Hacker News new | past | comments | ask | show | jobs | submit login
Facebook Has Hosted Stolen Identities and Social Security Numbers for Years (vice.com)
191 points by rbanffy on April 24, 2018 | hide | past | favorite | 36 comments

Back when they first introduced Pages, around 2008 I think, you had to upload a scan or photo of your driver's license to prove your real identity (I was 19 and naive).

Well, a few months later, I go and look at my page which I never really used, and found my driver's license picture sitting in a public album on the page. I deleted it immediately.

Back then, you could directly email the company. I received a response a short time later that they had patched the bug and thanked me for bringing it to their attention.

I should have that email somewhere. It seemed like a pretty substantial glitch but I didn't do anything about it at the time.

Yeah, but the person who implemented it sure could big-O the shit out of a b-tree.

Your comment and parent should be emailed to every single person working in tech. Every morning.

Very loosely, back in the 1990s, centralized mass media was seen as stifling original thinking, forcing people to conform to whatever dimwitted thing the TV fed to them.

Then in the 2000s comes social media. We can find people online who we actually like hanging out with. Like-minded people didn't have to live isolated from each other. You could be whomever you wanted to be -- identity was seen as virtual, easily-changeable -- and this was seen as good.

Nowadays, the very same centralized mass media are demonizing being able to more easily choose your friends. They portray "like-minded people" gathering online as some kind of criminal or terrorist activity that threatens to destroy society in some not well explained way. Being able to express yourself using different personas is now seen not as a creative endeavor, but the work of shady operatives trying to stay hidden as they manipulate the already-willing into doing things they already agree with.

Forgive my skepticism if you feel it's unwarranted, but all I see in this article is a concerted effort by centralized mass media to regain its influence over society, and what that gets us is what we had for most of the 20th century, and that's not good.

Allowing like-minded people to find each other is not necessarily virtuous. A group of people who congeal purely for like-mindedness get lost in groupthink and the herd mentality.

I think there’s a lot of truth to this in today’s polarized environment. It is easier than ever to pick and choose exactly which groups of people you want to associate with - and equally easy to silence and ignore those with conflicting views. In the olden days you had to tar and feather someone to get rid of them - it’s simply no longer true in today’s social media society.

I think we humans like to think we are driven to connect solely by mutual interests, but in reality our social dynamics are much more complex than that. Reducing the abstraction of how people meet into a graph problem is the source of much of our societal issues with social media and sociability in general.

And man, does tech sure like it's careless and simplified approaches. Every day I am a little bit more convinced that we tech people are the only ones convinced of our genius

Exactly. Imagine Town Square like environment where people could Converse about tech and other nonsense without needing to physically be in the same location. The Horror.

Facebook is one of the largest media and advertising companies of all time. In what world is Facebook a decentralized alternative to the last century of mass media?

On Facebook, you can create updates that your friends will see and consume updates from them. While these updates go through some filtering and sorting, they are still much more decentralized than curated updates from newspapers and TV.

And that's why we should make sure that newspapers and TV aren't the go-to alternative to Facebook.

A different Krebs article is worth reading too. https://krebsonsecurity.com/2018/04/is-facebooks-anti-abuse-... FB ignored complaints made through their own abuse-reporting channels but responded quickly after he started posting complaints on Twitter.

For an even more dramatic example, when Facebook posts were fueling anti-Muslim pogroms in Sri Lanka, Facebook didn't respond to either reports in their system or to direct outreach from the government, until about a week or two into the violence the government blocked Facebook entirely. Then they showed up and made a display of contrition and responsibility.


On Facebook, Mr. Weerasinghe posted a video that showed him walking the shops of a town called Digana, warning that too many were owned by Muslims, and urging Sinhalese to take the town back. The researchers in Colombo reported his video to Facebook, along with his earlier posts, but all remained online.

Over the next three days, mobs descended on several towns, burning mosques, Muslim-owned shops and homes. One of those towns was Digana. And one of those homes, among the storefronts of its winding central street, belonged to the Basith family.

Abdul Basith, a 27-year-old aspiring journalist, was trapped inside.

“They have broken all the doors in our house, large stones are falling inside,” Mr. Basith said in a call to his uncle as the attack began. “The house is burning.”

The next morning, the police found his body.

In response, the government temporarily blocked most social media. Only then did Facebook representatives get in touch with Sri Lankan officials, they say. Mr. Weerasinghe’s page was closed the same day.


Don't worry, at least in Burma (country where a genocide is happening) it's fixed now. /s For a country very roughly the population of Germany they now have dozens of people policing content. In Germany they had 1200 before even announcing they'd hire anyone for Burma. And that itself was because of pressure from German government. They "care", but only about expanding recklessly and doing absolute minimum to keep their market. It's prudent corporate behavior.


In Burma the government isn't going to block Facebook to get it to intervene, like Sri Lanka did. They're running the genocide, after all!

More reason for FB to actually police their platform according to their own rules there, and not let site policy violations slide.


So should Facebook just censor whatever posts governments say they should? Where do you draw the line?

They should make a decision. In this case, they didn't care enough to censor anything, whether the complaints came from the government or from individuals. The important role the government played here was in using its power to force Facebook to the table; if the government hadn't stepped in, Facebook should still have responded to reports of incitement to violence.

Facebook ignores complaints period. I have to assume that all of them a directed to /dev/null and they call it a good day.

For many companies, Twitter has unfortunately turned into the only effective way for customers to get support. No surprise that public shaming gets action faster than private complaining.

It surprises me, to be honest. You'd think that companies would work harder to offer a private channel for grievance, as opposed to a public forum like twitter.

I take it they feel they have to have a presence on Twitter, and the public airing of grievances is just the price they have to pay.

Funny how they redacted the query, but you can see many of the query words bolded in the results.

This gets pretty close:

    site:http://facebook.com inurl:posts maiden "social security number" ssn phone 2018

Challenging Safe Harbor would make starting any new platform a lot harder, even operating a node of Diaspora, Mastodon, etc. legally very risky without pre-approval. I’m not sure the recent posts promoting those technologies had that in mind.

It's stuff like this that may eventually convince Congress to defunitively scale back safe-harbor (for good or ill). It's one think to say "we can self regulate" but you have to, you know, self-regulate, otherwise eventually regulations will be imposed on you.

On the one hand, I don't think noname blogs should be held responsible for every single thing posted in their comments section. On the other hand, when it comes to giants like Facebook, come on. Facebook obviously doesn't take this stuff seriously and if they won't take stuff down like this without public shaming, it seems clear that they just don't care.

> It's stuff like this that may eventually convince Congress

No, it absolutely will convince Congress to scale back safe harbor. It's already happening! It's how we ended up with SESTA/FOSTA on the books-- Backpage gave everyone the finger instead of policing itself.

4chan polices itself better than most of these commercial entities. It's a sad state of affairs.

The difference is that SESTA/FOSTA has no discernible benefit to anyone but congress, whereas actual regulation would presumably help consumers.

You are more likely to get SESTA/FOSTA analogs with different predicate offenses than “actual regulation”.

Like patent regulation presumably helps consumers, but actually doesn’t.

> It's one think to say "we can self regulate"

Safe harbor isn't about self-regulation (in fact, it specifically is about relieving intermediaries of the need to do that), it's about content c rules being directed at contract providers, not intermediaries; removal of safe harbor forces, rather than abandons the idea of, self-policing by intermediaries, which is rather the point: to get intermediaries to censor content on the threat of exposing them to public and private liabilities if they do not.

This stuff should be taken down promptly by a platform, and then the perpetrators tracked down where possible.

Isn't it thus beneficial to have a tangible platform that can be regulated accordingly? That would make this an argument for a platform like Facebook, not against it.

> then the perpetrators tracked down where possible.

Do you think that Facebook should have the right to arrest criminals? Under which jurisdiction?

Imagine that Facebook is able to find commonalities between several posters, do you think that law enforcement is responding appropriately?

Facebook is a common data exfiltration platform as well. There are a lot of CC# and SSNs stashed away in private messages.

Google makes it easy to find stolen identities and social security numbers (and login credentials and API tokens and passwords and so on). Not just on Facebook. Anywhere and everywhere across the entire internet. It's not like there is a legitimate use for social security number searches (research aside which could require an API key). Google isn't stopping it. It provides tooling. It runs ads alongside the results. If Facebook is supposed to catch and censor this stuff, then Google should be too. If Google gets a libertarian pass, then perhaps so should Facebook.

"These weren’t very hard to find. It was as easy as a simple Google search."

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact