
Facebook employee fired over bragging about access to user information - startupflix
https://www.reuters.com/article/us-facebook-privacy-firing/facebook-employee-fired-over-bragging-about-access-to-user-information-idUSKBN1I334E
======
beloch
Firing employees dumb enough to snoop and brag isn't enough to restore user
confidence. Facebook needs to take concrete steps to prevent employees from
snooping, and it needs to be publicly seen doing so.

I stopped using Facebook years ago because I felt it was just too invasive.
I've felt like a technological Luddite ever since, but boy are Zuckerberg &
Co. ever doing their level best to make me look prescient!

~~~
beedogs
If it makes you feel any better, you've missed absolutely nothing. Facebook
has only gotten worse.

~~~
chiefalchemist
FB was been and still is what it's always been...a mirror and a magnifier.

What's changing is the tolerance some ppl (e.g., you, me, the HN'er above your
comment) have for it's mindless minutia, as well as the privacy issues.

The takeaway for me is simple: the evolution of humans - FB the Big Inc and
the masses that feed its bottom line -is greatly exaggerated. Could some of
the devo'ing be due to FB? I suppose. But for the most part, the signs have
been there all along, FB just made it undeniable.

~~~
psyc
I agree it's roughly the same as it's been. I think its ubiquity has made the
FB _situation_ worse.

~~~
chiefalchemist
Yes. If nothing else,easier to see, and at the same time complicity /
"normalization" has increased.

It's a massive collective blindspot.

------
Cogito
The bigger issue here is that they reacted to this event, rather than
proactively managing it.

From the article, “Access to sensitive data is logged, and the company has
automated systems designed to detect and prevent abuse”,but if that were the
case surely they would have acted on this before it became public.

In reality they have no incentive to police this kind of behaviour until they
are called out on it.

In truth, I would never spend time and effort looking into potential
malfeasance myself, as I would be too focused on building out new features and
ideas.

I don’t know if a natural incentive exists that would drive the behaviour it
seems society expects.

~~~
Maro
You are wrong.

> In reality they have no incentive to police this kind of behaviour until
> they are called out on it.

Access to personal information of users is "policed" internally, proactively,
and you can get fired over it. It's one of the things they hammer into your
head the first month of bootcamp after you join. The internal tooling and
frameworks have all sorts of built-on heuristics to catch this [1], and
there's internal teams who're continuously improving these security measures.

[1] this = accessing information not related to your job duties

~~~
Cogito
Happy to be wrong.

Are you saying this person was fired before it became public that they had
misused data? Or was it reactionary?

~~~
downandout
The guy's job was apparently to check out profiles of people that may present
a security threat. So if his job was to look at profile data all day, in this
specific case his firing would almost have to be reactionary, because his
nefarious activities would have looked like normal job activity to any
auditing program. We only know his activities were nefarious because he said
so. A developer or people in almost any other position for that matter would
likely have been caught proactively.

~~~
bertil
I am absolutely convinced that whatever loophole he found, it is already
patched with addition controls over that team.

~~~
vageli
What gives you such a high degree of confidence to make that statement?

~~~
bertil
I worked at Facebook. I am directly familiar with how the company treats those
cases.

------
godzillabrennus
Zuck bragged about having access to the data himself. Hardly anyone batted an
eye back then: [https://www.tomsguide.com/us/Facebook-Mark-Zuckerberg-
Social...](https://www.tomsguide.com/us/Facebook-Mark-Zuckerberg-Social-
Networking-privacy-security,news-6794.html)

~~~
MasterScrat
That was 14 years ago though, his situation was slightly different back then.

~~~
ada1981
Exactly, he was the founder and CEO of the company.

Wasn’t the whole ethos’s of Facebook to aggregate a bunch of data so Zuck
could get laid?

Seems like this guy is a mild incarnation.

Ps. “Senator, we don’t sell data!”

~~~
Karunamon
I find that HN is at least a little bit hypocritical when they go on about the
right to be forgotten and not judging people by what they did in years past...
and meanwhile judge Zuckerberg harshly for a snide comment supposedly made 14
goddamn years ago.

~~~
ada1981
HN is comprised of individuals and none of them speak for everyone.

I think it's interesting someone would get fired for making a joke that is
mild compared things the founder has said / done.

------
cm2187
Fired for bragging about it? What about being fired for doing it? If they log
these accesses that's the way he should have been caught.

Reminds me of David Viniar's "unfortunate to have that on email" blunder:

[https://www.youtube.com/watch?v=ccjZEvBGOuk](https://www.youtube.com/watch?v=ccjZEvBGOuk)

~~~
bhhaskin
Not as good of a headline.

------
usrusr
Am I the only one who completely fails to see the smoking gun in that
screenshot?

~~~
jdormit
You are not. To me it comes off like a misguided attempt to impress someone,
not an admission of actual wrongdoing. The guy comes off as a creepy asshole
for sure, but it's basically just bragging.

But really, given everything going on with Facebook, why would an employee
ever think this was a good idea? That's what is really beyond me.

------
newscracker
This reminds me of LOVEINT [1] [2], as a somewhat recent example of how
available data on people can, _and will,_ be misused. Despite any claimed
heuristic software monitoring controls put in place and any instructions
hammered in the first month of job orientation, it's undeniable that Facebook
is a treasure trove of information on what people like or dislike, what people
do, where they go, where they are, what they talk about on Messenger (think
it's private), etc.

I see it as a question of when, _not if,_ we'd see more stories of stalking
and abuse (including physical violence) perpetrated by those employed by
Facebook. The "authentic names" policy only makes this ever so easier to find
and follow people. Firing someone after some damage is done is nothing
compared to what the victims have suffered and may continue to suffer.

I personally question the ethics of people who even choose to work for a
company like Facebook. So my (hyperbolic) view is that this is not something
to be shocked about. Not with Facebook!

[1]:
[https://en.wikipedia.org/wiki/LOVEINT](https://en.wikipedia.org/wiki/LOVEINT)

[2]: [https://www.washingtonpost.com/news/the-
switch/wp/2013/08/24...](https://www.washingtonpost.com/news/the-
switch/wp/2013/08/24/loveint-when-nsa-officers-use-their-spying-power-on-love-
interests/)

~~~
ihsw2
There is a fairly strong heuristic for measuring who is less likely to be an
anti-social maniac like the one in the article -- marriage.

Throughout history and across the world, married men (and women) are
universally much less likely to be exhibit anti-social behavior to the point
where it is an enduring fixture (if not _the_ enduring fixture) in the
civilizing process.

~~~
ionised
Or that those people are more likely to conform to whatever ideal society
expects of them at that time, marriage included.

~~~
astura
It appears that its probably a little of column A; a little of column B

[http://healthland.time.com/2010/12/07/why-married-men-are-
le...](http://healthland.time.com/2010/12/07/why-married-men-are-less-anti-
social/)

------
snvzz
The question is just how many have access and aren't bragging about it.

~~~
watwut
Facebook's security engineers (and tons of other engineers) have easy access
to information. They are however not supposed to use/access information about
people for non-work purposes - like finding Tinder dates.

So, the answer to your question is many of them have access by design.

~~~
netsharc
If I had access, "finding dates on Tinder" is amateur hour. You can find out a
lot of details about a person if you go through their profile (usually you
have to be friends with them, but if you're an admin probably not), and even
more creepily, if you go through their messages.

If she says "attending" to an event on FB, you'll know where the person will
be at a particular time and date, you can just "randomly" bump into them and
mention your love of $MUSIC_GROUP and $TRAVEL_DESTINATION.

And since the mobile app probably logs locations, you could also trawl through
that data on the fly to "randomly" bump into them again a few days later.
"What a coincidence!".

~~~
watwut
Guys really should not take dating advice from romantic comedies. In comedy,
this is romantic. In real life, this is called stalking, major red-flag since
guy who does this before he even has relationship is likely to be controlling
and dangerous in relationship.

~~~
icebraining
It's only a red flag if the other person suspects it, unfortunately.

------
RustySpottedCat
That has got to be the worst pick up line I've ever seen.

~~~
ams6110
Have you met any guys in tech? Suavity with women is not exactly the norm.

------
liberte82
Was that employee Mark Zuckerberg?

~~~
fenwick67
For those not aware, this chat log is attributed to Zuckerberg:

ZUCK: yea so if you ever need info about anyone at harvard

ZUCK: just ask

ZUCK: i have over 4000 emails, pictures, addresses, sns

------
jpkeisala
It would be great if there would be "Facebook Snowden" out soon.

~~~
letsgetphysITal
There is, he's called Christopher Wylie. He didn't work for Facebook, but he
exposed the access available to their data.

------
Rjevski
Is there any evidence of any wrongdoing here? His access to personal
information is absolutely normal given his job title and frankly, I’m
surprised that the other person feels unsafe after hearing this despite the
fact she’s apparently a software engineer so the fact he has this access
shouldn’t come to her as a surprise, and in her job she has probably the same
level of access if not more.

~~~
heyheyhey
His wrongdoing is using his access to find information on his Tinder date, not
on hackers, which his job is supposedly for.

~~~
Rjevski
Did he use it? I saw nothing in that screenshot where he actually used his
access.

------
jcfrei
I wonder how many Facebook engineers still use their own messenger for private
conversations. I would guess most of them are using iMessage or Telegram or
something similar.

~~~
lumisota
Both WhatsApp and Messenger (when secret conversation is enabled) are end-to-
end encrypted.

~~~
dannyw
Messenger is only ETE for the secret mode. Normal messages are scanned for
profiling and advertising.

------
lumberjack
My prediction is this: in the future data will be as regulated as regulated
substances are today. Facebook and Google and a few others will be akin to the
mass manufacturers of this "controlled substance" and the selling and use of
data will be regulated is such a way that private entities cannot willy nilly
pay to spy on people. They will however be allowed to buy certain kinds of
data for commercial use.

In some regards this will be an improvement, in the sense that it would be
harder for actuaries to weaponise your data against you, without your explicit
consent. It would make it easier to control the use of the data collected
about you.

On the other hand it will legitimize surveillance by state agents and very
powerful private entities.

Another prediction is that countries might eventually start considering data a
matter of national security and might restrict the transfer of data about
their citizens across borders.

~~~
kalleboo
Aren't you just describing the GDPR?

------
vinchuco
Privacy problem solved!

------
andrewdon
"Access to sensitive data is logged, and the company has automated systems
designed to detect and prevent abuse, Stamos said." Looks like FB failed again
to achieve this.

------
inanutshellus
Rule number one of Faceclub: You don't talk about Faceclub.

------
some_account
Good PR move but totally useless for actually changing anything.

------
ada1981
Zuck: Yeah so if you ever need info about anyone at Harvard

Zuck: Just ask.

Zuck: I have over 4,000 emails, pictures, addresses, SNS

[Redacted Friend's Name]: What? How'd you manage that one?

Zuck: People just submitted it.

Zuck: I don't know why.

Zuck: They "trust me"

Zuck: Dumb fucks.

~~~
icebraining
Never a truer word spoken.

------
quantumofmalice
The elite code of conduct: Do what thou wilt, but for goodness sake don't say
anything about it

~~~
petropolisful
...in keeping with the virtues of silence!

