
All you FaceBitches
are belong to us.
Facebook has found an innovative way to encourage use of its email service: reach into users' mobile phone address books and change the email addresses stored against each contact to their Facebook email account. It has emerged that Facebook's war on competing services now extends beyond the manipulated Timeline and into …
Clue to the clueless: so Facebook updates your mobile contacts.
Then the changes get synced back to your Gmail contacts.
Then the changes get synced with your Outlook address book.
At which point Facebook has inveigled itself into all your contacts data in a way you'd be VERY unlikely to have wanted, and will get copies of all emails you send via their addresses. Now, I don't know where you come from, but in the UK that could very well fall under the Computer Misuse Act and earn its perpetrators solid jail-time.
I don't have the facebook app installed. I do have my contacts linked to their facebook profiles though so that Sense UI can scrape their accounts for extra contact info. It's just a useful feature that means I don't have to manually enter missing email addresses etc.
When facebook changed everybody's default email to @facebook.com guess what happened to every email address in my contact list...
"what's the advice for those of us who haven't rooted our phones and thus aren't actually able to remove the "operator installed" apps."
Don't allow the Facebook app to upgrade to anything beyond the version that came with the phone - and hope it's a version that doesn't do insidious things like this.
'what's the advice for those of us who haven't rooted our phones and thus aren't actually able to remove the "operator installed" apps'
I don't use neither Facebook nor mobile phones so I may be way off the mark, but... isn't there anywhere in the application where you enter your account details? If so, presumably setting those to a non-existing account should stop the app working. Or does the ruddy thing do the contact book fiddling business without even being logged in with a Facebook account? If so, talking to your favourite consumer group / solicitor may be in order, as the legality of the operation seems a bit dubious to me.
"what's the advice for those of us who haven't rooted our phones and thus aren't actually able to remove the "operator installed" apps"
1. Disable auto-updating for the FB app from Google Play
2. Clear all the data for the app by long-pressing the app in Launcher and select Application Info, then click "Clear Data"
This should make the FB Android app unused and uninitiated.
SHUT DOWN YOUR PHONE completely, then restart (do NOT reboot)
Now Never, NEVER EVER use the FB app, use the web interface instead
Just did this on my Experia, worked fine. You could probably just turn off the synch in "settings > accounts and synch" (same place you can delete the account by the way), but I never use the app anyway so just starved it as an earlier poster recommended.
I've just gone through the utter mess that is my Android address book and see no evidence of this happening. Quite a few people in the address book have their Facebook connection indicated but there are no facebook.com email addresses.
Now, if Facebook are doing this, I suspect it could amount to destruction of property. Not the kind of thing they'd want to be caught doing.
If I remember correctly, Google stopped any Facebook contact integration when Facebook didn't want to 'share' back.
So, I might be wrong, but perhaps this only affects older versions of Android? My ICS Android phone doesn't have any Facebook contact integration even though I have the app installed...
When you install Facebook app, it asks you what you want to sync. Everything, just contacts or nothing.
This is the Android security measure, it is basically Facebook's app, asking for permission to access your and update your phone.
Anyone who chose anything other than 'nothing' deserves everything they get.
I too disabled the Facebook contacts syncing. It annoyed the hell out of me when I first got my Galaxy S about 18 months ago, so much so that I wiped the phone and started from scratch again, so now whenever I do wipe the phone or upgrade the version of Android (such as CM9 which I installed last week) I make sure the Facebook app doesn't sync.
I think most of my Facebook friends don't bother updating their mobile numbers and contact information on Facebook anyway when they get new phones etc (hardly any of them port their numbers, they just change their phones and send out lots of texts to friends saying... "here's my new number").
I presume this is also related to Facebook changing saved e-mail addresses on Facebook to @facebook.com e-mail addresses recently. Oh well, the 2 or 3 contacts I have e-mail addresses stored for are okay.
Mine's the one with the little black book of numbers in the pocket.
Rob
Regarding your destruction of property comment - does it breach any computer misuse acts? Or is this going to be yet another case of "individual hacks company and goes to jail, company hacks individuals' data by the thousands and gets off with it"? Can they be sued for the cost of replacing the data/fixing the problem just like an individual would? Thought not.
If you have a phone with a pre-installed version of facebook, you can clear the data for the app (under settings) and it will no longer have your credentials to login to the filthy malware pedlar's servers.
something like (depending on version):
settings -> apps -> filthbook -> clear data
Epic.
Freaking.
Fail.
Wonder if this falls afoul of computer misuse act, etc. They changed data on the user's phone without notice or permission, may have lost valuable contact info... If you only had their email, they have a FB account but don't log in regularly... Oops!
"UK needs to invent a prison like GTMO in Cuba before they extradite him"
Last time I looked the Tower of London is still standing and no doubt has a cell that could be hastily cleared of touristy flim-flamery.
I'll be setting up a stand selling tomatoes, somewhere within chucking distance of the cell window I think.
Or we could just banish him to Tristan da Cunha.
Computer Misuse Act, 1990. Section 1
http://www.legislation.gov.uk/ukpga/1990/18/section/1
Unauthorised access to computer material.
(1)A person is guilty of an offence if—
(a)he causes a computer to perform any function with intent to secure access to any program or data held in any computer [F1, or to enable any such access to be secured] ;
(b)the access he intends to secure [F2, or to enable to be secured,] is unauthorised; and
(c)he knows at the time when he causes the computer to perform the function that that is the case.
(2)The intent a person has to have to commit an offence under this section need not be directed at—
(a)any particular program or data;
(b)a program or data of any particular kind; or
(c)a program or data held in any particular computer.
Possibly section 3 as well, but that may depend on the EULA
http://www.legislation.gov.uk/ukpga/1990/18/section/3
I must admit, I deleted the Facebook App sometime ago and despite their nagging website I refuse to install it.
IANAL - I wish I was though!
"Possibly section 3 as well, but that may depend on the EULA"
I don't think that EULAs can be used to absolve a person of criminal responsibility.
I can try adding a clause in the next bit of software I write to give me the power to break into the users home and mess up their stuff, but I don't think it will stand up in a court of law when I'm tried for breaking and entering.
I also had a carrier locked install of Facebook on my mobile. This was the sole reason that drove me to root my handset and destroy this work of evil. And my phone is running twice as good on a Custom ROM :-)
I wonder what line in their T&C's permit them to make changes to personal data on a personal mobile device that is completely unrelated to the FB App or FB service? Sounds like an offence under the Computer Misuse Act (or the US version) - unauthorised access to and modification of data. Even if this is allowed through their T&C's my next thought would be - unfair contract terms. What about damages for loss of this data, and who's going to re-populate the original email addresses?
OK we're not exactly short on examples, but yet again FB prove they treat their users with utter contempt. I'll give it a couple of weeks until FB say sorry, didn't mean to, and won’t happen again. Only so they can do something equally insidious 3 months later. And so the cycle repeats, as we have seen time and time again. It's time for FB to die. But even if millions of their users close their accounts to protest, welcome to problem number two. That deactivating an FB account doesn't delete any the data they have on you, so they can still carrry on profiting from selling your data (albeit perhaps anonymised).
FB is nothing but one of the biggest data scams in modern history. The thought process must have gone like this... "Hmmmm personal data is valuable. We can profit from this. But how do we get people to handover their sex, age, interests etc? I know, let's call it social networking, where under the rouse of staying in touch with friends, we'll get people to hand this stuff over to us freely"!
AND IT WORKED! 900 MILLION PEOPLE FELL FOR IT!
I was going to install the Facebook app until it said that it wanted access to the phone's "Contacts". I can see absolutely no technical or functional requirement for that -- after all, you can use Facebook on the same device through a web browser without "Contacts".
I very much do not want people's mail addresses and phone numbers to leak into the Facebook environment, so I won't install that app on my phone.
However, reading the CNET article, there are a couple of mentions of synchronizing phone contacts from Facebook contacts before these changes, suggesting that it's the existing issue of your Facebook contact info being overwritten with @facebook addresses, which you then (voluntarily!) export to your phone.
I've noticed when installing apps that almost everything demands access to almost everything, often for no apparent reason. I don't know of this is also the case for users of iPhone or the five people who own Windows phones, but it seems to be how it works on Android. I suspect that, with most of what I install being free, all those apps are loaded with spyware. That is what droidwall is for.
Everyone who has the FB app screwing with their contacts should immediately begin a small claims suit for the maximum amount allowed by their local laws. IIRC, here in California it's around $10,000. Do not join a class action, make FB defend itself in several million individual suits. Yeah, yeah, T&Cs blah, blah, blah, they still have to respond to each suit and maybe death, or at least being slapped silly, by a few million cuts will "learn 'em a thang or two".
Icon is only for the little mutha Zucker.
Of course, as many pieces of Android malware have already demonstrated Facebook could easily work round whatever permissions lie between their app and your address book. Google may well have fixed that bug, but I bet there's millions of older devices out there that are still vulnerable.
This post has been deleted by its author
Useful information, thank you!
Until of course FB choose to forcefully enable contact syncing, given the amount of history they have in making arbitary setting changes on an opt-out after it's happened basis without any prior consent.
Hmmm, so legally, I suppose FB could argue that a user willfullly enabling contact syncing gives them user consent to to process a mobile phonebook - but I wonder if that consent could be deemed to include including modifying the phonebook contents...
Below is an FBI quote from today's El Reg article on the guy who hacked Scarlett Johanssons email:
"In most cases, Chaney accessed the administrative settings on the victims’ accounts so that all of their emails would automatically be forwarded to a separate email account that he controlled."
Is this not exactly what Zuckerberg has just done?
The prosecutors in that case are asking for 6 years in prison. It would have been more if he had shown any intention to make use of the information...
I wonder if it does something similar on a pc, I installed FB as a mess-about one evening. Im pretty damned sure I told it to not look anywhere and a few visits later its popping up not only my family but old flames that I hadn't seen in over 10 years.
How the fook does it know this stuff?????
Possibly members of your family and "old flames" allowed facebook to slurp their contacts lists. Farcebook lives by building webs of connections to exploit. You personally don't have to do anything, as long as someone who knows you did something, the web will be extended.
I'm assuming this is screw-up, rather than conspiracy. It's an unintended consequence of shoving their crappy Facebook email onto everyone's page. Compounded by arrogance, and the usual lack of testing.
I assume they don't do testing, given the quality of their mobile apps. And what they laughably call their user interface...
After all, they slurped the data out of people's address books ages ago. So I'm sure the last thing they want to do is draw attention to it.
What a bunch of arses!
This is just Facebook's reply to last week's Google massive FAIL on Google+ Events launch that produced hundreds of spam messages.
Facebook just wanted the attention now. As we all know there's no such thing as bad publicity.
...and I hate the way that most youngsters can't seem to live without it. It is especially annoying when row after row of smartphones light up a cinema, with dopey teenagers sending their tedious messages to each other, even after a movie has started. I suppose I should feel sorry for them and their wretched chavvy lives, but – thanks to Zuckerberg – he's made a monster out of me and I want to thump his hapless victims nonetheless.
Wooohooo, changing people's data behind there backs, now there's a way to piss people off!
In the UK the law says that a company must securely store data within the limits of the permissions given by the data owner, must correctly process the data and must ensure that the data is accurate. Changing recorded email addresses, especially in a database that distinctly isn't Facebook's (i.e. the address book on your phone) is breaking the law in several ways, all at once! Even if their T&Cs say they can that'd likely be judged to be an unreasonable condition.
Expect things to get worse than this foul up. Now that they've got angry shareholders to placate with profits and rising share price they're going to have to find every which way of extracting more data. Of course, the more they do this sort of thing the more likely it is that they'll lose members, just like MySpace did.
If you want to stop Facebook dead in its tracks - edit the hosts file (needs root access on linux or android, admin user on windows) and add lines like
127.0.0.1 facebook.com
(do this for all facebook web addresses that you want to block)
This will prevent any application on the device connecting to facebook.
Who wants to bet this is a side effect of their recent "land grab" of changing everyone's published contact details within their own site.
I'm hoping it is, and then hoping that the engineers "looking into" this issue decide that the only solution is a "roll back" of the contact details changes....
Oh look, a flying pig...
I live in hope for the backlash against social networking, and that one day everyone will wake up and realize what they did by giving Google/Facebook/LinkedIn/etc access to their personal data.
I fear that when that realization dawns it will be too late.
The stupidity of the average Internet user knows no bounds.
With the new features of google calendar / google + doing events happily (must test that), I think I will be scrapping my facebook account altogether. Or at the very least minimising it, never, ever logging in, and using "email me" feature for messages / invites. That'd be that. And recommending others do the same.
See you on Google +!
or 2 subjects that seem to inflame people to downvote me - no matter what I say, but what the hell.
When FB started, I thought it was a cute concept - sort of FriendsReunited plus - but I didn't see the need for it. It struck me as the online equivalent of people who include 4 sides of A4 in their Christmas card about what they've been up to in the year. And then mass mail it to everyone. And I seem to have survived thus far without need to "go on Facebook". Meanwhile, all I hear are disater stories about people going to prison (when they signed up to FB and it emailed all their contacts - including an ex-wife with a restraining order). Numerous data leakages. Incessant tweaks to FBs "privacy policy" (too late for the Sister in Law who was shocked to discover that our lad was able to see posts her friends had made which were rather risque), uploaded images being assimilated into the FB conciousness. Creepy companies setting up profiles and stalking you. The rather sinister undead account surviving deletion nature of FB....
No thank you very much.
The upsetting thing, is now I have become a target for FB. As my email address is hoovered up more and more, as people I know sign up, it appears to have become aware of an FB refusenik. *I* may not be an FB member. But FB can work out from the people I know who *are* enought to be of value to marketing agencies. In fact, that is the hidden value to FB. Not only can it sell valuable data on it's users. Once it has reached a critical mass, it can start to harvest useful data on people who aren't users, proving that the measure of a man is the company he keeps. And unlike flat forums, or usenet, it's not use trying to create a shadow identity with Facebook. Once your name is there, your friends will find you, and helpfully correct any attempt you make to disguise yourself.
All that said, it probably fits that I don't like the X factor, Britains Got Talent, Big Brother, Strictly etc etc ...
I got my lad to work out how many of his 300+ FB "friends" would lend him a fiver. For a brief moment, he actually got my point.
Given that Facebook is free (for now) I would it's fair to say it's certainly value for money.
On a more serious note, I would be curious to know on a commercial level (peoples personal use doesn't really bother me) has Facebook actually delivered any revenue to anyone *other* than Zuckerberg ? Once you factor in the time people spend on FB when they are supposed to be working.
If I understand it correctly, it's the Facebook App (i.e. the slow, unstable unreliable pile of shite that is prompted to be installed everytime you go to the facebook page on a mobile) that is doing this. Adding facebook sync to the Android contact manager does not overwrite email addresses as each contact source's data is maintained separately and only shown together in the user interface - which is how it should be.
I uninstalled the crappy FB app a while ago and just used a browser to access facebook - the experience was far better, especially when prohibiting the asshat "mobile" web version and forcing the use of the normal desktop web version. For example, while the app took 3 minutes to not show a list of status updates or messages, the web page would display them pretty much instantly. I've yet to understand just how or why they managed to make the app so useless.
So, the author of the source article is an idiot. The "separate contacts" thing in iOS is an iOS 6 BETA thing (I can tell by his screenshots); FB is just one more source of contact info, and the iPhone seamlessly combines them where it can, but where there's not a matching email address it cannot, and leaves them separate. Of course you can't delete them, can you imagine what users would say if you could unfriend someone accidentally from your phonebook?!
I wonder if the email addresses thing is similar, too. What if you didn't enter those emails yourself, but they were linked from the person's Facebook account? Once they're made private (as Facebook recently did), they disappear.
Basically, Facebook can't win. They usually get stung for not respecting privacy, but this time we tell them they've made things inconvenient and shouldn't have done it? I loathe FB and suspect their motives as much as the next man, but that source is unfair, uninformed tosh.
Is the first aggressive cancer of the networked age.
It needs to have controls placed upon it. Surely making unrequested changes to your data on the phone is covered under the Computer misuse act 1984 and the amended 2000 legislation. If not it must certainly be covered by Data protection regulations. At least here in the UK, I am sure other intelligent* nations have there own applicable regulations
*looking at you USA.
I actually read the linked article, and it seems to me from reading that, that it's only iOS 6 that is affected. Since no-one outside of the dev community is really using that as yet, I don't see how this will affect iOS users.
I checked my contacts today, I run iOS 5.1.1 and the latest FB app, and none of my contacts have been altered, from my sampling of contacts that I interact with on FB.
Of course, I do agree with the sentiment expressed here that this is heinous etc, but also agree that it's probably a mistake rather than deliberate. Also, I'm not so sure about people saying it's illegal. IANAL, but surely agreeing to a *synchronization* of your contacts with FB actually does specifically allow for both export of contacts (and details) from your phone, and import of contacts (and details) from FB.
Now, FB doing the replacement of email addresses in FB with their own email addresses was pathetically stupid and outrageous, but, it happened, and so then it's easy to see that if you've also agreed to sync your contacts with FB, that once there's an update to one of them (in this case, FBs record of the email address has been "updated") then the other (your phones contacts) gets the new details.
Sync is pretty useless as a concept if it doesn't do this after all.
Not approving or excusing, just trying to put it in a more reasonable and less shouty shouty shouty context.
I've killed my facebook account now. Its been building up for a while to the point where I have no faith that facebook wouldn't do anything if they could make a buck out of it and I just don't trust them with any of my data any more. The only reason they get away with s**t like this is because most people just take it rather than stopping using a service and company they don't like. Apathy is the cause of many a problem these days
Stipulating the reports as fact, I suspect Facebook's M.O. on this will be, "oh, we didn't realize people wouldn't like this new feature, so please hang on while we fix it." Meanwhile the damage that has not already been done will continue while it releases an update to correct the behavior, but the update will be user-instantiated or have problems pushing out, etc., during which time the behavior will continue.
Facebook won't have any culpability as the notice of this behavior is buried in an update to the terms and conditions, user license agreement, data usage agreement, or other document hidden in some sub-basement somewhere in a locked filing cabinet with an Ethernet cable handing out of it. (It was meant to be Internet-connected, but obviously the cabinet wasn't jiving with our DHCP server; our bad.)
While Facebook is replacing the email addresses of your contacts matching existing Facebook users, the query to the Facebook API likely includes existing email addresses and is captured at the Facebook system so they now have records -- accidentally, of course -- of everyone in your contacts who isn't a Facebook member. The queries will likely also include birth dates, home addresses, main and alternate phone numbers, amongst other data used as discriminating data to ensure the query from your contacts returns the correct Facebook user. Accidentally captured, of course, and not used to build any temporary or "ghost" profiles. Of course. After all, Facebook wants to ensure that your information maintains its integrity.
Paris, on accident, of course, bitches.
Many brokers and RIAs use mobile phones for email and are required by the SEC to be supervised by an audit company (such as SMARSH, Proofpoint Archive, etc).
This action will reduce consumer protection or will subject Facebook inboxes for legal subpoena to compliance auditors.
Regardless, this has created a huge mess for IT Security, your privacy, and how to separate work and business communication.
.. that FB gets a minuscule fine and gets to come up with another way to steal acquire customer data illegally. They will eventually be caught out, pay a fine, and find a new way..(etc).
Basically, for Google and Facebook alike, paying fines for flat out ignoring the law is probably written into the accounts as the cost of doing business..
This post has been deleted by its author
I'm one of the few who frequents facejack, erm, facebook rarely.
Never installed the app and tend to use the web interface to log on when I'm VERY bored and want a laugh at what everyone else I know/used to know/met only once etc is going on about in their lives.
Just wait until the days of the internet connected fridge are upon us as they've been predicting for years now - the status updates about 'joe bloggs has just run out of milk' will fill in the gaps of endless updates about who's gossiping about who and what they've just eaten/drank/regurgitated.
What's next? Reality TV where people are locked up in a house and on camera 24 hours a day???
Bugger, that's already here isn't it? ;)