiretap access 100 times in two tears (dubiously claiming it was an "accident"), people confronted with a pile of information feel compelled to start digging.

The best protection for a user: Throw as little as possible onto the pile.

Source

What have you got to say about this???

[Newbie Comp user]

The best protection for a user: Throw as little as possible onto the pile.

YES I couldn't agree more.
I use Facebook myself and reading this post will probably make me more aware of the ''things'' I put about me...
We should all be aware of hackers (hopefully), they will do everything to "hack-in" whether its a site,game,program,computer, YOU NAME IT.

Thanks for sharing this info safeguy.
-NCU

[shan]

u dont need to put a lot into it just the basics would be all (but ive put everything abut me :P) but no problem

[ceyfer]

It reminds me of Do You Have Facebook Conspiracy ( 2007 ) | Youtube

[BTOR]

Thanks for sharing this info safeguy.

but what to do now many entry in to any competetion requirea either a face book account or a twitter account

[safeguy]

many entry in to any competetion requirea either a face book account or a twitter account

I agree....and I usually don't participate in such giveaways. But if you desperately need to enter, then just create a 'disposable' Facebook/Twitter account for such giveaways...you don't have to give away your real info

[blackrose]

Some points I was thinking to close my facebook account. But I stopped myself as all my friends are using it.

Facebook making money not securing our data.

[hellnoire]

I'm keeping mine for now, though I've deleted all apps and personal information on it, so it's next to impossible to think of something to find on me. The other thing is... my statuses are random tech statuses or just love for my lover. Things that no one could arrest me for, that's for sure.

[shan]

guys facebook does try its best to protect the user data its the other develpors and non tec users puting their own data at risk by adding all sorts of apps which u have to grant special permission(acces ur and ur friends details)

[bahirzaheri8]

Facebook is data mining for government