
Facebook's security team tracks posts, location for 'BOLO' threat list - Jerry2
https://www.cnbc.com/2019/02/14/facebooks-security-team-tracks-posts-location-for-bolo-threat-list.html
======
clubm8
> _In 2017, a Facebook manager alerted the company 's security teams when a
> group of interns she was managing did not log into the company's systems to
> work from home. They had been on a camping trip, according to a former
> Facebook security employee, and the manager was concerned about their
> safety._

> _Facebook 's information security team became involved in the situation and
> used the interns' location data to try and find out if they were safe. "They
> call it 'pinging them', pinging their Facebook accounts," the former
> security employee recalled._

> _After the location data did not turn up anything useful, the information
> security team then kept digging and learned that the interns had exchanged
> messages suggesting they never intended to come into work that day —
> essentially, they had lied to the manager. The information security team
> gave the manager a summary of what they had found._

So basically, if a Facebook manager couches their request as concern for your
safety, they can track your location on your personal account to uncover where
you are? This makes me uneasy.

~~~
debatem1
Maybe I'm naive, but I used to work at Google and I'm 100% certain that back
then if someone inside the company had used data in this way they would have
been fired unconditionally and immediately.

Now I wonder whether the companies are different or the times are.

~~~
crowdpleaser
>if someone inside the company had used data in this way they would have been
fired unconditionally and immediately.

Unless they're an exec, then they might negotiate an exit package or it
wouldn't get to that point.

Didn't the Google Exec who was most recently in the news for sexual misconduct
misuse data?

~~~
clubm8
>Didn't the Google Exec who was most recently in the news for sexual
misconduct misuse data?

I'm not aware of that angle but if you know more info I'd love to read about
it.

------
chuckgreenman
There's a paragraph here where they talk about reviewing private messenger
conversations between interns after they didn't show up for work one day.

That feels pretty invasive. Facebook tried to couch it in "genuine concern"
for their safety. I'm not sure that holds water with anyone who's familiar
with the workplace culture inside Facebook.

~~~
bertil
On that particular aspect: all Facebook employees (and I believe interns) when
they write on Messenger to other employees have an on-screen reminder that
their conversations are considered work product and can be monitored or
reviewed. At least, that was the case when I was there, I can’t think it has
changed. I’m assuming this has to do with a lot of well documented legal
reasons (insider trading, sexual harassment, etc.) De facto, hardly any
conversation goes through email: salary, pension, that kind of things almost
exclusively. Project progress, being cancelled, blockers, all that goes
through an internal version of Facebook (now Workplace, when I was there, a
subset of the main Facebook). It made sense that all that is deemed work
product for the company.

I would be more surprised if they had access to conversation with outsiders.

On the “genuine concern”, I joined several months after Snowden’s revelations.
The security team was (and I’m assuming still is) very aware that State agents
might try to access employee credentials. Overall, the company is very
considerate for employees, typically no matter the cost (e.g. the freezing
eggs things) and quite conscious to respect boundaries--but I would expect
that a small chance that a hostile Nation state escalated to kidnapping
employees is a stretch but not a big one. I’m a little surprised because the
company prides itself on not judging, and actually doesn’t care much about
time spent in the office. Interns might be given a shorter lead there.

With E2E encryption introduced to Messenger since a lot of that could have
changed.

~~~
CharlesColeman
> On that particular aspect: all Facebook employees (and I believe interns)
> when they write on Messenger to other employees have an on-screen reminder
> that their conversations are considered work product and can be monitored or
> reviewed. At least, that was the case when I was there, I can’t think it has
> changed.

Do Facebook employees have separate Facebook accounts for work? My impression
was that they don't, but I could be wrong.

If they're forced to use their "personal" account for work-related functions,
I think that raises all kinds of privacy concerns that probably should negate
the principle that employer ownership authorizes monitoring.

~~~
rock_hard
They do need a FB account to access all internal systems, but that can be a
seperate account from their private one

~~~
CharlesColeman
> They do need a FB account to access all internal systems, but that can be a
> seperate account from their private one

Is there an exception in the TOS for that? It's my understanding that they
forbid regular users from creating multiple accounts, though enforcement of
the rules is pretty ineffective.

[https://www.facebook.com/help/975828035803295?helpref=uf_per...](https://www.facebook.com/help/975828035803295?helpref=uf_permalink)

~~~
creato
I doubt it's multiple accounts on the exact same service. I'm guessing fb.com
is a near-clone of facebook.com's codebase, personal accounts are facebook.com
accounts, and work accounts are fb.com accounts.

~~~
hopler
Maybe it's a separate database, but cloning the code is a terrible idea.

------
rconti
First thing it made me think of is when the YouTube offices were shot up by a
gunwoman who was apparently upset about their changes in monetization
policies.

Of all the companies to 'hate', I'd expect FB to be a much larger target than
YT.

~~~
throwaway-1283
Outside of IG influencers (?), FB doesn't really offer a platform for
individuals to make money like they can on YouTube

~~~
ben_jones
There's a lot of MLM/self-help type scams that use Facebook to grow their base
that I could see as similarly upset if they were banned or otherwise
demonetized.

~~~
hopler
I suspect that the psychology of an activist making money via legit video
monetization is different from a black-hat SEO scammer.

Really though, you can't point to logical reasons for a mass attack against
strangers. Someone mentally unstable enough to do that could be triggered by
anything.

------
glitcher
> "No person would be on BOLO without credible cause," the Facebook spokesman
> said in regard to this incident.

A bit of backwards logic to justify the list contents, eh?

~~~
forgotmyhnacc
I'm having trouble making sense of your comment. If your company knew about
credible threats ( disgruntled employees, bomb threats, etc ) wouldn't you
have a BOLO list? How is that backwards logic at all?

~~~
glitcher
The article gives an example of an individual who may not have deserved to be
on the list. By stating "No person would be on BOLO without credible cause",
they are using a circular logical fallacy (begging the question?) to dismiss
any possibility that there may be mistakes made in managing that list.

~~~
traek
Circular logic is "No person would be on BOLO without credible cause, and the
credible cause is that they're on BOLO". What they're saying is that there is
a valid reason for each person on the list to be on it. You can take issue
with that as a matter of factual accuracy, but there's no tortured use of
language happening.

------
clojurestan
First of all, shit like this year after year is why I don't use fb or insta.

That said, if somebody went on one of my websites and commented that they were
mad at me and planned to show up at my house and do nefarious things, well,
yes I certainly would be on the lookout for that person.

------
kartan
> The company's information security team is capable of tracking these
> individuals' whereabouts using the location data they provide through
> Facebook's apps and websites. > But Facebook is unique because it can use
> its own products to identify these threats and track the location of people
> on the list.

This is so scary. That the company feels entitled to use that user data in any
way they please is horrifying.

I would not be surprised if they are also using internal data to get to spy on
spouses or ex, to stalk people, etc. Once the ethics of a company like this
are zero, the possibilities are infinite.

This is why more regulation like the GDPR is needed. And also a closer
supervision of the big tech companies.

