back to article Facebook: Yeah, we hoovered up 1.5 million email address books without permission. But it was an accident!

Facebook has admitted to harvesting email contacts from 1.5 million people without permission. Since May 2016, Facebook collected all email contacts when some new users signed up to the antisocial network. An anonymous security researcher, who sports the handle e-sushi on Twitter, first noticed that the company was asking …

  1. }{amis}{
    Facepalm

    Here i fixed that for you

    Facebook: Yeah, we hoovered up 1.5 million email address books without permission. But it was an accident! Our $%!t business as usual!

    1. Anonymous Coward
      Anonymous Coward

      "Please, pardon us as it looks we don't know we're doing what we actually do"

      Sure, the email slurping code was there by mistake - it wrote itself - and they were asking for a password they didn't need just because - what was wrong with the usual confirmation link?

      What is still needed to slap a ginormous fee on the "social engineering network"?

      1. GnuTzu
        Trollface

        Re: "Please, pardon us as it looks we don't know we're doing what we actually do"

        Oh please. In a culture of "our product is peoples' activities", surely someone just decided to do a little research project without bothering to get permission. After all, the users clicked through the EULA didn't they?

      2. BillG
        Facepalm

        Like Reverse Darwinism?

        I think that we all need to sit back and reflect that there are people out there that cheerfully gave Faceslap their email passwords.

        Maybe Darwin was wrong, in which case I grieve for the future of the human race.

        1. Anonymous Coward
          Anonymous Coward

          Re: Like Reverse Darwinism?

          Plenty of users still hand out their passwords as a matter of routine convenience. Just look at the high quality of password security awareness among UK MPs not so long ago.

      3. Mage Silver badge

        Re: "Please, pardon us as it looks we don't know we're doing what we actually do"

        Wasn't proven that that they have been doing this for ages on phones, of EVERY user of ANY Facebook family app, not just facebook.

        Bridge etc anyone thinks it's only 1.5M or an accident.

        Fines work out at cents per user. Should be an additional $100 / £100 / €100 per user on top of the fine, paid to users. Home Office, Microsoft (inc LinkedIn pressure), Google, Facebook, etc.

        1. Down not across

          Re: "Please, pardon us as it looks we don't know we're doing what we actually do"

          Wasn't proven that that they have been doing this for ages on phones, of EVERY user of ANY Facebook family app, not just facebook.

          Yes. WhatsApp sucks all phone contacts. Needless to say I'm not pleased as I have no control if someone who has my details installs an app like that and my details are sucked in.

          1. Vlad

            Re: "Please, pardon us as it looks we don't know we're doing what we actually do"

            I recently installed WhatsApp on a phone that I use for business and I was shocked when the first thing it did after installation was to slurp through my phone contacts and cross-match my contacts with other WhatsApp users. This was done without my permission, of course (as I would have deleted all contacts if I had known).

      4. Anonymous Coward
        Devil

        Re: "Please, pardon us as it looks we don't know we're doing what we actually do"

        > What is still needed to slap a ginormous fee on the "social engineering network"?

        They haven't completed their standard sequence of voluntary disclosures:

        Thursday: 1.5 Million email addresses.

        Following Monday: Umm, scratch that. It was more like 10 Million.

        Tuesday: Well, it was somewhere between 100 Million and 400 Million.

        Thursday: OK, it was 1 Billion, give or take a few.

        Totally by accident. Mistake. Never meant to do that. Who knew?

        To be followed by a Zuckerfuck interview blitz on CNN, NBC, MSNBC, explaining how they are striving to do better and how he is personally introspecting over this.

      5. adnim
        Joke

        Re: "Please, pardon us as it looks we don't know we're doing what we actually do"

        Well I just copy/paste from Stackoverflow, I haven't got a clue what my code does.

        1. Yes Me Silver badge
          Facepalm

          Re: "Please, pardon us as it looks we don't know we're doing what we actually do"

          "Well I just copy/paste from Stackoverflow, I haven't got a clue what my code does."

          Why on earth did you give that a Joke Alert icon?

          1. CrazyOldCatMan Silver badge

            Re: "Please, pardon us as it looks we don't know we're doing what we actually do"

            Why on earth did you give that a Joke Alert icon?

            Satire imitating life?

      6. Mark 85

        Re: "Please, pardon us as it looks we don't know we're doing what we actually do"

        What is still needed to slap a ginormous fee on the "social engineering network"?

        That probably won't change a thing. Now take Zuck and associates out behind the barn and whack them repeatedly with a large chunk of wood might work.

      7. don't you hate it when you lose your account

        Worse

        "It then changed the text informing users of what was happening but neglected to remove the functionality which sucked up the contacts."

        NO. You changed the text to tell the user what you were doing; then you did it without any consent.

        FTFY

      8. Vector
        Facepalm

        Re: "Please, pardon us as it looks we don't know we're doing what we actually do"

        "...and they were asking for a password they didn't need just because..."

        I'm still trying to figure out how an email password would validate anything (aside, of course, from the right to access the email account).

        Then there's the whole "NEVER give out your password!(!)" thing...

      9. Anonymous Coward
        Anonymous Coward

        Re: "Please, pardon us as it looks we don't know we're doing what we actually do"

        How about $100 per contact ? - seems fair...

        1. Anonymous Coward
          Anonymous Coward

          Re: How about $100 per contact ? - seems fair...

          Would they have to be *real* contacts?

          Obviously it wouldn't be appropriate to suggest that end users (or others authorised) pollute their own contacts list with what might be called "fake contacts".

          Think along similar lines to the TrackMeNot browser addon, except ideally there'd be a reward for messing with Facebook's slurped info.

          Anybody want to crowdfund someone (not me!) for that?

          Previously mooted alternatives, like blocking app access to contact lists, don't seem to have got very far, perhaps partly because the crinimals are in charge at the moment.

          [nb this might be technically trickier than it sounds, I dunno. But these people have made it very clear that neither legality nor morality matters to them, only the great god Mammon, so why should the rest of us give a feck?]

          What's trackmenot:

          https://cs.nyu.edu/trackmenot/

        2. Kiwi
          Devil

          Re: "Please, pardon us as it looks we don't know we're doing what we actually do"

          How about $100 per contact ? - seems fair...

          $500 + a baseball bat/contact.

          $50 goes to the person who gave over their email address allowing the slurping of the contacts.

          $450 and the bat goes to each of the contacts.

          I'll leave it up to your imagination as to what to do with said bat.

    2. Cavehomme_
      WTF?

      Re: Here i fixed that for you

      Wot?! ONLY 1.5 million?! Surely 1.5 BILLION!?

      Anyway, this outfit needs to be fined tens of billions and to threaten its very survival; these people don't understand any other language than money.

      1. Doctor Syntax Silver badge

        Re: Here i fixed that for you

        I think they'd also understand personal jail time although maybe not until it actually happened to them.

        1. Vometia Munro Silver badge

          Re: Here i fixed that for you

          "Gaol is for the little people", etc. :/

        2. jelabarre59

          Re: Here i fixed that for you

          I think they'd also understand personal jail time although maybe not until it actually happened to them.

          Maybe cellmate Big Bubba could make Zuck a part of his own personal "social network"....

      2. Anonymous Coward
        Anonymous Coward

        Re: Here i fixed that for you

        The number looks low - 1.5M new accounts in three years? - but it looks it happened only for people using specific mail systems (Business Insider lists Yandex and GMX), maybe those Facebook had no other way to slurp the data from. While this can justify the low number, it could also be a evidence it was deliberately included to access those data explicitly.

      3. adam 40

        Fining not fine

        I'm getting hacked off with this cycle of fining companies for wrongdoing.

        It ends up as being a tax collected by the Govt, which then has a vested interest in allowing said companies to carry on being naughty.

        I think it should be law that the fine is divvied up and shared equally amongst the people affected - in this case the users.

        1. Kiwi
          Flame

          Re: Fining not fine

          I think it should be law that the fine is divvied up and shared equally amongst the people affected - in this case the users.

          It should also be law that the fines hurt the execs deeply and personally. What's a $100,000 fine if the practice earns you $10.000/day?

          Find the poorest family in each exec's state and do a house-swap for a year. Divvy up their income (above basic living costs) amongst the victims for the next 10 years. Add another 5 years for every year they managed to delay it through the courts (and throw their lawyers into the mix as well).

          Make it absolutely NOT worth abusing people like this.

    3. Colin Ritman
      Stop

      Re: Here i fixed that for you

      An accident like they accidentally gave all their data to Cambridge Analytica to look for idiots stupid enough to vote for Brexit.

      1. fruitoftheloon
        FAIL

        @Colin:Re: Here i fixed that for you

        Colin,

        I mean, the cheek of it, X% of the folk in the UK having a different opinion to you...

        Jay

        1. Stoneshop
          Facepalm

          Re: @fruitoftheloon: Here i fixed that for you

          I mean, the cheek of it, X% of the folk in the UK having a lack of common sense and living in the past

  2. Khaptain Silver badge

    Definition of theft / fraud

    Can someone please explain how this can considered as being outsid eof the normal definition of theft and/or fraud ?

    What purpose do laws serve when bastards like this go about their business in complete impunity. Fining these shitheads serves no purpose other than to make small adjustments in a year end statement.

    Seriously when will we start throwing them in jail ?

    1. Anonymous Coward
      Anonymous Coward

      Re: Definition of theft / fraud

      Theft - Permanently depriving someone of something or devaluing something

      Fraud - Intentional misrepresentation for gain

      Those are basically the UK definitions, other jurisdictions may vary.

      IANAL, Hopefully someone who is will be along shortly to correct me.

      1. muhfugen

        Re: Definition of theft / fraud

        Fraud. If the data didnt have value, Facebook wouldn't want it. And there was deception involved as people thought they were authenticating themselves, not providing Facebook with their intellectual property. Hell, a ex-Intel engineer is being sued by Intel for among other things taking employee contact information with him when he left for Micron:

        https://www.theregister.co.uk/2018/11/29/intel_3d_xpoint_complaint/

        1. Down not across

          Re: Definition of theft / fraud

          Fraud. If the data didnt have value, Facebook wouldn't want it. And there was deception involved as people thought they were authenticating themselves, not providing Facebook with their intellectual property.

          Not intellectual property. Personal information of other parties who most likely did not consent to Facebook having their information.

      2. Kevin Johnston

        Re: Definition of theft / fraud

        Theft also includes 'to obtain pecuniary advantage' ie you take an item but do not intend to keep it, you do however intend to make use of possessing it to make money. Like taking items of value and then using them as collateral for a loan. You then return the items and do a runner with the loan money.

    2. Vometia Munro Silver badge

      Re: Definition of theft / fraud

      Business leaders, nebulous forms of investment etc. A normal person nicks a few grand, even under duress, then they're banged up without further ado. A very rich influential person is directly involved with impropriety potentially involving billions? A misunderstanding, a gaffe, they were otherwise Doing Good Works, etc. Give them a tax break instead.

  3. Anonymous Coward
    Anonymous Coward

    Some mistake surely !

    They took the contacts from 1.5 million users. Assuming each of those 1.5 million have one hundred contacts then FarceBook took the details of 150 million people without their permission.

    1. RFC822

      Re: Some mistake surely !

      <PEDANT>

      That would only be true if no individual was ever listed in more that one contact list.

      </PEDANT>

      (And people still occasionally ask me why I'm not on Facebook....)

      1. Anonymous Coward
        Anonymous Coward

        Re: Some mistake surely !

        You sir, are a pedant and I salute you.

        I did consider this possibility when I wrote the post, but as I have about 400 names in my contacts I decided to use a lower number.

      2. TimMaher Silver badge

        Re: Some mistake surely !

        The trouble here is... you are on FB. You just didn’t give permission.

        Which is why something needs to be done about them.

        They deleted all the data?

        Really?

        Maybe after they or their customers had already abused it.

  4. JimmyPage
    Stop

    Err, don't most company T&Cs prevent you ...

    from giving your email address to a 3rd party ?

    (I know they do, I have done a LOT of reading on this).

    So any user that happily types their password into Facebook loses all protection ? No, it may not be fair, or nice, but the bottom line is NEVER GIVE A THIRD PARTY YOUR LOGIN CREDENTIALS.

    (Incidentally, for all the sniffiness about SMS 2FA, accounts so protected would have been safe from Facebooks prying eyes).

    Note also this applies to companies that "require" you to give them your Facebook/Twitter/MySpace login details.

    1. JimmyPage
      Facepalm

      Re: Err, don't most company T&Cs prevent you ...

      To late to edit that and say "email login details"

    2. Lomax
      Stop

      Re: Err, don't most company T&Cs prevent you ...

      > SMS 2FA

      Great, now they have your mobile phone number as well. It's a strange game; the only winning move is not to play.

    3. Mark 85

      Re: Err, don't most company T&Cs prevent you ...

      Note also this applies to companies that "require" you to give them your Facebook/Twitter/MySpace login details.

      "Sorry, I don't have those accounts." isn't taken seriously by many companies any more. I find that to get them to take it seriously, bring up "security best practices and the HR droid goes quiet. I find the look on their face is the same one you get from a marketing droid if they ask about your "social" use of the web.

  5. Anonymous Coward
    Anonymous Coward

    All the way with 2FA ...

    Or rather all the way until you hit the confirmation dialog :)

    Might explain why Facebook couldn't access my (throwaway anyway) Hotmail account. Yes, you read that right. Microsoft saved me from Facebook !!!!

  6. Richard Crossley
    Stop

    It's time...

    FB and friends were taken down a peg or to. Not sure how yet, GDPR has some teeth, but won't apply to this.

    1. Doctor Syntax Silver badge

      Re: It's time...

      I'd have thought it would apply but as an alternative how about 1.5 million offences under the Computer Misuse Act or equivalent for other jurisdictions?

    2. FrogsAndChips Silver badge

      Re: It's time...

      Why wouldn't it apply? They collected email addresses without any consent between May 2018 and last month, that falls right within GDPR. And I don't think that's their first offense now, so that could justify slapping them with a fine on the high end of the range (up to 4% annual turnover)

      1. Richard Crossley

        Re: It's time...

        Thanks for pointing that out, I didn't read the article well enough and realise they only stopped last month.

        1. doublelayer Silver badge

          Re: It's time...

          It should apply, but the GDPR enforcement people don't seem to actually be doing anything. One fine against Google for not all that much, and a few minor actions against minor companies. Haven't they had long enough to start investigating these places? How long do they need to do this?

          1. Anonymous Coward
            Devil

            Re: It's time...

            The problem are the leprechauns running the Irish office... it may be they already got their pot of gold, so they don't need to look for the end of the rainbow...

            1. A.P. Veening Silver badge

              Re: It's time...

              Just wait until the German or Dutch office gets involved. The Germans are pretty big on privacy and the Dutch aren't that far behind.

              1. Anonymous Coward
                Anonymous Coward

                Re: It's time...

                You sure? I know there's a self explanatory expectation with regards to privacy and DE and NL, but times they are a changing...

                As you can see in this Heise article today, Seehofer is trying to bring government snooping, hacking, Trojan use, and node (FRA) surveillance up to NSA levels.

                As for NL, this stopped at the moment government there for example introduced RIPE and node monitoring (and FW to "friendlies"), ordered all telcos to cooperate unconditionally, its lawinforcement has the highest count of phone tapping in the western world, labelled all its citizens with an unique identity number, and discourages all cash transactions actively. On top of that the Dutch government doesn't "bend" this just for "state biz" but also likes to facilitate to make a nice buck (in line with Dutch culture): guess why Google loves their shiny new (state sponsored) Groningen center?

                So you were saying..?

          2. A.P. Veening Silver badge

            Re: It's time...

            They will need some more time as they like to be very certain (no company ever won an appeal yet and they would like to keep it that way). And the fine will be over the revenue at the time of fining, not at the time the "accident" happened. With most companies that just means a higher fine, so again no problem for them (only for those companies, but that is their problem).

            1. Anonymous Coward
              Anonymous Coward

              Re: It's time...

              ... And the fine will be over the revenue at the time of fining, not at the time the "accident" happened. With most companies that just means a higher fine...

              Ah, so companies like IBM would be better served to drag things out then...

          3. FrogsAndChips Silver badge

            Re: It's time...

            Some explanations here:

            https://www.theregister.co.uk/2019/03/14/more_than_200000_gdpr_cases_in_the_first_year_55m_in_fines/

            Basically, they are still processing legacy (pre-GDPR) cases, and they also need to harmonize the amounts of fines between countries.

            Big cases will always take time anyway, you can't build a file against a tech giant like Facebook and its army of lawyers in 3 weeks.

          4. John Brown (no body) Silver badge

            Re: It's time...

            "It should apply, but the GDPR enforcement people don't seem to actually be doing anything. One fine against Google for not all that much, and a few minor actions against minor companies. Haven't they had long enough to start investigating these places? How long do they need to do this?"

            I suspect the higher end of the fine range is being reserved for when intent can be proven. You don't transport someone to Australia for stealing a loaf of bread these days.

  7. alain williams Silver badge

    ''deleting the illegally collected details''

    They might even do so, in an unusual fit of honesty; but what they will not do is to delete the social graph/connections that they have learned as a result - this is what I would like to see deleted.

    Maybe punishment should be that Zuckerberg's address book should be made public, see how he likes that. Although that would be unfair on those who are exposed as talking to him.

  8. Doctor Syntax Silver badge

    Rather than simply delete them how about an apology for each of those who got Zuckered up? Individually typed out by Zuck himself.

    1. Antron Argaiv Silver badge
      Thumb Up

      "I don't know, they trust me! Dumb f*cks."

      - Mark Zuckerberg

    2. jelabarre59

      Rather than simply delete them how about an apology for each of those who got Zuckered up? Individually typed out by Zuck himself.

      https://youtu.be/qaz2hxZLycY?t=59

  9. No Quarter

    Too late

    If you are on Whatsapp then Facebook have your address book anyway.

    1. depicus

      Re: Too late

      Not if you never gave it access to your contacts although I notice now it makes things very difficult by swapping the users name for their number until you allow them to plunder your contacts.

  10. chivo243 Silver badge
    Pint

    they said soz?

    It's cool then, oops, is that Mozilla on the phone?

    Maybe it would be nice if El Reg quit giving FB publicity? Until they actually do something that benefits mankind?

    Have a nice weekend!

    1. Stoneshop
      Devil

      Re: they said soz?

      Maybe it would be nice if El Reg quit giving FB publicity?

      Oh, I don't mind ElReg notifying me of the next Fartbook Fuckup. Not all of them get reported in the mainstream news.

  11. STOP_FORTH Silver badge
    Black Helicopters

    Not just Facebook

    I went through a phase of creating fake e-mail addresses in my address lists. They were usually something like aardvark@neverhurtanyone.com (not an actual example). This way, if someone compromised one of my e-mail accounts, I should get a bounce from the first dodgy e-mail sent out. (I assumed, of course, that programmers were simple souls who would go through a list alphabetically).

    L1nk3dIn asked me if I wanted to add aardvark into my contacts list (or whatever they call it).

    Now, I'm not accusing anybody of anything, but I was on the "social network for suits" way before they were acquired by that bunch in Seattle, and it didn't use to have this feature. I was with my last company for 22 years. In that time it had four different owners and five different names (it has a sixth name now but I am no longer there). All of these incarnations used Outlook. The old e-mail servers were usually kept going for about three months after a name-change to hoover up incoming messages from people unaware of the new e-mail address. The week after the old server was decommissioned I would get an invitation to befriend about 4 to 6 people from my old address book. They seemed to be randomly chosen, except they were always people I had not recently communicated with and they were always on a different e-mail system/domain.

    Although one was an aardvark.

    Edited to add that I never offered any e-mail lists to anybody.

    1. STOP_FORTH Silver badge
      Black Helicopters

      Re: Not just Facebook

      That's a weird post to give a thumb down to!

      It's all 100% true and you can contact my friend aardvark to confirm.

      Although he is not replying to e-mails from me any more, I wonder if I have offended him in some way?

      When I originally spotted this unusual behaviour, I assumed the other parties must have opened their address lists up to L*******. This was perhaps rather naive, but the number of invitations was low. Only the (assumed) non-existance of the neverhurtanyone.com domain alerted me to the actual source of the addresses.

      I also never re-used the fake addresses anywhere else.

      1. Anonymous Coward
        Anonymous Coward

        Re: Not just Facebook

        I think the down vote was from the pangolin.

        1. STOP_FORTH Silver badge

          Re: Not just Facebook

          Could be, they're odd creatures. What kind of mammal has scales?

          1. The Nazz

            Re: Not just Facebook

            Don't encourage me! The ex had scales, new ones approximately every month, for some reason they kept breaking. Not all bad though, inexplicably (maybe not) she scored well at scarbble.

          2. Forum McForumface

            Re: Not just Facebook

            Many greengrocers do.

            1. CrazyOldCatMan Silver badge

              Re: Not just Facebook

              Many greengrocers do

              As does anyone with untreated psoriasis..

          3. Stoneshop
            Facepalm

            What kind of mammal has scales?

            Eh, how would you determine whether someone weighs the same as a duck?

          4. this

            Re: Not just Facebook

            Mark Zuckerberg?

    2. devTrail

      Re: Not just Facebook

      I saw L1nk3dIn asking me for my password as well. But that happened even before it was acquired by that bunch in Seattle.

      I didn't give my permission, but actually it would have made no difference, when I joined the "social network for suits" I created a new email box and I used it only as the backend for L1nk3dIn, I never mixed it with the other addresses, this should be a standard practice with all the social networks.

      1. STOP_FORTH Silver badge
        Unhappy

        Re: Not just Facebook

        I never gave them my password. The aardvark address was exported without my permission. Since it only existed in one place that must be where it was obtained from.

        I think these guys all suffer from scrapie.

  12. MrMerrymaker

    Maybe time to think about removing my account

    Haha, I crack me up with my retro posts from a decade ago!

  13. Anonymous Coward
    Anonymous Coward

    Accidentally?

    How many developers do you know who "accidentally" write code?

    The only "accident" was getting caught.

    1. CrazyOldCatMan Silver badge

      Re: Accidentally?

      The only "accident" was getting caught

      I refer the honourable commentard to the Norman Stanly Fletcher response..

  14. Jim-234

    Accidentally -- My Posterior

    Accidentally.... Sure, of course we believe that.

    More like the current Silicon Valley mantra which is do as much evil as you can get away with till you are caught, then say sorry it was an accident, then find another way to keep doing it.

  15. Eddy Ito

    Why does anyone trust Facebook these days? They're about as secure as a rotting corpse in the savanna. I mean if they can't even keep their own secrets (apparently pronounced ˈak-sə-dənts) how in deity's name are they going to keep anyone else's secrets?

  16. Dan 55 Silver badge

    Interview process

    Do they go through a convoluted procedure to weed out all the non-psychopaths who apply (which are probably very few now)?

  17. Anonymous Coward
    Anonymous Coward

    Isn't it about time Fartbook was forcibly shut down?

  18. Captain Planet

    Utter, utter BS! There is no way Facebook could accidentally scrape and upload contacts, to develop something that could log into a webmail account and go through the contacts and then send them to Facebook would take quite a lot of development work and simply could not happen by accident. It's like building a house without planning permission and telling the council you just bought some brick and dumped them on your land, but they just so happened to fall in such a way that they landed in the shape of a house.

    Please tell me they won't get away with pretending it was an accident??

    That's before you even look at them acutally asking for your password, WTF?? That creepy little android c#nt Zuckerberg needs to learn some respect.

    1. Huw D

      "That creepy little android c#nt Zuckerberg needs to learn some respect."

      Are you suggesting that Zuckerberg is a Google product?

      1. STOP_FORTH Silver badge

        C# was Microsoft, surely?

    2. The Nazz

      re house building

      A few years back, in the UK, a guy "accidentally" built without planning permission a quite substantial house inside a barn to hide it from public view in the hope that eventually, after 4 years i think without complaint, it would be deemed a valid house and he could then demolish the barn around it.

      Last i read, the authorities demanded it be demolished.

  19. TheDJNova

    Good question now would be if they will be contacting all third parties that have been handed datasets which include data generated using the illegally aquired email addresses.

    Because to all intents and purposes (especially anywhere GDPR is in effect) those datasets are also now illegal.

    1. Mark 85

      What good will contacting the 3rd parties do? I'm curious as once the cat is out of the bag, pretty soon it's spread to places beyond what the originator thought.

  20. John Klos

    Now we've got targeted caller ID spoofing

    I've been telling people about this for years - once our address books are out in the open, then we're going to start seeing robocalls with spoofed caller ID which uses the numbers of people we know and expect to hear from.

    The shitstorm has already begun.

  21. Corporate Scum

    Stop calling this kind of thing a screw up.

    It's been their overt strategy since the beginning. They have been sowing the wind with deceptive and predatory behavior since the beginning. Their cavalier disregard for legal business and social norms isn't a mistake, and it isn't cute.

    Don't use a weasel word like "screw-up" that helps re-enforce their false narrative that these things are anything accidental. They have worked hard to ensure that the whole process is a catch-22. When they rolled out mass facial recognition, the only way was to opt-out was by creating an account and agreeing to their terms of service. In the process they would suck all of your contacts out of your phone, your email accounts, and your address book the moment you signed in, BEFORE you could get to the opt out screen.

    If you did opt out, they never removed the data they had already stolen. That's deliberate strategy, going on over years, exploiting weak oversight that they spent millions trying to influence to keep regulators off their back.

    They have given you every justification to take the gloves off and unload on them. If any modern organization deserves to reap the whirlwind, it's Facebitch and it's Bitch in chief. This should be a steak dinner for you guys, sharpen your teeth and dig it!

    1. Mark 85

      Re: Stop calling this kind of thing a screw up.

      They have given you every justification to take the gloves off and unload on them. If any modern organization deserves to reap the whirlwind, it's Facebitch and it's Bitch in chief. This should be a steak dinner for you guys, sharpen your teeth and dig it!

      They won't stop until there's probably a revolution involving mass burning of data centers and senior management (and stockholders) hung from telephone poles. Even then, there will be someone or something stepping in after words to start again.

  22. Anonymous Coward
    Anonymous Coward

    Where's the evidence?

    When Facebook remove the details this must qualify as destroying evidence, can they be sued for it?

    How will they pay penalties if they don't know who to write to?

  23. Chris G

    The Barnum effect

    PT Barnum reckoned there was one sucker born every minute, Faecebook for the last three years seems to have been getting about thirty every minute.

    What I would like to know is where and how does the Zuck find so many so easily?

    I have an extensive portfolio of bridges and a Trainload of snake oil to sell.

    Faecebook's behaviour with regard to it's (l)users, is comparable to Zuck handing everyone a tube of KY and asking them to turn around and drop their drawers.

  24. Mark 85

    The company said it didn't read the contents of the emails and that the actual contacts were "inadvertently uploaded".

    <cough>Bull crap<cough> Contacts, information about the users is the core of their business model which is selling the users and their information.

  25. Anonymous Coward
    Anonymous Coward

    Enough is enough

    How many more times do we have to read that Facebook have been caught harvesting data they are not entitled to, apologise for, then get found out doing something very similar again?

    Surely there most be some entity with the teeth and balls to bitch slap Zuckerberg into compliance?

  26. devTrail

    Understatement

    Does anybody believe that the number of users whose address book has been 'mistakenly' uploaded in just 1.5 million?

    Does anybody believe that they'll really delete the data together with the derived phantom profiles (people who never joined FB but about whom FB knows a lot).

  27. Anonymous Coward
    Anonymous Coward

    Facebook apology of the week club

    Seriously, have they gone a full week yet this year without being caught red handed doing something completely unethical and Zuck saying "sorry, my bad"?

  28. Anonymous Coward
    Anonymous Coward

    Do sites like El Reg have an interest to declare?

    E.g. sites which have a web thingy ("web bug"????) linking to Facebook (and/or Twitty, and/or other antisocial networks) on every web page on theregister.co.uk ?

    If so, why are they still there?

    Does their continued presence make those sites which are displaying them part of the problem rather than part of the solution?

    What would it take for those things to vanish?

    1. Dan 55 Silver badge

      Re: Do sites like El Reg have an interest to declare?

      At the very least the social media buttons should come with a privacy toggle which defaults to the "yes I want privacy" option, like Bruce Schneier's site.

  29. KBeee
    Unhappy

    The saddest part

    is the bit at the end

    "The ad giant made revenues of over $55.8bn in 2018, up 37 per cent from $40.6bn in 2017. It had 1.52 billion daily active users, up 9 per cent on the year before."

    After all the bad publicity showing what the company is really like, they still increased their user base by 9% in a year.

  30. imanidiot Silver badge

    So perjury then?

    "Last month it emerged that top management knew about Cambridge Analytica's shenanigans at least four months before the story hit the news. Facebook previously claimed, and testified in court, that it was completely unaware until alerted by the media."

    Sounds to me like there should be some perjury trials and jail time incoming then.

  31. Adrian 4
    Devil

    15 years and counting

    https://dayssincelastfacebookscandal.com/

  32. Sleep deprived
    WTF?

    The devil finds work for idle hands

    As a programmer, I'm amazed to learn those at Facebook have so much spare time on their hands they can afford coding the hoovering of contact lists, their storage and analysis, all this without being asked for it...

  33. Anonymous Coward
    Anonymous Coward

    Government man

    You all think this is a problem, it's not. It's a solution. With all these people making better passwords, how else do you think we will get effective cracking list to hack Terry Wrist and his buddies accounts. This is progress, you just aren't supposed to know about it.

    Now go back to work, pay your taxes and turn in your weapons.

    Thank you,

    Government man.

  34. T. F. M. Reader

    Strictly speaking...

    It could happen accidentally, I suppose. Hypothetically, let's say there was some code that was intended to slurp, say, only with the user's explicit permission. And then some programmeridiot "accidentally reused" it, either copy-pasting way too much or inheriting or just calling some higher level function...

    Not that I believe for a second that this is what happened, mind you.

    But then, a habit of checking stuff and thinking what it does isn't something one would expect from anyone applying for a job at FB nowadays, is it?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like