
Followup to "I bought more than 1 million Facebook data entries for $5" - tlrobinson
http://talkweb.eu/openweb/1842
======
DanielBMarkham
You really don't want to mess with the Facebook police. They'll delete your
life.

I wish I had something more substantive to say here, but the problem is that
we give Facebook an _extraordinarily_ huge power in our personal lives. It's
not just some random web service.

~~~
csmattryder
20 years old. No Facebook account.

I 'deleted my life', and y'know what? Nothing changed. I still have the same
friends I talked to before Facebook, still meet up for drinks on their
birthdays, still arrange nights out, and still share what's going on in my
life.

The best thing about no Facebook? I know what information is out there, and
nothing personal that Advertising Inc. can buy.

~~~
DanielBMarkham
You have a much easier story.

I'm 47. Because of the network effect, using Facebook I've connected with
people I knew and cared about that I haven't seen in 30 years. Dozens of them.
I barely remembered person A and B, found them and became friends. Then they
knew person C and D. E and F were close behind. Pretty soon I have 200 friends
from places scattered all over the world.

Life sneaks up on you, and people stop having the same phone, email, or street
address. You wake up one day wondering what happened to Bob, then slowly
realize that you'll never see him again. It's a weird feeling.

Yes, if I were 20 and still had a cell phone with all my friends from 4 years
ago, it'd be no big deal. But if I lost my FB data now? I'd never find these
guys again.

Personal sidebar ahead: by the way, my wife and I are having a competition to
see who can get the most friends. As long as you're not selling anything, and
I promise not to sell you anything, send me an invite! Right now she has 600
friends and I have something like 250.

<http://www.facebook.com/danielbmarkham>

~~~
jamesbritt
_But if I lost my FB data now? I'd never find these guys again._

You haven't bothered to copy off important contact data to some personal file?
That's crazy.

 _You wake up one day wondering what happened to Bob, then slowly realize that
you'll never see him again. It's a weird feeling._

True. OTOH, when that has happened to me, I realize there's a reason for it.

At 54 I find that a) life is not only short, it's shorter than you think, and
b) there's a whole lot going on right now that dwelling on acquaintances lost
to the past is probably a waste of time.

 _[B]y the way, my wife and I are having a competition to see who can get the
most friends._

Seems we're very different people, so my anecdotal reflection likely as alien
to you as yours is to me.

~~~
DanielBMarkham
The purpose of my post was to point out to HN users, some of which may be old
cranky guys with too much time on their hands, the way the average Facebook
user looks at things.

If you'd like to make it about me, happy to do that. My email is in my
profile.

~~~
jamesbritt
_If you'd like to make it about me [...]_

That wasn't my intention, but your post was _about you_ and how _you_ use FB.
Just as my response was about me and how I (don't) use FB.

I'm curious to know, though, how anyone can know if they are an average FB
user. I know a few people who use FB and they all seem to use it differently.
I wonder if each of them think they're an average FB user too.

------
randallu
I recently had cause to log in to facebook (first time in 6 months) because my
account had been compromised and was used to place a bunch of ads ("find hot
guys in your area") which they had apparently approved (and ran to ~$100 in a
few hours).

I was impressed with the account recovery process ("you entered an old
password -- do you want to recover your account?"), but I felt like they were
completely optimized for recovery versus preventing the intrusion in the first
place (ala Google's two-factor auth).

Anyway, in this case they obviously took the wrong approach with the blogger
and I hope it blows up in their faces. (Microsoft and everyone else used to
not be nice to security researchers, Facebook will no doubt learn that
cooperation is a better strategy too).

~~~
tlrobinson
FYI Facebook has two-factor auth as well:
<https://www.facebook.com/note.php?note_id=10150172618258920>.

~~~
flurpitude
I'm not very keen on those two-factor approaches like this that use text
messages to your phone. The text message often does not arrive. And in some
places you have to pay to receive text messages so it can cost money to log
in.

It would be preferable if they could just use the Google Authenticator app
like a few other sites do.

~~~
eugenez
There is a 2-factor code generator built into the Facebook app for iOS and
Android specifically to help with SMS deliverability problems. Have a look at
<https://www.facebook.com/help/270942386330392/>

------
nasir
I would say without facebook your life becomes much more productive regardless
of security issues. I rather prefer to be in touch with certain few people
through other media rather than having a bunch of schoolmates which only stalk
my profile. There would be no difference in having them because after all I
would not have any contact with them even on facebook.

------
mikk0j
I spot-checked some of the profiles in the original post screenshot. Four out
of five were realtors. So it could be the profiles in the screenshot were
ranked by profession, or that this is a lead for where the leak came from. Or
coincidence.

------
accountoftheday
What surprised me is that Paypal is facilitating the payment for gigbucks, the
marketplace where this is (still) offered.

~~~
rhizome
Well, it's not like they're trying to take donations for cancer patients or
anything.

------
davesims
> I tried to ask what they would do next but they said it would be an internal
> legal investigation.

"By who?"

"Top. Men."

------
MojoJolo
I don't know why Facebook reacted like that. But as I understand, those
information are not from Facebook itself. They are from an unknown third party
app. Also, anyone who has a knowledge in Facebook API can mine those
information by creating a Facebook app. I'm sure those app like "God wants you
to know" have more than 1 million Facebook information.

By reacting like that, I think Facebook can be considered as guilty as
charged.

~~~
short_circut
You don't even need to write a facebook app. I have put together scripts in R
and Matlab with those capabilities. Its absurdly simple to do using Facebook
API and a JSON parser.

~~~
mandeepj
Using facebook API you are at the mercy of other's person consent to give you
access to their email address and other data. You cannot just put some number
to access a profile and get the email address or until you have some preferred
access to data from FB itself.

Please let us know if you were working using some other better approach.

------
stfu
So Facebook is not only the x largest state, but also acts on the same level
of paranoia as government agencies do?

------
obilgic
Is not that a good thing that fb is taking this issue seriously and going
after the people who sell this information?

On the other hand, they are trying to solve this issue secretly, no
disclosure. And we dont yet know if they are taking any privacy measures to
prevent this kind of data leak.

~~~
chucknthem
It becomes much harder to track down a leak when the leakers know they're
being chased.

------
bobsy
Is selling such information even illegal? Is it against Facebook's terms?

By using an app you are giving them access to a whole bunch of your personal
information. I always assumed that many were scraping data from my profile.
This is why I have never use Facebook for authentication.

When I read the original post I figured Facebook would want the data so they
could narrow down who the probable culprit is. I would have thought finding a
common app among a million users probably wouldn't be too difficult.

That said the nature of this conversation is ridiculous.

~~~
Evbn
Scraping data via app permissions is prohibited by TOS but not policed.

------
oharo
this is so normal. ark torrented all the fb accounts for their yc demo day

~~~
mandeepj
Ark only shows publicly available data from the people's profile at fb. If its
not public then you cannot get it from ark.

~~~
oharo
you can find the exact profiles mentioned on demo day on piratebay.

~~~
priley
? It's true that there is a low quality dump of FB data from years ago, but
it's totally useless in terms of our faceted search and we never use these
kinds of sources.

------
DaSheep
Well this sounds like a good example of social engineering. Someone was really
interested on his data an he just send it to them for free :/ I mean "Policy -
Police", "It's secret", "we're recording you" are classic social engineering
techniques used to put the target in a uncomfortable situation. I used them a
few times, too.

------
finkin1
This is pretty insane. Did you ever agree to the confidentiality of the
conversation you were having?

------
philip1209
I know someone who generated thousands of links to facebook profiles,
including non-linked ones. They crawled for images with facebook meta data,
pulled the facebook IDs, and used those to generate the profile links.

~~~
law
I'm not able to verify this right now, but facebook stores user identification
information using EXIF in JPEGs? If so, I wonder whether image hosts delete
this info before hosting your file.

~~~
slig
Actually, the user ID is in the photo URL. Well, at least it was some time
ago.

------
kylelibra
"According to Facebook you are not allowed to read this post, so beware."

------
ju2tin
Relevant: [http://www.theonion.com/articles/google-responds-to-
privacy-...](http://www.theonion.com/articles/google-responds-to-privacy-
concerns-with-unsettlin,16891/)

~~~
jnacks
I wish I could hit a "Like" button on this.

------
chrischen
There's a like button on that page. I was logged in to facebook. Now facebook
knows I read that page!!!

------
rorrr
It looks like FB is really unhappy about people stealing their profits,
selling user's information.

------
edictive
Haha: I’m guessing the app that leaked this info is called “facebook”

