
Army of 'Socialbots' Steal Gigabytes of Facebook User Data - goldins
http://www.theregister.co.uk/2011/11/01/facebook_infiltration_bots/
======
dendory
Facebook is just a huge mess, really. The other day I was amazed at one
particular scam that was so obvious, I decided to investigate. Someone made a
page that promised a free iPhone 5 (even though there is no such thing) and
had sent over 800,000 invites to people in 3 days. Over 20% answered, liked
the page, and entered an email address in a form (as the fan page instructed).
The wall was filled with comments like "I hope I win!" and such. There was
even some people commenting on the fact that there is no such thing as an
iPhone 5, and in every case the answer from other users was basically "who
cares? what do we have to lose? it might be true"

Moral of the story? There's enough gullible people on Facebook for scammers to
make money, regardless what measure Facebook puts in place.

~~~
endlessvoid94
Newsflash: There are enough gullible people EVERYWHERE for these things to
work. This is not a new thing.

~~~
megablast
But now, we have one place to go to meet them all. People on craigslist are
wary, otherwise it is not easy to get a group of gullible people all in one
place.

~~~
endlessvoid94
There is literally an advertising industry with this fact at its foundation.

------
yaix
I do not see any problem here.

> [...] much of it configured to be available only to people on the user's
> list of friends.

And it was. People randomly accept friends and then have their data configured
to be shared with them. In this case, the problem was not Facebook but was
sitting in front of the computer.

~~~
nostromo
I suppose it's a bit of a bigger problem than that since a lot of information
on Facebook is shared with friends of friends.

Because of this it's not just a problem for the bad user (like my aunt on FB),
but also all of their connections (like me and 300 other people).

~~~
yaix
True. But still, you can just set your privacy options to only share this
stuff with first-level friends.

The real problem with Facebook is that they collect data about you, without
you being able to control that data. Everything that people have in their
smartphones about you, or that other people add about you on Facebook by other
means (uploaded email address books, etc) is agregated into "your" profile,
even if you don't actually have a profile on Facebook.

------
DevX101
If anyone from Facebook is reading...You guys should add a "Do you know this
person?" option to friend requests received from new accounts. If the amount
of negative responses to the question surpass some threshold you flag the
sending account as suspicious.

~~~
joe_the_user
The problem is that that this is where Facebook's contradictions really
appear.

The problem is that Facebook needs to both maintain the fiction that it's a
network for only your "real life" friends to seem safe _and_ keeping finding
new friends to keep the interest up.

But the average person only has about 150 friends and they're either currently
on Facebook or they probably never will be. So to get new friends, people have
to friend "friends-of-friends", people sharing common interests, people with
attractive photos and so-forth. But if Facebook were to really discourage non-
real-friends, everyone's friend numbers would _drop_ and the site's excitement
level would start going down.

It is a weird kind of situation... Facebook is become more like "the regular
Internet" how that works out will be interesting...

~~~
Hitchhiker
This is a composite of previous comments, someone should hack a " Facebook is
dead " essay.

Cure to the present roberry 2.0 - gear up a homomorphic scheme[1] combined
with a generative personal cloud[2].

The " personal " in PC was most important when C stood for computer. Next, it
will be most important when C stands for cloud.

The other wall this epic bubble is going to run against sooner or later - as
people wake up at an intuitive level :

"Well, since Moore's law makes computation really cheap, let's just give away
the computation, but keep the data."[3]

All of this nightmare will be compounded by the stunning crap-storm about to
emerge in economies world over.

[1] - <http://crypto.stanford.edu/craig/>

[2] - <http://futureoftheinternet.org>

[3] - <http://edge.org/conversation/the-local-global-flip>

------
kellyreid
Internet users opt in to providing their personal details on the internet and
then knowingly accept connections from unknown parties, upset about "privacy
breaches".

This, and more on News at 11.

~~~
brainfed
Most people who'd be willing to accept random friend requests on Facebook
probably have no idea that this even happened.

------
rwolf
One major problem is that Facebook's privacy model for a long time was
"trusted with everything"/"trusted with little", and the criteria for entering
the inner circle was "the user adds you as a friend." Combine this will social
pressure to reciprocate friend requests, and you have a mess.

I wonder what effect allowing assymmetric contacts will have. Will users get
used to people "subscribing" to them without reciprocating, or will we all try
to achieve the ultimate high score by "friending" everyone we can get ahold
of?

------
jonmc12
Any estimate of the number of bots posing as people on facebook? Any way it
could be like 100 million? Can facebook could prove or disprove either way?

Seems both advertising prices and their valuation are linked to this number,
I'm curious what kind of due diligence has been done if social bots are as
easy as article makes it sound.

------
JBiserkov
"Within two weeks, 976, or about 19 percent of the requests, were accepted.

Of the 3,517 users who received the second round of requests, 2,079, or about
59 percent, accepted."

It seems to me that either people are really indiscriminate in who they accept
as their 'friends', or the 'randomly selected "people"' were actually other
socio bots :-D

~~~
kleiba
Or people are more likely to accept a friend request when you already share a
common friend on FB.

~~~
brc
I'm guessing the profile pictures of the 'friends' weren't ugly people.

~~~
derrida
Funny how those stereotypical 'beautiful' pictures found on the internet are
usually ugly.

~~~
pmjordan
I'm sure that's no accident. I suspect they're at the empirically determined
sweet spot between 'beautiful/sexy' and 'loose/easy' for the maximum number of
people to feel they'd both stand a chance with the person _and_ actually would
want to have sex with them.

------
zitterbewegung
It makes you wonder what private data sources actually have of the facebook
graph (Not including facebook). Does someone have the whole facebook social
graph downloaded or a large portion?

~~~
pork
At 500+ mil users with an average of 150 connections, you're looking at
500,000,000 * 150 / 2 = 3.75e10 edges. Assuming generously that each edge can
be stored with a 4 byte unsigned int, you're looking at about 140 GB. I
haven't seen any scrapes that even come CLOSE to that, an that's ignoring
throttling and privacy controls.

Edit: more likely, you'd get the data as (id1, id2) pairs with 8 byte longs
for each id. That's about 600 GB.

~~~
inconditus
This is an ignorant question, but do apps have access to the social graph? If
so, I'd assume the top game applications have a substantial portion.

~~~
jplewicke
You can get names and Facebook IDs of user's friends for anyone who signs in
with your app. I don't believe you can fetch their friends through the API, so
the game companies should have access to only edges in which one person uses a
game.

------
ricardobeat
"Steal" is stretched thin here. People made their information public.

------
jhuni
I am going to delete my facebook account this November 5. I encourage others
to do the same.

------
stfu
Kinda obvious that Facebook is getting scraped up and down for all sorts of
reasons. Wasn't there some "art" project of some guy guy who recently scraped
millions of (public) profiles?

"used programming interfaces from ihearthquotes.com" seems to be down/unknown
the the googles?

~~~
phillmv
>Wasn't there some "art" project of some guy guy who recently scraped millions
of (public) profiles?

Oh, it's amazing - <http://openbook.org/>

~~~
jaredsohn
I think the grandparent post may have been thinking of this:
<http://www.sott.net/articles/show/223241> ('Dating' Site Imports 250,000
Facebook Profiles, Without Permission)

For the site linked in the parent post, it looks like the site uses the
Facebook Graph API search function for public posts and then makes additional
queries to show information about the creator of each post. Since you don't
need a Facebook account to use it, I suspect they are making the queries via
the server. They might be accumulating the profile photo data as they retrieve
it, but it doesn't look any different than any other site that uses the
server-side Facebook APIs.

------
hybrid11
Another way to do this is just to use the search method that's part of the
Facebook Graph API (replace watermelon in the URL with your query) -
[https://graph.facebook.com/search?q=watermelon&type=post](https://graph.facebook.com/search?q=watermelon&type=post)

You'd be surprised the amount of information that people post publicly.

~~~
Achshar
wow, THIS is interesting.. and this is like 750 million people's posts :O

------
joe_the_user
This might sound harsh but...

Who care?

How long are people going to keep believing that information you share with
people who share with other random people is ... "private"?

I've friended spam-bots entirely for shits giggles. Seriously.

I like Facebook a lot. Seriously. I'm there pseudo-nonymously but constantly.
But naturally I post nothing I don't want totally public 'cause nothing on
Facebook is private to start with.

Define "privacy" in the context of Facebook. You can't and that's the point.

------
georgieporgie
Is that stealing? Not to get into a "data wants to be free thing", it just
seems like the automatic scraping of (effectively) public information, by an
algorithm which can't be held to terms of use.

~~~
windsurfer
I don't think it's stealing, but it's certainly rude.

~~~
pavel_lishin
It's automated social engineering.

