Details of 100m Facebook users collected and published

PogMoThoin

Ron Bowes used a piece of code to scan Facebook profiles, collecting data not hidden by the user's privacy settings. The list, which has been shared as a downloadable file, contains the URL of every searchable Facebook user's profile, their name and unique ID. Mr Bowes said he published the data to highlight privacy issues, but Facebook said it was already public information.

The file has spread rapidly across the net. On the Pirate Bay, the world's biggest file-sharing website, the list was being distributed and downloaded by more than 1,000 users. One user, going by the name of lusifer69, described the list as "awesome and a little terrifying". In a statement to BBC News, Facebook said that the information in the list was already freely available online.

http://www.bbc.co.uk/news/technology-10796584

alwaysadub

People shouldn't leave their profile public if they don't want people to be looking at it.

Rabies

I can open a phone book and easily get a Name, phone number, address.

Then call up and ask for more personal info.

No big deal really.
Nothing shocking about it. Info was already public.

TheMilkyPirate

Meh.

Mr Benevolent

Hah, look at the TPB uploader's file list. Bet he didn't want the world finding out about his porn stash...

Terry

baraca wrote: »

Meh.

I'll second that by adding that my name is not searchable.

Biggins

Not bothered. The CIA, FBI, MI5, MI6, G2, FSB and Shin Bet know about me - what else have I got to worry about!

Superbus

"Jack likes Dutch Gold" "Great nite... I think " "Conor is now friends with Aine"

Vital information I'm sure.

PogMoThoin

Rabies wrote: »

I can open a phone book and easily get a Name, phone number, address.

Then call up and ask for more personal info.

No big deal really.
Nothing shocking about it. Info was already public.

Yes, but Facebook has a default setting for privacy that makes some info publicly available. People have to make a conscious choice to opt-out of the default security options. Much like the Eircom WEP issue, most people are clueless and won't bother

Mark200

I'm downloading it now, just out of curiosity. The only information that I have viewable to public on my facebook is my name and the groups I have joined... but it'll be interesting to see what kind of information on people is actually in the file. I'm sure there are plenty of people who never bothered to stick their information on private.


But I agree, it's not a big deal since it was already viewable by the public anyway.

Actually, looking at the files it seems the only information that the files have is the names and profile urls.... hardly newsworthy.

Ghost Train

Pity Eircom have blocked the pirate bay and this important info from its customers

PeterIanStaker

People need to be aware that they can set the privacy levels on FB. I didnt know until I was shown recently.

Not Facebook's fault if you had your profile public.

Mark200

Ghost Train wrote: »

Pity Eircom have blocked the pirate bay and this important info from its customers

There are plenty of other torrent sites....

PogMoThoin

Mak_United wrote: »

Not Facebook's fault if you had your profile public.

Yes it is, it should be private by default, opt in to make public

PogMoThoin

Ghost Train wrote: »

Pity Eircom have blocked the pirate bay and this important info from its customers

They've only blocked the website, the torrents from Piratebay still work

biko

Set your account to as private as possible. Like only friends can see anything, not friends of friends nor everyone.

snowyeoghan

There is no personal information in the fies - only names and URLS to their Facebook profile.

This is all useless, until somebody begins to exploit this information.

Rabies

PogMoThoin wrote: »

Yes, but Facebook has a default setting for privacy that makes some info publicly available. People have to make a conscious choice to opt-out of the default security options. Much like the Eircom WEP issue, most people are clueless and won't bother

I think the same goes for number book. Opt in or out.

Its up to the individual to create the profile and they stock it with what ever info they want. Public or private, its down to the profile owner.

28064212

PogMoThoin wrote: »

Yes it is, it should be private by default, opt in to make public

Arguably. But this is very different from the Eircom WEP issue. Eircom were selling routers with a password that could easily be broken. The sole point of the password was to prevent people gaining access, and it wasn't sufficient.

Facebook is the opposite. The sole point of a Facebook profile is to make information available to a wider range of people. If Facebook made the default setting private, there would be huge numbers of complaints from people about how they can't find their friends.

The phonebook analogy is a much more apt comparison than the Eircom WEP fiasco

Terry

28064212 wrote: »

Arguably. But this is very different from the Eircom WEP issue. Eircom were selling routers with a password that could easily be broken. The sole point of the password was to prevent people gaining access, and it wasn't sufficient.

Facebook is the opposite. The sole point of a Facebook profile is to make information available to a wider range of people. If Facebook made the default setting private, there would be huge numbers of complaints from people about how they can't find their friends.

The phonebook analogy is a much more apt comparison than the Eircom WEP fiasco

Or the register of electors.
Throw your name in there and change the settings so that you don't get junk mail.
http://www.checktheregister.ie/

Grimebox

Somebody gathers public information that has already been made public by the user. What's the problem?

Grimebox

PogMoThoin wrote: »

They've only blocked the website, the torrents from Piratebay still work

Really? I first noticed piratebay was blocked WHEN my torrents stopped working.

RachPie

Mine's not on public, so as long as anything of mine isn't published, I'm happy.
Anyone else, I suggest you change your settings!

fontanalis

Can someone clarify something? Wasn't Facebook sold for billions despite neevr making a profit, and isn't the only way to make money off it to sell information to marketing companies or through aggressive, direct/tailor made advertising based on the user profile.

Terry

Grimebox wrote: »

Somebody gathers public information that has already been made public by the user. What's the problem?

To highlight that it can also be made available to hackers and the like.

How many of you have gotten one of those spam PMs from a friend that lead to a virus riddled site?
This is how the hackers do it. They just exploit the weak security, garner the e-mail addresses, hack the account and then send on dodgy links.
You click the link, and then they hack your account.

Keep your e-mail address hidden from everyone.

PogMoThoin

PogMoThoin wrote: »

Yes it is, it should be private by default, opt in to make public

No, it tells you about the option of making it private when making one so its up to you.

Like bebo, myspace etc.... Its all public by default.

Your own hard luck if you were to lazy to set it to private.

Mark200

fontanalis wrote: »

Can someone clarify something? Wasn't Facebook sold for billions despite neevr making a profit, and isn't the only way to make money off it to sell information to marketing companies or through aggressive, direct/tailor made advertising based on the user profile.

They make money through advertising on their site.

Facebook don't share any of your information with third parties without your consent.

PogMoThoin

Grimebox wrote: »

Really? I first noticed piratebay was blocked WHEN my torrents stopped working.

That TPB torrent is dl'in fine for me on Eircom, I'm very curious as to what it contains. Its being leeched to hell, not great speeds

messymess

Rabies wrote: »

I can open a phone book and easily get a Name, phone number, address.

Then call up and ask for more personal info.

No big deal really.
Nothing shocking about it. Info was already public.

You see, this is the line that's being spun by Facebook execs. They've casually brushed this off but they're absolutely reeling about the bad publicity this has caused. Is it a co-incident that the "researchers" site is currently down? I hope he's up to his hole in legal threats. He's an irresponsible idiot looking for attention and not a security researcher. He blatantly violated their T&C's by scraping 100m user's data. I'm at pains to to see why they didn't notice and stop this. Scraping 100m users worth of data is pretty dam hard to miss.

The fact of the matter is that Facebook couldn't really care less about your privacy. If they did their privacy policies would have remained static, or become more restrictive over the years, not less.

http://www.eff.org/deeplinks/2010/04/facebook-timeline

Standard data protection laws dictate that personal data has a shelf life and that once it has expired, it's deleted (in this case this is when YOU want). How many people have their facebook walls open, pics available etc? If a site encourages you to use it so interactively they should do everything in their power to protect your personal information. Lock it down and THEN let people open it up, NOT the other way around.

I really pity the people who joined controversial groups or had a pictures of themselfs with a spliff in their mouth at 18 trying to get a job when they've matured a bit. People look at this stuff! God knows what else he scraped! Peoples walls, their pics?

Facebook has really messed up because they encourage you to share everything and far too insecurely. They made their security interface too unintuitive for most people to use to its full extent, if at all and god knows how many times they changed their settings about.

I'm downloading the data now to take a look at what this guy scraped but make no bones about it, he's a complete cock sucker.

fontanalis

Mark200 wrote: »

They make money through advertising on their site.

Facebook don't share any of your information with third parties without your consent.

Thanks, I think Facebook (despite being handy for looking up people you lost contact with) is a gimmick that didn't warrant it's sales price and maybe I'm being paranoid but I expect horror stories about peoples information going walkabout in the future.

Mark200

messymess wrote: »

God knows what else he scraped! Peoples walls, their pics?

As said many times already, the only information in the files is the name and profile url of a user.

PogMoThoin

Mark200 wrote: »

As said many times already, the only information in the files is the name and profile url of a user.

If someone can scrape 100m profile url's without getting detected or ringing alarm bells, just how lax is the security or do they even give a shít?
Glad I'm not a Facebook user

Mark200

PogMoThoin wrote: »

If someone can scrape 100m profile url's without getting detected or ringing alarm bells, just how lax is the security or do they even give a shít?
Glad I'm not a Facebook user

You don't know how it was done, and over what time period it was done.

The security is as lax as a user sets it to be.

messymess

Mark200 wrote: »

As said many times already, the only information in the files is the name and profile url of a user.

...and what other information did he scrape in the process that hasn't been published yet?

How many other people are scraping the site right now, going one better and one further?

It's a far bigger issue than just this one incident.

PogMoThoin

Mark200 wrote: »

The security is as lax as a user sets it to be.

Not the user set security, the security on the servers the info is stored on. How secure are they? Boards.ie got hacked, what are Facebook doing to prevent the same, has it already happened. Facebook is a much bigger target

28064212

PogMoThoin wrote: »

If someone can scrape 100m profile url's without getting detected or ringing alarm bells, just how lax is the security or do they even give a shít?
Glad I'm not a Facebook user

That's incredibly easy to do. Do you have any idea how many requests are made to the Facebook site on average per day? There's no way to combat someone scraping public information.

Mark200

messymess wrote: »

...and what other information did he scrape in the process that hasn't been published yet?

How many other people are scraping the site right now, going one better and one further?

It's a far bigger issue than just this one incident.

The scripts he (claimed) he used are included in the download.

If you read the article, you would have seen that he claims to have done this in order to highlight the lax security in which you're referencing... so to call someone who gathered everyone's name and profile url in order to highlight facebook security concerns as a "complete cock sucker" is at best childish, but in reality extremely idiotic.

He's taking your corner. Or, really, you're taking his without realising.

28064212

PogMoThoin wrote: »

Not the user set security, the security on the servers the info is stored on. How secure are they? Boards.ie got hacked, what are Facebook doing to prevent the same, has it already happened. Facebook is a much bigger target

What does that have to do with the topic? What is any website doing to prevent hacks? Are you aware of any successful hacks? Why is Facebook more susceptible than Amazon or Ebay, where they have your credit card details?

orourkeda

Henrietta like cheeseburgers.

I'm sure nasa are whacking off as we speak.

Mark200

PogMoThoin wrote: »

Not the user set security, the security on the servers the info is stored on. How secure are they? Boards.ie got hacked, what are Facebook doing to prevent the same, has it already happened. Facebook is a much bigger target

Well there's a huge difference between scraping publicly available info, and actually hacking into the servers. I don't know how I was supposed to know you were talking about hacking when the only thing you talked about in your post was scraping public info.

They haven't been hacked, yet. So that says something. We don't know how secure their servers are... so there's no point getting your panties in a knot over a problem that may or may not exist.

PogMoThoin

Mark200 wrote: »

They haven't been hacked, yet. So that says something. We don't know how secure their servers are... so there's no point getting your panties in a knot over a problem that may or may not exist.

You don't know that, Boards got hacked and immediately went public on it, how many sites get hacked and keep it quiet rather than face the embarrasment?

Mark200

PogMoThoin wrote: »

You don't know that, Boards got hacked and immediately went public on it, how many sites get hacked and keep it quiet rather than face the embarrasment?

Facebook has 1,400 employees. I find it extremely hard to believe that a social networking site as high-profile has Facebook could cover up something like that.

Not to mention the fact that hackers usually hack for the glory... whoever successfully hacked Facebook and got a significant amount of private user information would not keep it quiet.

PogMoThoin

Mark200 wrote: »

Facebook has 1,400 employees. I find it extremely hard to believe that a social networking site as high-profile has Facebook could cover up something like that.

Not to mention the fact that hackers usually hack for the glory... whoever successfully hacked Facebook and got a significant amount of private user information would not keep it quiet.

http://www.tomsguide.com/us/Facebook-Mark-Zuckerberg-Social-Networking-privacy-security,news-6794.html

Mrmoe

Facebook is no different from any other online resource such as an email providers like Gmail. Someone tried to access/login my facebook profile from the USA at the start of the week. I received a notification indicating this and subsequently changed my password. If somebody wanted to get good information about me they would be better off hacking my email accounts. There would be juicier information in there. If you don't want information available on the net then don't post it.

messymess

Mark200 wrote: »

The scripts he (claimed) he used are included in the download.

If you read the article, you would have seen that he claims to have done this in order to highlight the lax security in which you're referencing... so to call someone who gathered everyone's name and profile url in order to highlight facebook security concerns as a "complete cock sucker" is at best childish, but in reality extremely idiotic.

He's taking your corner. Or, really, you're taking his without realising.

The article I read claims he compiled this list to put together the most "common names" for use in password attacking scripts, not as a privacy crusade to fight the good fight for Facebook users. I'll reserve further judgement until I find out more about this guy, his activities and I download the data but the term that's bandied about the industry is "responsible disclosure", I don't believe this fits the bill, he behaved irresponsibly to stroke his own ego ..... why didn't he publish the data anonymously?

Mark200

PogMoThoin wrote: »

http://www.tomsguide.com/us/Facebook-Mark-Zuckerberg-Social-Networking-privacy-security,news-6794.html

So you never said stupid things that you didn't mean when you were 19? Fair play.

Mark200

messymess wrote: »

The article I read claims he compiled this list to put together the most "common names" for use in password attacking scripts, not as a privacy crusade to fight the good fight for Facebook users. I'll reserve further judgement until I find out more about this guy, his activities and I download the data but the term that's bandied about the industry is "responsible disclosure", I don't believe this fits the bill, he behaved irresponsibly to stroke his own ego ..... why didn't he publish the data anonymously?

What on Earth difference would publishing the data anonymously make?

You can find out the most "common names" from any census website or statistics website on the internet. You don't need to crawl facebook to get that kind of information.

temply

orourkeda wrote: »

Henrietta like cheeseburgers.

I'm sure nasa are whacking off as we speak.

28064212

PogMoThoin wrote: »

http://www.tomsguide.com/us/Facebook-Mark-Zuckerberg-Social-Networking-privacy-security,news-6794.html

I have a friend in AIB who tells me he'll get me any account information I want on any customer. Says he's already looked up my credit record. Doesn't mean crap, it's a couple of friends joking around. Where's the follow on conversation where he actually gave out information?

PeakOutput

non issue to be honest