I don't do this Facebook thing but surely a Facebook Page is a page so why the capital P?
Businesses and individuals using Facebook Pages are getting booted off their fanpage with no way back on, and it's costing some of them money. Typically, the administrator tries to access the Page, only to discover that someone else has managed to get admin privileges and then deleted their admin status. Because they are no …
I think the point is that the agent in a position to make a backup is Facebook whereas the agent that bears the loss if there is no backup is the usurped owner.
It's called externalisation of risks. In this case, there is no incentive for Facebook to get their act together unless people start moving their operations away in large enough numbers for it to hit advertising revenue. Since Facebook's userbase is already self-selecting for those who don't mind being screwed over, that seems unlikely.
Facebook's lying help pages, not this article. This article has actually probably saved me a bit of time, as the FB help pages say that giving someone is a good way to ensure that you never lose admin, as you can give access to someone else and if they have been admin for a shorter time than you they can't delete you.
Nice to know it's a crock of shit. Time to go and tidy up my facebook pages!
Can you please post a link to the FB help page that says
"...giving someone is a good way to ensure that you never lose admin, as you can give access to someone else and if they have been admin for a shorter time than you they can't delete you."
I have never seen such a page. The only guidance I saw was the page linked from this article where FB warns us all that making someone else an admin gives them the same level of control as we have. As admin we can promote anyone we want to admin, remove people, ban people, and revoke admin privilages. Promoting someone else to admin obviously gives them the same level of access... that is what it says in the help page. Giving someone else that level of control over a page that you spent two years developing, someone who is not on your payroll, employee or outsourced service provider, is just silly.
This exact same thing happened to our business facebook page.
We run a small guest house in Blackpool and our facebook page kept us in contact with many of our guests. We had posted hundreds of photographs and there was thousands of comments on those photographs until it was compromised.
To this day, I have no idea how they got access... facebook claims the only way they could have gained access is through my password, which i find very unlikely....
Facebook were not interested in the slightest. they just did not care a single bit. The only thing we could do was start again, we still had lost hundreds of photos and comments, and over 6 months later we only have quarter of the traffic we used to get on our page.
I can understand the security implications of facebook re instating peoples admin rights that have been removed, but there needs to be a facility in place for the legitimate owner of a page gaining access to the site again !!
My main point is this - refusing to reinstate admin privs is *NOT* a security issue, it's a money issue. If FB have to deal with 1000s of requests to reinstate admin privs they have to either -
1) spend hundreds of man hours investigating those requests/claims and actioning them; or
2) just action them blindly.
1 is a very expensive option, and given that FB already has quite an expensive operation, adding to that cost pressure is not good for share price. 2 is just going to get abused left, right and centre so won't happen. Instead FB say that the security of the page is your job, like it or lump it (pun unintended).
As an aside, I have to agree with FB that on the balance of probabilities the fault for loss of the page lies with you. The user/pass details were likely compromised either due to them being written down somewhere or shared with another party, any of the PCs used to administrate the page being compromised, the account being left logged into FB and accessed by another party on that PC, etc.
To be fair, locking down a PC that has more than one user, and is used to access the internet is no easy task (some may say even impossible). I would advise that on your current page you set up a couple of "fake" FB accounts and give admin privs to them. Then use those accounts to do the work - if one is compromised you keep your "root" account as they can't delete that (it being older than the account they compromised). If you do lose an account just delete all admin accounts except your "root" one and start again.
You could still lose your "root" account and be screwed, but it will be much less likely to happen as you'll hardly ever be logged into it to have it compromised. Only log in to that account from your smart phone and you limit the options for hacking it even more. A pain? Ofc, but that's security of any type for you.
"I have to agree with FB that on the balance of probabilities the fault for loss of the page lies with you."
in all probability in most cases it is.... but in my particular case it was not compromised by my neglect.
The easy fix is that the original creator of the page should not be able to be removed from admin will be status of a facebook page unless they receive the request in writing from someone who can prove that they are for example the owner of the business and is confirmed by the creator of the page and they should even charge a nominal fee for the removal !
maybe a temporary suspension from admin status while paperwork is sorted out will be a wise move to prevent malicious mischief from an employer, but would only be actioned by an existing co-administrator
I am sure that in most cases the page will just be left alone and only if someone has legitimate concerns over a page owner remaining in control then the expense and time will be worth the end result.
Its not that hard is it?
There are various other options too, like requiring multiple admins to agree to delete another admin (or perhaps this could be applied only in the case of the page creator).
Another option would be to only allow temporary suspensions of the creating account, not deletion. Most Hax0rs will get bored and forget to renew the suspension so the original account could be recovered. A legit business wanting to keep the original account suspended could do so indefinitely.
The problem is that a user does not own the gold mine that this lot dig.
Suckerbook own the mine and you are the dirt it digs and pans for gold, so what if they get rich and you get the shaft?
They do not care!
Any surprise that I do not have a backside book wall/page/slab on the pavement?
Just because it's free doesn't mean it's not a dick move to ignore anyone having trouble with admin access. Then again they can't sell on the personal preferences of businesses to marketeers so second rate assistance is probably par for the course.
OK, I'll bite.
Stepping back from the world of geekdom and back into the real world, not everyone has the time or knowledge to set up a website. Your average small business does not want, or probably have any idea how, to do this.
Find a reliable domain host, choose a relevant domain that hasn't already gone, find a website developer.
Once that's done, you need to maintain a mailing list. Time and admin required, and more hassle as you're probably entering the world of the Data Protection Act thanks to the name and email addresses.
Or, sign up for a page on Facebook, bung up a few words and you're done.
Not everyone is computer-literate, not everyone has the time to maintain a website and mailing list.
One other thing you're missing, people are quite happy to click Like on a Facebook page, as you can click Unlike any time you want, and the updates stop. Sending emails to sign up and then again to cancel is more hassle and means handing over your details to companies and organisations that do not have the know how to protect those details.
Regardless of the fact that Facebook's explanation is transparently a load of bollocks (everything else being equal, the fact that they actively resist attempts to back up your stuff (contacts/pictures/whatever) or export it from their site should be a big fat hint), anyone whose business depends on a free web site not under his control is a fool.
The argument that not everyone has IT skills or is capable of putting up a web site is void - for a few hundred Euros you can get someone to do that for you. I can't draw so I get the graphics for my flyers from some free web site - if it goes away, does anyone seriously think I have the right to complain just because "I can't draw"? Do you get many free lunches where you live?
no matter what you think of facebook or social networks, they have a massive userbase and if the people that use facebook are your target market then you would be stupid not to have a facebook page....
I would imagine a £1,000 per night 5 star hotel with a 3 Michelin stars restaurant will not attract the facebook generation, nor would they want them ... but lets say a £25 per person per night Blackpool B&B who's customers ARE the facebook generation and the custom you generate from word of mouth recommendations are very valuable... a quick message about a upcoming event and that generates business....
as a IT geek its so easy to get snobby about facebook and other social networks, but only a fool will ignore a relatively cheap source of advertising that gets results, just because they use your personal information YOU share to target adverts....
also, I have to add that checking out the web stats, most people these days that visit my website then click through to the facebook page and will post a enquiry on the wall sooner than send emails!
"anyone whose business depends on a free web site not under his control is a fool."
I totally agree.....
but only a fool will ignore a free advert that gets results, just because its free....
it just maybe possible that 100% of your revenue comes through that stream, what do you do? ignore it and hope it goes away, just in-case it does?
can we have a head burred in sand icon please?
But the fact of the matter is if you run a business site on Facebook, then the information gathered - whilst being important to you - DOES NOT BELONG to you.
"....means handing over your details to companies and organisations that do not have the know how to protect those details."
Oh, the irony.....
It's not just an alternative to having a website it's also an 'additional channel' to your website as any good ecomms/emarkerteer will tell you.
A good example being dear old El Reg, they have a website and a facebook presence (haven't looked to see if they have a twitter presence as well).
If there's pictures of you (that you own) then file a DMCA request claiming that the account is infringing copyright and hopefully it'll get taken down.
Not ideal but they'll take more interest in a DMCA request as there's a legal backup (i.e. you can sue facebook) if they don't do anything.
Some Nigerian cloned her Facebook profile and started trying to get money out of her friends and family. The solution is to use the report button on the bottom left side of the coned page and report it as someone pretending to be someone else. I got my aunt's friends to all do that and they had the cloned page down a few hours later.
its only as much of a toy is lets say a Xbox or PS3,
whatever you like to call it, it IS a communications tool and a very good one for keeping in touch with clients/customers/friends/families....
yes, it has its faults and a lot of people like to bitch about those faults, but the fact remains, for my particular business it works wonders. It works wonders also when someone has a complaint and you make that complaint publicly on that companies website...
also, you can backup all of your photos etc as much as you like, as far as I know there is no way to backup the comments and tags to things like photographs or videos.
I have little sympathy.
If someone's business model is to freeload around the media space, and depend upon the cybergypsies they pick up along the way, then the old biblical tale of building a house on sand sounds like a far better planned arrangement.
Look, cheapskates, there is a reason that hosted web sites and web designers cost money: they are a proper way to do business. The electronic equivalent of flyposting is not.
I can pay for a advert in newspapers around the country to promote my business and its very hit or miss when it comes to responses.
I can use facebook that is free, and it is where a lot of customers for my business will look first....
just look at how many big companies all have facebook pages now. to most of them the cost of hosting a website is negligible, so to describe them as cheapskates is ridiculous.
There are plenty of businesses that solely survive on being on facebook..
i suspect that there are many very bitter web devs and hosting companies losing out to facebook, they should learn from the music industry when their business model went tits up
The right way to use Farcebuk is to use it grab your customers and funnel them to a web site. If necessary, feed and cater for them there, with daily content changes, webcams, feedback forums, special offers.
>There are plenty of businesses that solely survive on being on facebook.
If they have no other plans they could be in real trouble. No-one plays golf with one club, or sets out to shoot a rogue elephant with a single bullet.
Like ebay traders who were suddenly soaked for bigger ebay premiums, or the entire country of Uruguay exporting only the one thing - corned beef - you are in severe danger of catching a cold in a monculture.
Rolling with your analogy of newspaper adverts, I have a simple question.
Would newspaper adverts be your entire business? I believe not and, in the case of yes, say hello to Darwinism. For a business, big or small, it should never really be more than "an advert in the newspaper" but quite simple (and correctly stated already) puts people on the right track to your website.
For me the biggest reason not to solely rely on FB would be the absolute and complete lack of branding other than a logo.
Free or not Facebook is NOT a business tool and anyone using it as such should know what to expect form these monkeys, Facebook handle everything in the same way; make a change, don't tell anyone, disrupt many users services, release PR waffle, panic and make mitigating changes.
The PR and marketing wonks who've decided to jump on the Facebook bandwagon without so much as considering things like this will only encounter them more and more frequently
Don't use facebook or similar for important business purposes.
Put it somewhere you have a reasonable amount of administrative control -- like a properly hosted *real* web site.
Not only will you be able to control your own backups but you will also be able to ensure better privacy, both for you and your users.
This post has been deleted by its author
That Facebook's help pages containing misinformation is a common enough occurrence that, if you click "no" for the "was this helpful", one of the options is "this page contains incorrect information".
Does not inspire confidence when the documentation about your own site is crowd-sourced.
It makes clear that if you grant someone else admin privilege to your Facebook Page you had better be sure you can trust them because they have the power to boot you.
Page creators can always access pages they created, even if they have been removed from the admin list, booted from the page and banned. They can read the page as well as anyone else. They just can't post to it.
I control several pages. Although I have admin privilege on most of them there are a few where I do not. I have only created a few pages. There are others in my team who do that for me. If they stop working for me it is right and proper that I can remove them from the admin list. I would hope to not ban them unless they are causing problems for the rest of the community but still, I am not taking a chance by leaving former employees with admin access in place.
I was commenting on Facebook's need for end users to help them correct their documentation about their own site, which ironically is not always clear about its policies in the first place. I wasn't commenting on the content itself.
But I can add that, since this article was printed, they've changed the content of that page. Some might thank El Reg for this, but I also clicked the "this information is incorrect link" yesterday - so you may as well thank me for clearing up this confusion for everyone :D
It doesn't matter what you think, it matters that your customers expect to find you on FaceBook. You should have a proper website too, but opting not to have a FB page if it could gain you business is something a moron who doesn't understand running a business would advise.
"is something a moron who doesn't understand running a business would advise"
And so would using a free social media site run by a disinterested third party as the sole means to manage business relationships.
"It doesn't matter what you think" Really? I hope you don't take that line with your customers.
Less of the ad hominem attacks. And more medication perhaps.
Restore what exactly? The issue isn't loss of data but loss of the page itself. It's like if someone steals your company domain... you can buy another domain and restore from backup, but all your SEO expenditure and so on is not backed up.
Similarly you can create a new FB Page but your user-base is still on the old page.
All they need to do is restore the list of users with admin permissions from when the page was first created. Then the page would be back under the control of the original admin who could delete any spam postings and start adding back the proper content.
Also, dummy, if someone steals your domain, the registrar will give it back to you. Notice how we're all still surfing to ElReg at its usual domain, despite it having been stolen on Sunday? The Register didn't have to set up a new domain, did it? They got it back within hours and none of their precious SEO was wasted.
A turtle and a scorpion came together at the river bank trying to escape the forest fire.
As the turtle was getting into the water, the scorpion, being a very poor swimmer, asked the turtle to carry him on his back across a river to safety. "Are you mad?" exclaimed the turtle. "You'll sting me while I'm swimming and I'll drown."
"My dear turtle," laughed the scorpion, "if I were to sting you, you would drown and I would go down with you, and drown as well. Now where is the logic in that?"
The turtle thought this over, and saw the logic of the scorpion's statement. "You're right!" cried the turtle. "Hop on!" The scorpion climbed aboard and halfway across the river the scorpion gave the turtle a mighty sting. As they both sank to the bottom, the turtle resignedly said, "Why did you sting me? Now we'll both die!"
The drowning scorpion sadly replied. "Because it is my nature."
As such it only makes sense that businesses use it to engage with their community.
I am not talking about marketing to that community, although some marketing is reasonable, I am talking about the customer experience and customer service enhancements using Facebook allows.
These kinds of problems do help to highlight why business users need to properly invest in their social networking activities. Doing it on the cheap, getting a mate to share the admin tasks, is a sure sign that the business has not given any thought to their social networking strategy.
Would you send some guy you meet at a cafe to represent your business at a trade show or conference? If you would then you are not reading this because you are in court waiting for your Bankruptcy to be finalised. If you are serious about your business do not give that level of access to someone whose pay you do not control. It really is that simple.
This is what happens when you don't have adequate password or system security and load dodgy OMG! I Saw what He did to .... malware. Some of life's little lessons are hard ones, eh. To be fair and equal, FaceB0rk needs to have better security on changing Admin settings. Challenge and Response for example.
> ' Facebook's spokesperson also said the site had a "host" of advanced tools to help people stay in control of their accounts, including login notifications, which let you save the devices you use to access your account, and "recent activity", where you can look at your recent activity and remotely close open sessions. '
Actually, the scare-quotes should have been around "advanced", not "host", since they are in fact not so much "advanced" as "dumb as a bag of spanners". Their goddam stupid login notifications page pops up every time I log in from the exact same IP address using the exact same PC, OS and browser, telling me that it's a new device and would I like them to remember it? Then it does exactly the same thing next time I log in; it never remembers a thing and I end up with dozens of exactly matching identical entries in my authorised devices list. FAIL.
In the past few days it's developed a new yet equally useless behaviour: sometimes, seemingly randomly, it tells me that my account is locked because there was a suspicious login, quoting at me my exact same IP/OS/Browser combination as always, but giving me a timestamp that's in the wrong time zone (USA west coast I think), thereby making it look (at least for a moment) as if someone actually did try to access my account when I wasn't online. DOUBLE FAIL.
This new behaviour started just after I sent a bug report to them regarding the failure to remember my authorised device. Presumably they misinterpreted this as a complaint that I'm being hacked and so put my account on some kind of double secret probation, and the bogus "Someone tried to log in to your account" warnings are their idea of "extra security measures". Hard to know though, because of course they didn't bother to respond to my complaint. TRIPLE FAIL!
So are these people removed from the admins list, and in their place is a new admin? Or is the page left admin-less?
If there has been a new admin added, could it be possible to attempt to hack them back, and regain control of your Page? (and perhaps remove a little of their access while you're in there!)
To paraphrase Lily Tomlin...
"We don't care. We don't have to, we're Facebook."
So long as they have masses of clueless/ignorant users flocking to sign up, they're not going to care about a few users who've lost their access.
AFAICT, Facebook cares little about doing anything "right" in the IT sense, including security and change verification. This matter is just another reason to not get near it, no matter how many clueless kiddies sign up.
Money is required to fix this.
The guy in the story should go to court and have an injunction served on Facebook to reinstate him.
He needs to put his hand on his pocket.
When Facebook start to regularly get slapped by lawyers, forcing them to return ownership of a Page to the legitimate party, just as domain registrars currently do, they will finally implement a systematic response.
As for those who criticize the use of Facebook to grow a business - it's where the customers are and where there is money.
Any serious businesss owner should invest in a website in addition to use of social media but they also need to understand that Facebook is a private playground and the rules keep changing.
The future of Facebook is a mystery - are people getting fed up or is it merely recalibrating its target market - but if it's not going away any time soon then a systematic solution needs to be found or business owners will always have concerns.
"Ali Naqvi, owner and director of 123vouchercodes.co.uk"
If you look at the website, it's clearly not a cheap job from VistaPrint.
This guy is complaining that a substantial source of traffic has been taken away and he'd like it back.
Where was he not spending where he should have been? How could spending money somewhere have prevented this?
Not spending money has nothing to do with getting him into this problem.
Maybe businesses who are getting a good fraction of their business from facebook should get together and suggest having some kind of premium service where they can get the service they might want (backups, extra security, good customer service in case of issues) in return for some appropriate fee that makes it worthwhile on the part of FB.
Face Book is using you and all of your followers and their associated information to make money from advertisers. The information you provide is the "cost" of using the site.
The Brand Awareness and Goodwill generated by the client / businesses uses of the site are considered tangible assets. Goodwill can and is actually assigned a dollar value on a companies book. These are also the Quid Pro Quo payback the client / business gets in return for providing their information and using the services of Face Book.
By ignoring this problem Face Book is depriving the business of the value of their return in the business relationship.
IANAL ( I Am Not A Lawyer) but if I can see and state such an obvious relationship a lawyer would not have a problem stating a case in court.
The problem then becomes a simple math problem. Cost of going to court versus the cost of the lost business.
If the Face Book account is generating adequate business lawsuit might be worth trouble and appropriate.
>>"By ignoring this problem Face Book is depriving the business of the value of their return in the business relationship."
Facebook could perfectly easily say "Bored Now!" and delete any or all of its services without needing to give any warnings to users other than those explicitly guaranteed in user agreements. *Are* there any such guarantees?
Even if they may benefit from there being visitors to any content I put there, that doesn't imply any kind of ongoing obligation on their part to provide me with my benefit in future any more than I have an obligation to keep my pages interesting.
"The spokesperson also said that Facebook Pages could not be hacked and said the only way they could be taken over was if the email and password login were found out somehow, for example through phishing"
I'm sure Sony said the same about the Playstation network and look what happened there. What they mean is that they won't admit it if they did get hacked just blame the user for loosing their password.
Sounds like the best way to get rid of accounts/pages you want to get rid of but don't really have a legitimate reason to do so. Assign the rights to someone else or possibly even nobody so the only recourse is to have the original owner work to get rid of their own page and possibly limit what they are capable of doing again. I'd be curious to know if this occurs more on new or older accounts.
Hey, the only reason I'm on facebook is because a few mates insist on posting stuff and then telling me, "It's on facebook!". I only go to facebook when I want to get up to date with said mates. If they want to get u pto date with me, they know my number and email, and they can call or write. And no, neither current contact details appear on my essentially dormant facebook page. And if facebook don't like it they can revoke my admin rights. Frankly my dear, I don't give a damn!
Surely it is more of a risk giving access back to people who have left. I fire someone who set up a Page, remove their privellages, they are resentful, get reinstated by facebook, they post harmfull stuff, and remove my admin rights, i complain to fb, repeat...isnt that the alternative, and isnt it more likely?
It's bizarre. All this hoo-harr about them deleting hacked pages; and yet having followed Facebook's instructions TO THE LETTER I cannot regain admin access to my (former) business' page (which has NO admins). They simply ignore the request (submitted as per their process). They won't delete the page, they won't give anyone admin access, and so the (former) business sits there for everyone to see despite having ceased trading two years ago.
The fact that they're deleting pages somewhere shows that the relevant department is active and doing stuff that people DON'T want... so why won't they do the stuff people DO want them to? Crazy, crazy system.
I'm firmly in the camp of just deserts.
Anyone who chooses to punt their personal or business data, to an offshore organisation that you have no legal relationship with, where the org. has no enforcable liability to me/you for the continuous access to, safety of and security of that data -... well just think about it. It's like giving a random stranger some money to keep on a blind trust that you'll ever see money or stranger again.
I'm not saying a business should not use Facebook, have no problem with those who do as long as their eyes are open and the understand where they stand in the relationship. But if same people would be all over the internet bleating when it all goes wrong, don't do it in the first place, because in a way they are only objecting to their own stupidity and ignorance.
It's not like the this is the first time users (and businesses which are actually just more users to Facebook regardless) have been screwed over. After years of reports, I find it very difficult to have sympathy for any business who chose to use such a flawed tool as a mission critical part of their revenue stream. In fact, any "business model" that can function off of how many "fans" it has instead of actual sales or paying contracts, I have little sympathy for anyways. More MLM or pyramid scams, this world does not need.
If it's just advertising or marketing a company needs, it is really irrelevant how many followers a company has as long as it's presence is out there to attract new business.
Depending on a social network with a bubble-oriented "social" business model that survives by fleecing the unsophisticated to provide revenue for another "company" with the exact same MO? And depending on that same network when it has failed others in similar or worse fashion many times in the past? Someone is getting what they deserve, IMHO.
If you really make yourself dependent in any ways of Arsebook you don't deserve better than to be screwed.
It's a nice extra to whatever you do, a little vanity you can grant yourself, but keep it on such a level that you
A) can perfectly fine live without it
B) nothing you publish couldn't be written on a billboard on your capitals main square
C) your backup plan ensures you reach everyone you have been in contact with via Arsebook to explain whats going on if someone does things in your name you wouldn't
Only then you will be save.
And same rules apply to all social media platforms and the internet per se!
"Arsebook" and "security" can only coexist in the same sentence in the immediate presence of a negation, or if meant as a joke....
(Same applies to "Internet" and "privacy"...)
You might want to think that everybody should have understood this much by now.
Yes you'll be "save" from increased sales. If a huge proportion of your would-be customers EXPECT to find you on FB then you have little choice... you tap into that market while you can and hope it doesn't go wrong. Obviously a business model which depends on FB is bad but if it doubles your revenue when you add a FB page, losing it would be a severe blow.
Now, Facebook just added a "Protect your page" feature that will block the possibility for a 3rd party account to wrongfully gain admin rights given that you prove you're the rightful business owner by sending a bill's photocopy or registering a "professional" Email address related to this business as a "secondary Email address".
So far so good. Except that in the guidelines for registering a new Email address, PROFESSIONAL EMAIL ADDRESSES ARE FORBIDDEN (info@ webmaster@ admin@ etc.).
Did ANYONE at Facebook actually know about system regression, integration tests and QA??
Biting the hand that feeds IT © 1998–2020