back to article As Zuck apologizes again... Facebook admits 'most' of its 2bn+ users may have had public profiles slurped by bots

With his company's ongoing privacy crisis reaching new, even more enraging heights, Facebook CEO Mark Zuckerberg faced the press on Wednesday to apologize for letting data harvesters run rampant on his site. "It is clear now that we didn't do enough, we didn't focus enough on preventing abuse," Zuckerberg told reporters. "We …

  1. Doctor Evil

    "Zuckerberg noted that as long as there's money to be made from the data his $448bn business collects, the Cambridge Analyticas of the world will be all too happy to take it.

    'We are not going to be able to go out and find every single bad use of data,' he said."

    No one is asking you to do that, Mark. It would have been nice if you'd done anything to prevent the blatantly obvious ones, though.

    1. veti Silver badge

      He could always try "not selling it".

      1. JetSetJim

        >He could always try "not selling it".

        At the very least they could not keep fucking around with privacy settings and defaulting everything to 'let them sleep from the blood of the masses'. Thought I had my Facebook locked down but turns out the was another set of settings that allow contacts apps to sleep their friends data. That was never there when I first started to get protective of my data, and I doubt I was informed of it unless it was printed in a microdot on page 34 of some updated ts&C's.

        Fuckers, e lot of them. It would be nice if this buries FB, but I doubt it as the are too many sheeple in the world

      2. Mage Silver badge

        Re: "not selling it"

        Actually STOP collecting it and delete what you have.

        Any one deleting [account access too] Facebook is missing fact that there is no evidence Facebook actually deletes.

        Facebook is toxic.

        It does nothing not possible without so called Social Media, except "stealing" everyone's information and interaction.

        The only "innovation" is the massive invasion of privacy and exploitation of people. Even 3rd parties not Facebook "members", via 3rd party website "F" icon scripts and information posted by users. Encouragement on Twitter & Facebook to identify person in photos etc.

        1. Matthew 17

          Re: "not selling it"

          But that's the only reason the service exists and has value / makes money.

          If they relied purely on paid adverts they'd be small beans compared to what they are now / were.

    2. The Man Who Fell To Earth Silver badge
    3. Anonymous Coward
      Anonymous Coward

      @ Dr Evil

      "No one is asking you to do that, Mark. It would have been nice if you'd done anything to prevent the blatantly obvious ones, though."

      Come along now, I think you have to admit you've never done that much bad stuff, and you should now hand the title of "Dr Evil" over to Zuck?

    4. Doctor Syntax Silver badge

      "No one is asking you to do that, Mark"

      Not yet. But how many fines of 4% of turnover are needed to bleed the whole corporation to death?

      1. Ken Hagan Gold badge

        "how many fines of 4%"

        I imagine that 1 would be sufficient to close any legal presence they might have within the EU. Perhaps a more interesting question is how many european users would then feel that they ought to leave the platform. My guess would be less than 4%, which means that it might be cheaper for Zucks to leave the EU *before* this law comes in.

    5. bish

      If the last couple of weeks have shown anything, it's that Zuck is the absolute king of the straw man. Whether it's his 'maybe I shouldn't be the one in charge of Internet censorship' or this 'I can't fix everything', he's a master at trotting out arguments that make clear he's just this guy, you know, and can't be responsible for everything Facebook does.

      Which is perfectly reasonable. Except that he's their CEO, and responsible for everything they do.

  2. Anonymous Coward
    Anonymous Coward

    Mega-Problem

    Looking forward to Zuk's Apr 11th testimony. But the current talking points aren't enough. There's a much wider problem here. Even if you close out your Facebook account etc, Zuk's Industrial Advertising-Spying Complex tracks you everywhere anyway (both users and non-users).

    Everyone is tokenized and that activity is tracked across all sites that share data with Facebook, sites with FB Like buttons, and Experian plus other Data-Brokers who have their own tokenization. This is a major privacy issue.

    If you're not even a FB user, how do you opt out? Will Washington pick up on this vicious cycle... And how about managing info held by Data-Brokers? Congress has done zuk-all about Equifux! Want to opt out? Hell is waiting for you there. Not many Investigative journalists have succeeded at that joy!

    1. Cavehomme_

      Re: Mega-Problem

      Just install uBlock Origin and ramp up the filter selection and you’ll be pretty much ok in fecking up their attempts to track you.

      1. wolfetone Silver badge

        Re: Mega-Problem

        "Just install uBlock Origin and ramp up the filter selection and you’ll be pretty much ok in fecking up their attempts to track you."

        You should also get the Privacy Badger plugin from the EFF for your browser, which tells you what is tracking you and allows you to block it.

        1. GIRZiM

          Re: Mega-Problem

          Privacy Badger STILL doesn't do enough and STILL doesn't do it WELL enough after all these years.

          uMatrix is a better offering - AND it blocks things at source, so they never even make it as far as the browser in the first place.

          Throw in Decentraleyes to cut out the tracking on many of the objects you DO choose to allow through (fonts, widgets and suchlike).

          uMatrix, well, I switched to adNauseum for the purposes of ethical adblocking (the small site owners still get paid) and anonymity (good luck figuring which of [every advert on the page] were the ones that interested me) and it's based on uBlock Origin, but I never have to interact with the uBlock part of it, so personal choice really but, yeah, if you're not going for adNauseum then uBlock Origin for sure.

          Disconnect.

      2. phuzz Silver badge
        Thumb Down

        Re: Mega-Problem

        Installing an adblocker doesn't stop Facebook from tracking you through your friends.

        Now we know that FB was pulling the call and message history of Android users. So, if one of your friends used the Facebook app on Android, then there's a good chance that Facebook know at least the times and lengths of any communication you had with them. Of course, they already know your phone number by scraping the contacts of any of your friends who clicked the "help me find friends by importing my contacts" button.

        You don't need a Facebook account, or to have ever touched one of their cookies, for them to know quite a lot about you. And for those of us in that position, what can we do? It's not like we can ask for our accounts to be deleted because we don't have one, just a bunch of data tied to our friends accounts.

        1. GIRZiM
          Mushroom

          What Can We Do?

          >And for those of us in that position, what can we do?

          Have you seen 'Fight Club'?

          Or 'Mr. Robot'?

          I don't just want to set the world on fire... ; )

      3. JohnFen

        Re: Mega-Problem

        Unless you have friends and/or family who have FB accounts and mention you.

    2. Wade Burchette

      Re: Mega-Problem

      "If you're not even a FB user, how do you opt out? Will Washington pick up on this vicious cycle... And how about managing info held by Data-Brokers? Congress has done zuk-all about Equifux!"

      A politician's job is to get elected or re-elected; our wants and needs are a distant third. Elections are not cheap, so a politician needs financial help to get elected/re-elected. And the only ones with big enough wallets to help are large corporations. But they don't give money out of the goodness of their heart; they expect something in return. Nothing will ever be done by Congress no matter which party is charge unless the outcry is so great that it will affect their chances of being elected/re-elected. You don't bite the hands that feed you. The only way to fix this problem is to ask Congress to voluntarily cut out a large source of their income. You may get one or two to agree, but never half.

  3. Anonymous Coward
    Anonymous Coward

    "Changing the economy of the bad actors"

    He really is oblivious, isn't he? I guess "bad actors" get through the day by denying what they are. To quote Mr Zuckerberg: "Because they're dumb shits".

    1. SVV

      Re: "Changing the economy of the bad actors"

      Well, we'd all like to do this, and first off we should start with one of the biggest and one of the worst : your company. As the post above said, stop tracking everybody across the web, just cos they happened to visit a site that placed a Facebook icon on their pages. That is NOT granting explicit permission to you to do that. Don't try to palm the blame off on the websites for not reading the terms and conditions. Quite frankly, you get enough out of what happens within your site with users who choose to use it, you never had the right to epand out into the wider web and start building up data on non Facebook users, so delete all that data and stop it - immediately. Otherwise your economy is going to be changed for you by governments who, you will discover, actually are more powerful than you, and we will all have to suffer the unintended consequnces of the bad laws that they will rush through to show that "they are doing something".

  4. Anonymous Coward
    Anonymous Coward

    Leaks vs Breaches vs Hacks

    Data on up to 2 Billion users was exposed (on some level)... Welcome to today's number! Now, these things usually get revised up! So how about other Breaches and Hacks: Insiders / Outsiders... Errors/Mistakes.... Loss of Offsite-Backups... Stuxnet-class cyber-warfare.... Facebook & Google have state level targets on their back. Hackers now have access to state level hacking tools... <<< So when's the real number coming out ??? >>>

    1. Mark 85

      Re: Leaks vs Breaches vs Hacks

      <<< So when's the real number coming out ??? >>>

      Just assume it's everyone in the world at this point. The corporations own us.

      1. Anonymous Coward
        Anonymous Coward

        Re: Leaks vs Breaches vs Hacks

        Given that corporations are people too, at least in the US, you have to include them in the final tally. Come to think of it, when are we going to count myriad of myriads corpus electronic as well?

  5. pɹɐʍoɔ snoɯʎuouɐ
    Coat

    But, but, but.....

    The thing is, to a point, I have to agree with zucks....

    The only info that could have been gained from searches of phone numbers and email addresses is your public profile info that YOU posted.

    the fact that they now have closed off the search based on emails and phone numbers has made life a little more difficult for some. I found my long lost brother who I had not seen for 40 years based on an email address that I found. A quick search of facebook and we were in contact a day later !!!

    Also, paedophile hunters use the phone number search to identify targets when they have been sending filth to children over whatsap....

    The point is that its the people with bad intentions spoil it for those with good intentions who (at the moment) are the majority.

    Also, While advertisers are the prime income for facebook, making it free for users, adverts are going to appear... I would sooner the adverts be relevant to me than random shite.

    maybe facebooks should come up with a figure on how much per user they make from targeted adverts per year and offer a premium service at that price where you don't get adverts and your data remains private.....

    mines the bullet proof one, because I know I will get shot to death with down votes....

    1. GIRZiM
      Angel

      Re: But, but, but.....

      > maybe facebooks should come up with a figure on how much per user they make from targeted adverts per year and offer a premium service at that price where you don't get adverts and your data remains private

      That's an interesting idea actually.

      First off, however, there's the minor issue of their 'accidentally' rounding it up by a factor of ten due to a typo by a spreadsheet using intern - who has, of course, since been 'let go.'

      Secondly, though, it'd be an opportunity for Fakebook to demonstrate that it truly does want to bring the world together as one big happy family by only charging users enough to cover their share of the running costs with no profit margin. So, if it costs $10/month to keep one account open for one user then users should have the option to pay $10/month for an ad-free FB experience.

      We could even recognise our First World Privilege by each paying a bit more (say an extra $2/month each) to help pay for some of those in poorer nations to have an ad-free experience at our expense for a month each year (or limit the amount of personal data they give up in the first place). This idea could do with some finessing but I'm sure there are enough clever people here to come up with some workable proposition.

      Who wants to bet that Zuck's not THAT much of a philanthropist that he just wants to teach world to sing in perfect harmony though?

      1. Anonymous Coward
        Anonymous Coward

        Re: But, but, but.....

        I agree that it's an interesting idea however you run into the glitch around labor's and capital's shares of business's income. The historical split has been about 2/3rd to 1/3rd so that probably needs to be factored in as well for the monthly fee. Not that this is ever going to happen. There are certain services that I'm willing to part money for out there in the "cyber-economy" and this would be one I'd consider.

        1. Doctor Syntax Silver badge

          Re: But, but, but.....

          "There are certain services that I'm willing to part money for out there in the "cyber-economy" and this would be one I'd consider."

          But would you trust FB to provide it?

        2. GIRZiM

          Re: the glitch around labor's and capital's shares of business's income

          Far be it from me to suggest a reprise of the French Revolution with the 1% and their lackeys standing in for the aristocracy, my goodness gracious me, no.

      2. Anonymous Coward
        Coffee/keyboard

        Re: But, but, but.....

        "and offer a premium service at that price where you don't get adverts and your data remains private"

        What, you'd trust companies like Facebook and Google to honour their side of that contract?

    2. Dan 55 Silver badge
      WTF?

      Re: But, but, but.....

      The thing is, to a point, I have to agree with zucks....

      The only info that could have been gained from searches of phone numbers and email addresses is your public profile info that YOU posted.

      Sorry, explain again why on Earth Facebook should let anyone put in any e-mail address or phone number into the search box to get a reverse lookup? And if you can come up with a credible explanation for that and want bonus points, you can explain why their app slurping people's phone numbers is a good idea (so Facebook may have a phone number for someone who explicitly has not filled in an input box with their phone number on) and why Zuck lets it happen with apparently no bot protection.

      1. Roj Blake Silver badge

        Re: But, but, but.....

        It's not just that the app slurps phone numbers. It slurps all phone numbers in the slurpee's address book.

    3. Doctor Syntax Silver badge

      Re: But, but, but.....

      "The only info that could have been gained from searches of phone numbers and email addresses is your public profile info that YOU posted."

      I haven't posted anything there. But anyone with whom I've corresponded or given a phone number to may have that, and my name, on their mobile. If they also use that mobile for FB then that information will have been harvested despite my not having posted anything.

      FB, between now and GDPR coming into force, need to purge every bit of data of EU residents and potential EU residents who are not account holders from their system because they don't know who might challenge them and their transgressions are surely egregious enough to attract the maximum fines.

      1. Ken Hagan Gold badge

        Re: But, but, but.....

        "I haven't posted anything there. But anyone with whom I've corresponded or given a phone number to may have that, and my name, on their mobile. If they also use that mobile for FB then that information will have been harvested despite my not having posted anything."

        That's clearly private information. Zucks was claiming that he has only <em.deliberately</em> disclosed public information. From here we can go several ways:

        1) Zucks is lying and actually my privates have ended up being published to any scraping tool that wants them. Bad Zucks. Nail him to your local Data Protection Laws.

        2) Zucks is telling the truth and a lot of people need to look up the meaning of the word "public". Stupid people. Don't say we didn't warn you.

        3) Zucks is telling the truth but has cocked up on his own data protection so many times that there is little difference between public and private FB data if you have the right scraping tools or are willing to pay the wrong people. Bad Zucks, but not quite as bad as (1) because who the hell could possible expect FB never to screw up. Oh wait ... stupid people, but perhaps not quite as stupid as (2) because 10 or more years ago this kind of inevitable failure wasn't something that Joe Public would have expected and nor were its larger social implications widely understood.

        Based on the quality of the mass media reporting of this issue, Joe Public (or Joe Journo) still doesn't understand the inevitability of such leaks and is only slowly coming to terms with the wider social consequences of what Bad People might do with a lot of private information. Wake me up in 2030 and we'll see if today's teenagers have learned anything from their parents' mistakes.

    4. Anonymous Coward
      Anonymous Coward

      Re: But, but, but.....

      Yes, you do have a point. Several good ones. However, there seems to be mindset that everything on the internet should be "free" - even companies that provide a worthwhile service, such as newspapers, are having a tough time getting people to pay for online access to the same content they were willing to pay for when it was delivered to their door.

    5. JohnFen

      Re: But, but, but.....

      "maybe facebooks should come up with a figure on how much per user they make from targeted adverts per year and offer a premium service at that price where you don't get adverts and your data remains private....."

      If Facebook (or any company) has data about you, there is roughly a zero percent chance that it will remain private in the absence of regulations that provide harsh penalties for revealing it. Sooner or later, that data will be monetized. If not by the company that collected it, then by somebody else.

      The only realistic option is to just not use the damned service.

      "The point is that its the people with bad intentions spoil it for those with good intentions who (at the moment) are the majority."

      The other problem is that Facebook specifically counts as "people with bad intentions".

  6. Anonymous Coward
    Anonymous Coward

    Would someone in charge call this lying zuck of shit out

    "The scraped profile information was limited to what was publicly viewable, Zuckerberg told reporters "the vast majority of the data that Facebook knows is because YOU CHOSE TO SHARE IT."

    .

    Dear Zucky,

    Don't remember having any choice over sharing 'Banner Photos'...

    That's because you made it mandatory you sleazy slurping fuck!

    Has anyone control over Experian/Acxiom data-broker sharing too?

    regards

    #DeleteFacebook

    1. veti Silver badge

      Re: Would someone in charge call this lying zuck of shit out

      I have never chosen to share so much as a single keystroke with Facebook.

      It follows that if Facebook knows anything about me, this statement is false, at least as far as it applies to me.

      And I'm pretty sure that even Facebook users did not make anything that could meaningfully be called a "choice" to share their phone and SMS metadata, every link they click, every newspaper article they read...

      1. Anonymous Coward
        Anonymous Coward

        'I have never chosen to share'

        Firms have been uploading CRM databases to Facebook for over a decade. Are you in there by any chance? How about low-hanging-fruit and data-naive people in your life... Have any of them shared your details with Facebook through contact sharing or Android message slurp? Its unlikely that your phone / email have escaped Facebook's shadow profile databases. That's just how good the Faceborg are at hoovering data up!

        1. Anonymous Coward
          Anonymous Coward

          Re: 'I have never chosen to share'

          Don't forget when iOS lax security allowed Facebook app to slurp your phone's contacts and upload it without any user permission needed at all, just installation of Facebook was all that was needed...

          https://dcurt.is/stealing-your-address-book

          It's interesting that WhatsApp, Facebook owned hasn't even started to be looked at yet plenty of fun in-store for anyone dumb enough to use anything related to Facebook.

        2. Anonymous Coward
          Anonymous Coward

          Re: 'I have never chosen to share'

          I was forced at work to create a facebook at work account, we used sharepoint for internal stuff (internal sharepoint) then was the migration of our parent company to the 'cloud' office 365, out sourcing the internal infrastructure and then facebook at work. I didn't follow the email that was sent out to go in to facebook and fill in my details for months, then i started to get emails from specifically to me from higher up saying sign up is mandatory. So had to go and do it, filled in the minimal details, disabled all notifications etc and have not done anything since with the account.

    2. Anonymous Coward
      Facepalm

      Re: Would someone in charge call this lying zuck of shit out

      #DeleteFacebook

      Oh the irony

    3. Anonymous Coward
      Anonymous Coward

      Speaking of WhatsApp and Facebook

      On an Android Phone that never had Facebook Messenger App installed (not even a Facebook user): WhatsApp is now creating a sneaky little folder that there's little or no info on the net about:

      .facebook_cache

      WTF???

      1. Anonymous Coward
        Anonymous Coward

        Re: Speaking of WhatsApp and Facebook

        Will probably find many other applications giving facebook data in the background. Facebook have created developer tools and libraries for a reason other than making developers lives easier.

      2. JohnFen

        Re: Speaking of WhatsApp and Facebook

        All apps and services owned and operated by Facebook must be considered as being the same as Facebook when you're thinking about privacy and security.

      3. GIRZiM

        Re: Speaking of WhatsApp and Facebook

        What's the path to this folder, please?

        1. Anonymous Coward
          Anonymous Coward

          'What's the path to this folder, please?'

          Its located in the root of 'Internal Storage', right next to the default location for DCIM (photos / videos). Connecting the phone to a PC via USB shows the folder. Its not visible on the phone obviously (note the period at the start of the filename). Also, the PC is running Win7 with hidden-files disabled etc.

          Upvote this if that's not clear enough, or you have more questions. Also please share any insights too! By the way, there are no other applications of any type installed on this phone (EVER). It has a throwaway SIM that is used solely for WhatsApp. We only use this app because we're forced to. Many Educational Institutes around the world outsource their entire IT to WhatsApp / Google-Docs / Office365 etc. WTF???

          1. GIRZiM

            Re: 'What's the path to this folder, please?'

            Cheers.

            I don't use WA myself but know others who do and it'll be useful to get them to understand what the nature of the issue is. They're, unfortunately, not very knowledgable and will need to see something before they then shrug their shoulders anyway - but at least they will finally have seen something and will no longer be able to dismiss the matter on the basis of an absence of evidence any more : )

            Doing any kind of 'business' on a platform owned and controlled by a foreign entity subject to seizure by a government already known to have engaged in espionage against its own allies and stolen commercial information to the advantage of its own business community ... WTF??? indeed!

            People are either woefully ignorant or delightfully trusting, take your pick.

  7. John Crisp

    Of elephants...

    I laughed

    https://twitter.com/McCollMagazine/status/981670766268723201

    1. GIRZiM

      Re: Of elephants...

      Dunno what the guy's problem is; he should be pleased that Fakebook knows nothing useful about him.

      What he needs to do is make sure his data don't show that he likes Mark Zuckerberg and/or Fakebook - then they'll know there's been a rounding error and they'll investigate him properly!

  8. Mark 85
    WTF?

    Did I get this right...

    FB is for sharing and exchange of data and info for users and because users do this, it's the user's fault? Or maybe I should say "product" instead of "user".

    1. Anonymous Coward
      Anonymous Coward

      Re: Did I get this right...

      I think you've described the purpose from FB's point of view. I can't imagine any user would describe their reason for being on FB as sharing and exchanging data. Most use it to communicate with each other. But any user on FB at this point who remains a user really has nothing to kick about.

      1. jeffdyer

        Re: Did I get this right...

        What do you think communicating is, if not the sharing and exchanging of data?

        1. Anonymous Coward
          Anonymous Coward

          What do you think communicating is, if not the sharing and exchanging of data?

          In the point I was trying to make, it doesn't matter what I think it is. It is what does the average FB user think it is? And rightly or wrongly, I don't think those users consider their interactions with other FB users to be "data". Even worse, I suspect most have some vague notion that their "private" conversations are actually private. They probably set up permissions on who could see their profile, posts, photos and other information - which would cause them to labor under that delusion.

    2. Doctor Syntax Silver badge

      Re: Did I get this right...

      Or maybe I should say "product" instead of "user"

      It's worse than that. For some businesses the two are indeed the same. For FB the set of users is only a subset of product.

  9. Anonymous Coward
    Anonymous Coward

    2-Billon part-leaked / 87-Million heavily-leaked

    Facebucks: 'Your privacy is important to us'...

    All the years, all the lies! State-level hackers didn't need to hack Facebook, it was an open shop. Just so Zuck could grow his ego into one of the largest corporations ever 'without a REAL product'.

    Its time for Zucky boy to go. His crimes make Kalanick look like a good guy. But this isn't likely to happen, because Zuck controls the whole shop. Hundreds of Millions of users have to #DeleteFacebook for it to have what Zucky calls any 'meaningful affect. Sadly, that's a lot of addicts!

    If you have an FB account and won't close it, consider this though, its kind of like your last warning. Zuck has already said it will take years to fix all the problems. That should be a good enough clue right there, that its business as usual until Faceborg can find some other way to monetize YOUR data...

    1. Anonymous Coward
      Anonymous Coward

      My friends, family, co-workers aren't worried

      They don't share anything. They only use private messaging. Sure some photos are Public and may get leaked, but they're ok with that it seem. The thing is though, while not widely reported, PM's were leaked too alongside all the other data:

      ......"It was your name, in some cases your email addresses, in some cases your private messages," Mr Parakilas claimed......

      https://www.rte.ie/news/2018/0321/949029-facebook-data/

      http://www.theregister.co.uk/2014/12/24/judge_denies_facebooks_motion_to_dismiss_privates_sniffing_case/

      ...

      This is classic satire from the, or is it...? Who wants to trust a CEO that has no conscience and lies like a used-car-salesman:

      https://www.theonion.com/mark-zuckerberg-promises-that-misuse-of-facebook-user-d-1823988784

  10. JeffyPoooh
    Pint

    Is being "117" years old going to affect my credit rating ?

    Plus, apparently, I have no employer.

    And what about my two wives? I mean that I have one wife, but she has two FB profiles (that I'm aware of; maybe there are more? LOL...).

    More like a "misinformation slurp" than a data slurp.

    1. Anonymous Coward
      Anonymous Coward

      "117" years old

      When Facebook marries your FB data to some Experian / Acxiom data-broker database, it will be just as hilarious!

    2. Anonymous Coward
      Anonymous Coward

      Re: Is being "117" years old going to affect my credit rating ?

      "More like a "misinformation slurp" than a data slurp."

      I read a few articles regarding how social media's algorithms work.

      You cannot "game" the algorithms the way you think because AI does not think like humans do.

      In fact, one of the articles I read said that they can determine your exact identity by what you DON'T post on the sites.

      1. Anonymous Coward
        Anonymous Coward

        Re: Is being "117" years old going to affect my credit rating ?

        If you use your real name, and there are few/no others in the area where your IP geos to, then they'll probably be able to link it up to your real info.

        Like you, I'm an old dude - 114 years old this January 1 as far as Facebook is concerned! But I use my real name, and I'm the only person with my name in the city I live and where I typically login from so I'm under no illusions that Facebook can marry the datasets to figure out who I really am. But who cares - I'm a lot more worried about the REAL data they have on me from other sources than what little they can collect on me via Facebook.

        As for scrapers, I've had the app platform completely disabled for years so I know I'm not part of the CA dump even if one of my friends was dumb enough to take that particular quiz. Likewise, anyone trying to use my email address to access my profile won't get much, as I've had my profile hidden from public searches for ages so they won't even see my advanced age. Heck I don't even have my (fake) birthday visible to my friends, or a relationship status or even the city in which I live. Outsiders can't search through my phone number at all, since I have never given a phone number to Facebook. Of course that's only because I never trusted Facebook, so I always locked things down as tight as I could...

      2. GIRZiM
        Go

        Re: Is being "117" years old going to affect my credit rating ?

        > In fact, one of the articles I read said that they can determine your exact identity by what you DON'T post on the sites.

        Yes, I WOULD be very interested in further information. Please send me a link to that article now. I understand that requesting this information does not affect my statutory rights in any way but that my user name may be stored in a neural database for the purposes necessary to process my request. Thank you.

  11. JWLong Silver badge

    In Other News........

    One third of the worlds population are effing morons. Who would have known?

    1. Jimmy2Cows Silver badge
      Coat

      Re: In Other News........

      Only one third...?

    2. Anonymous Coward
      Anonymous Coward

      Re: In Other News........

      Cock-eyed optimist.

    3. Mark 85

      Re: In Other News........

      One third of the worlds population are effing morons. Who would have known?

      Most of which are politicians or politician want-a-be's.

  12. JLV

    lots of juicy stuff ripe for picking

    anyone remember the face recognition tests run by universities a few years back?

    - grab CCTV images

    - match to publicly available picture databases, one of which was Facebook, look up user tag when set

    - about 20-30% success rate IIRC.

    but one could always find comfort that surely FB's privacy controls were vigilant*. oh, wait

    * I didn't so I deleted my images and requested to be untaggable.

  13. Franco Bronze badge

    Does/did anyone else watch Person of Interest?

    The central premise is an AI that can predict crime. The guy that built it says that they required background data on people, so he invented social networking as he'd discovered that people would share the information needed voluntarily online.

    https://www.youtube.com/watch?v=JbUow3PIG1E

    There is a pro-Privacy terrorist group in Series 4 called Vigilance, it would have been interesting if this had come out at that time.

  14. Anonymous Coward
    Anonymous Coward

    I'm having trouble deleting my FB account!@

    Oh, wait, I never created one.

    Back to the pop corn.

    1. Wulfhaven

      Re: I'm having trouble deleting my FB account!@

      Just a matter of getting the shadow profile of you deleted then.

      1. Ken Hagan Gold badge

        Re: I'm having trouble deleting my FB account!@

        "Just a matter of getting the shadow profile of you deleted then."

        Sounds like a simple matter. Let me see ... is there something in US law equivalent to our data subject access thingy? Would I as a non-USA-ian have any right to use it? If so, and FB declined, do I have standing in a US court? OK, so that's not sounding quite so simple.

        Next question. If a foreign company has made-up data tagged with my name, can they damage me with it? If so, how? If not, why should I care what they spend their money on?

    2. Paper

      Re: I'm having trouble deleting my FB account!@

      "Oh, wait, I never created one."

      Hope you didn't give your phone number and name to anyone who might be using the FB app and decided to sync their contacts...

  15. Winkypop Silver badge
    Devil

    The schadenfreude is strong

    My current status: Deeply amused.

  16. Anonymous Coward
    Anonymous Coward

    That 87 million figure is just from the few developers involved

    The Facebook software used to access users social media data (Graph) is everywhere including apps on third party app hosting sites known for distributing repackaged/resigned apps.

    Test for yourself:

    Go to any third party app hosting site and download a random selection of popular apps and extract them with 7-zip or similar "unzipping" tool and look in the classes.dex file for the string "facebook" or "access token".

    (hex editors make short work of this as they handle large files easier)

    If you're the type of person that has a lot of apps on your Android device chances are it's in yours too.

  17. Anonymous Coward
    Anonymous Coward

    I think the point Zuckerberg is failing to address and still hasn't addressed is that no privacy is the default, if he actually gave a shit about people as he claims he would just make change all privacy settings to private but he can't do that can he and even if he did advertisers and the like would still have access anyway.

  18. Vogler
    Alert

    Simple solution...

    ...just delete your FB profile.

    1. Doctor Syntax Silver badge

      Re: Simple solution...

      "just delete your FB profile."

      How? I don't have an account but that won't have stopped them building a profile on me.

      1. Ken Hagan Gold badge

        Re: Simple solution...

        "I don't have an account but that won't have stopped them building a profile on me."

        Does anyone know how accurate these profiles are? Is there any way for non-FB people to find out what's in them? Is there any way for FB people to find out what's in them? Can such a profile even meaningfully be said to be "about me" if neither I nor anyone else can actually go from "me" to "the profile" or vice versa?

        1. Ken Hagan Gold badge

          Re: Simple solution...

          and a follow-up:

          If a shadow profile can't be reliably linked to a person, can the system reliably avoid building up a new one after a GDPR delete-me request is submitted and acted upon? If not, doesn't that mean that FB's current architecture fundamentally incapable of staying with the law?

          And how much of this applies equally to any other system that attempts to join the dots within a morass of unstructured data? Who else should be crapping themselves as data protection laws around the world slowly catch up with what has been possible for a decade or two?

          1. Ken Hagan Gold badge

            Re: Simple solution...

            and another follow-up:

            GDPR obliges you to notify a person whenever you leak their data.

            I don't know how this notification is supposed to take place if the personal data in question doesn't include contact details and I have to say that any email from FB to someone who doesn't have a FB account is unlikely to pass their spam filters. Perhaps this relates to my earlier query about whether shadow profiles *can* be meaningfully associated with real people and whether they really count as personal data.

            I bet the lawmakers haven't thought about this, though. I bet they thought they could talk about "the subject" without descending into philosophical debates about personal identity and the fuzzy nature of knowledge. I bet they thought it would be clear what their law *meant*, even if it wasn't clear how might apply in any particular case.

            1. GIRZiM

              Re: Simple solution...

              >GDPR obliges you to notify a person whenever you leak their data

              Well, actually it obliges you to hold up your hand and say "mea culpa" whenever the company you used to work for before you took your bonus and ran leaks data on someone and gets found out for having done so after it's too late and the damage is done.

              But, yeah, apart from those minor niceties... ;-)

        2. GIRZiM

          Brazil (Was Re: Simple solution...)

          > Can such a profile even meaningfully be said to be "about me" if neither I nor anyone else can actually go from "me" to "the profile" or vice versa?

          The problem with fake profiles is that you don't know what the combinatorial effect(s) might be.

          First off, let's take the Buttle/Tuttle effect (C.f. Terry Gilliam's movie 'Brazil')

          Now, add to that not only all the persons of genuine interest out there for whom a simple non-ECC failure or Row Hammer attack might mistake you, but all the fake profiles that, in time, morph into fake shadow profiles that further morph (via the Buttle/Tuttle effect) into shadow profiles of persons of fake interest.

          Once that non existent person is of interest, investigation will occur that might ultimately lead back to your profile as 'candidate 0'.

          Now you are a person of interest thanks to the Buttle/Tuttle effect and, furthermore, there is no way for you to point to the fact that you are not that other person of interest who exists irl because they aren't the person of interest here, nobody is, you're just the best match anyone can find. So it's up to you to prove that none of the data everyone else has about the nefarious crimes for which your fake shadow profile has, until now, never been caught, aren't real, and not up to some other person who exists irl that you can point to and say "I'm not them", stop changing the subject and answer the questions the people in black suits have for you.

          Dystopian?

          Welcome to the future the present a long time ago already.

  19. Anonymous Coward
    Anonymous Coward

    But remember, it's your fault!

    'Zuckerberg told reporters "the vast majority of the data that Facebook knows is because you chose to share it."'

    Well, yes - But Facebook goes out of it's way to nag you into sharing more and more. So blaming the users doesn't wash very well.

  20. deadlockvictim

    let me re-phrase that for you

    Obscenely wealthy owner» "the vast majority of the data that Facebook knows is because you chose to share it."

    Well, let me re-phrase that: the vast majority of the data that Facebook knows is because you didn't choose not to share it.

    In other words, we relied upon and took advantage of the fact that you have no idea how important your privacy is to you and we milked it for all it was worth. I am now worth billions of dollars. It was very decent of you to sacrifice your data in that way.

  21. Roj Blake Silver badge

    Zuckerberg

    Zuckerberg really is an egregious little tossmuppet, isn't he?

    1. Korev Silver badge
      Pint

      Re: Zuckerberg

      "tossmuppet"

      Love it!

  22. Scott Broukell

    Just another phishing scam

    A great big one that your average punter walks right into, takes all the bait and sees only shiny shiny digital goodness through rose-tinted glasses and then volunteers up vast amounts of very personal data. Well done Mark, in the race to the bottom of the digitally connected world you are certainly top spot at the moment. Please take your malware and go home.

  23. Andrew Moore
    Coat

    "Changing the economy of the bad actors"

    For what it's worth, I don't think Steve Guttenberg has picked up a paycheck in a number of years...

  24. LucreLout
    Mushroom

    Remember

    GDPR day is send Farcebook delete me instruction day, whether or not you have an account.

    If everyone in the EU could be persuaded to file the same request on the same day, the impossibility of compliance (which provides no defence in the act) would see the company fined half of its revenue for the year.

    I'll certainly be demanding they delete any data about me that they've obtained from over sharing friends. I've never had an account so they've never needed any data about me at all, nor have they ever had my permission to have it.

  25. PhilipN Silver badge

    Cathedrals and Bazaars

    A new take on an old meme:

    The rogue trader will quickly go out of business, or get beaten up by fellow stall holders, whichever comes first.

    The Cardinal is untouchable by the masses, either because the ignorant unwashed, at least once upon a time, thought he represented the common go(o)d, or because his lackeys bundled unhappy parishioners out of the side door before they cause any real trouble. That is, until a vocal minority realise he is preaching fake sermons and breaching the Confessional.

  26. Anonymous Coward
    Anonymous Coward

    It's just a hunch

    But I got this feeling that Zucky will resign as Facebook CEO in the near future.

    1. JohnFen

      Re: It's just a hunch

      That doesn't matter. Any CEO's job is to implement what the board wants implemented. As the majority shareholder of FB, Zuckerberg effectively is the board. Whether or not he's CEO wouldn't change much.

  27. Anonymous Coward
    Anonymous Coward

    Top notch article...

    be sure to like on Facebook.

  28. Anonymous Coward
    Anonymous Coward

    "The Circle"

    If you have not watched the movie, "The Circle", please do. And just like what happens in the film ending, request that whoever has this bugger's and his family's personal and / or business details to post publicly on FB. Let us see at least then whether he publicly offers a full remorse for the monstrosity he has unleashed.

    1. Anonymous Coward
      Anonymous Coward

      Re: "The Circle"

      Read the original book - I think it has a different and far darker and hopeless ending than the movie...

  29. eamonn_gaffey

    Just Say "NO"

    I am reminded of the UK Police's esrtwhile advice to young people when being approached by drug dealers - just say "No".

    If you are already on FB, minimise what data you share, and then don't engage any further with this particular data dealership. If you are not in the FB clutches, don't sign up in the first place !!

    I am also reminded of the maxim "there is no such thing as a free lunch" - so don't be surprised if FB is dealing your data, 'cos you are not paying for the FB 'service'.

  30. Anonymous Coward
    Anonymous Coward

    You can't blame users if Facebook constantly reset the security values

    Like many others I was 100% sure my Facebook was locked down, I remember setting everything to private, making sure only Friends (not friends of friends) could see anything, etc. But every so often I go back into the settings to find I'm 'Public' again.

    It seems, like with Windows 10, after every big update they just reset everyone back to the 'defaults' when they do a major change to the security area. And you can't blame users for having poor security settings if your own defaults ARE the poor settings.

  31. GIRZiM
    Black Helicopters

    Shadow Profile

    Apart from whatever is in it, there has long been the matter of FB slurping people's contacts lists and, more recently (on Android at least), their call records.

    Which is why, even though I never gave F*ckbook my phone number and never installed their stupid app, I'm pretty sure it knows it anyway because of all my friends (even the otherwise sensible ones) installing it on their phones.

    Oh, wait. All my friends have had strict instructions not to store my number under any name I go by irl, but to make up a memorable one that could only be me, and I've saved theirs under different names on the same basis. So, even if the numbers match across devices, the names don't. So, there's no way to be sure who my number is for and my phone is the only one on which the names and numbers don't correspond to the ones on others' phones, so I must be a statistical outlier and should be ignored.

    Never having a contract and only ever using PAYG, never registering the phone and only ever topping up the credit with cash probably hasn't helped either, has it?

    That's inconsiderately unhelpful of me, isn't it?

  32. 2Nick3

    Closed-loop logic by Zuck

    "People tell us if they are going to see ads they want the ads to be good," Zuck argues.

    What was the survey question that generated that tidbit? "If you are being shown an add would you like it to be a good ad or a bad ad?" Once the assumption you're going to see an ad is in place it makes perfect sense. If I'm not in the target group for Product X then being bombarded with ads for Product X is slightly more annoying than being bombarded with ads for any other product.

    Just like having all 10 of my fingernails ripped off my fingers is slightly worse than having nine of them ripped off my fingers.

    1. GIRZiM

      Re: Closed-loop logic by Zuck

      Let's say that a man attacks you in the street and hits you over the head with a baseball bat one hundred times in a minute. Then he slows down. Is that a bad thing or a good thing?

      https://www.youtube.com/watch?v=asFU5ReztXU

      Under the right circumstances though, the following question is of more use, I find: If were to ask if you wanted to have sex with me, would your answer to that question be the same as your answer to this one?

    2. Ken Hagan Gold badge

      Re: Closed-loop logic by Zuck

      "If you are being shown an add would you like it to be a good ad or a bad ad?"

      I'd like it to be a bad one, please. I'm not going to be swayed either way, but I'd like to think that the advertiser has wasted lots of their money rather than just some, and that other people are less likely to be swayed as well. In short, I'd like the fast track to a world where all the people who spend money on annoying ads go bust.

  33. kbutler.toledo

    The head buthole of facebook makes excuses to us while making boo-coo for himself

    he has no shame, but lots of money from our information

    So give each of us a cut, buthole

  34. Paper
    Unhappy

    Deactivated mine, I could not bring myself to delete it yet as I worry about losing access to people I may need to contact again. Luckily I never did submit my number or sync my contacts.

    I created a new FB account mainly for keeping in touch with close friends and family, but ensured that it contained no real data of mine, no public anything, etc. I wish I could dump the FB platform altogether but it's insidious in this modern world.

    I don't really trust Google's social platform any more than FB.

    1. JohnFen

      "I don't really trust Google's social platform any more than FB."

      As well you shouldn't. In many way, Google is even worse than Facebook.

  35. JohnFen

    Zuck still thinks you're a dumb fuck

    ""People tell us if they are going to see ads they want the ads to be good," Zuck argues."

    Of course. But this is about data collection, and you don't need to engage in data collection for ads to be good. You don't even need to collect people's personal data to do a reasonable amount of targeting.

    Zuck is trying to argue that you can have either privacy or ads that don't suck, but not both. That's a straw man, right there. Besides, from what I've seen you never actually get ads that don't suck anyway.

  36. el_oscuro
    WTF?

    This is actually actually very shocking. I wasn't surprised about them selling everything they knew about you to anyone, and I was pretty annoyed about being included in that data because someone who has FB probably has me in their contacts.

    The truly shocking thing about this is facebook allowing bots to scrape the data. Blocking that is literally internet 101. Here is a link for Mark Zuckerberg if he needs to learn how to webserver:

    http://lmgtfy.com/?q=block+large+number+of+requests+from+ip+address

  37. Sanctimonious Prick
    Mushroom

    FaceBook?!

    Look! Seriously! The only bloody FaceBook I know is in the bloody headlines all the time! Stop it, and it'll go away. Please. With cherries on top. Cream too. Honest!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like