Hacker News new | past | comments | ask | show | jobs | submit login
This is how vulnerable your Facebook Page can really be (thenextweb.com)
69 points by bond on July 15, 2011 | hide | past | web | favorite | 22 comments

Facebook has this policy backwards. Why should facebook enforce trademark issues at all? If someone registers a Coca Cola page Coca Cola should sue that person and the courts should force the person to give up the account, Facebook should not be involved at all.

If someone leases a building and starts a business and puts up a sign that says Coca Cola, Coca Cola wouldn't contact the landlord about the sign they would just sue the owner of the business.

If what you are saying is that every Page on Facebook should clearly specify the name and address of the person who created it, then "maybe" (there are still a ton of reasons why it should be in Facebook's interest to protect their users from scams); as it stands, Pages on Facebook don't even link to the profiles (which themselves could be fake) of the people who administrate it unless it opts in to that; so, the idea that I should start lawsuits with the four ass-hats who were impersonating me on Facebook last week (one of which had well over a thousand fans and was answering questions as if he was me and trying to lead people through his content farms for ad revenue) is somewhat silly.

So now... What if this business is based in China? Coca Cola can't sue them that easily, but they can easily sue Facebook.

Not that I disagree with you, but I wouldn't be surprised to see a business act like that (e.g. contact the building owner). I almost expect it anymore, with the 'shock and awe' legal approach that is so prevalent.

They really ought to have a different policy based on the significance of the page on their site. Isn't a page with 40,000 likes worth requiring the complainant to provide some documentation about their infringed trademark? Sure, someone complains about a band with 1500 friends, take it down and let them battle it out. But a company with 40,000 users on your website ought to be treated with a little discretion. The number of times that companies with that many fans are the cause of a dispute cannot be so overwhelming that they can't do a tiny bit more due diligence.

I don't understand how facebook DO NOT see the danger to their own long term success here.

It is clear that being dependent on them for any significant part of your business model is risky and currently ill-advised.

Why they aren't taking issues like this seriously are a mystery to me. IMO - its stuff like this which will end up sinking them.

Because it isn't your Facebook Page. It's one of Facebook's Pages, which they let you play with, until they don't.

Precisely. I've said that a gazillion times as well.

A quote from Arstechnica:

How dare we post our own content to our own Facebook page


I've got used to the fact that the average teenager or grandmother is constantly producing content and giving personal data to Facebook for free. I guess email is just too hard for the non geeks.

But seeing industry pundits be surprised by such a move is indeed concerning.

To be fair to Facebook, this is how vulnerable any one's content is if they host it at a hosting provider that is outside the jurisdiction of their nation and subject to third party pressures. Very few large and profitable hosting providers will give you the benefit of doubt and risk costly litigation.

If somebody claimed that some specific domain was infringing their trademark they would have to go to court to get it. (Am I right?) Why shouldn't Facebook have the same policy? Right now it seems that their policy of just listening to anybody's complaints is open to abuse. In fact, they are probably opening themselves to a lawsuit by shutting down accounts every time somebody makes an unsubstantiated claim. In this case there were real monetary damages.

Forgive my ignorance here - but how did the fake email manage to have been signed by facebook.com? If anyone knows, I'd love a detailed explanation or a reference link. Thanks!

The article says that the scammer sent a _screenshot_ of the email (so the email was just photoshopped, and not actually signed by facebook.com).

My fault - thanks for the clarification.

Actually you don't even need photoshop. Firebug would do.

So will Chrome's built in developer tools. No bloated browser or third party tools required.

If you have access to their new facebook mail stuff, is it sent from an @facebook.com email address?

Yes, which is another bit of evidence that this is a fake - Facebook employees use @fb.com as their e-mails.

It's actually quite easy to fake an email address because SMTP doesn't authenticate the sender. For example, I can send someone (exampleperson@example.com) an email that appears to be from 'admin@facebook.com' with one line of php code:

<?php mail('exampleperson@example.com', 'Example Subject', 'Example Message', 'From: admin@facebook.com' ); ?>

That explains spoofing of the originating address; to generate a signed email surely you would need a set of certificates.

Oops I missed that. noonat's solution seems more likely then.

Facebook is not in a position to adjudicate disputes between third parties.

When we receive an allegation of rights infringement, or a suitable report of a violation of our Statement of Rights and Responsibilities, our procedures require that we take action

That they react to allegations rather than receiving a legal order. GG Facebook, but for future reference, your one-size-fits-all justice process is not the same as not adjudicating.

I think the people that are explaining how Facebook has the right to do this, and should be expected to do this, are missing the point. This is not about Facebook's legal rights to do stuff: it's about whether it's a smart business decision to exercise those rights in certain ways.

Facebook wants to be a useful platform for its users, including companies as users. A platform is not useful if any nitwit can file an infringement claim and get a page taken down. It's in Facebook's best interest to review such claims closely enough to notice that, for instance, they have no reason whatsoever to assume that the 'Mr. Stevens' from the story is actually a laywer representing anyone. At a bare minimum, infringement claims should come on good old paper or should be cryptographically signed, in order for them to be taken seriously.

As such, this shows a serious problem with Facebooks proposition to small companies. If you use them, and use them successfully, you open yourself up for extortion. That can not possibly be something they want.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact