Hey guys - I work on Timeline here at Facebook and just wanted to chime in here. I've looked into a bunch of cases today where people were concerned their messages were showing up, but as has been pointed out in many places (e.g. techcrunch), there was no privacy violation here.
If you've kept your old emails around (woohoo gmail!), one thing you can do is go back and look for the notification email you got for a particular post that you suspect was a message. There's a date search widget that makes this easier. I suspect you'll find it was a wall post.
Another thing to note (for those that follow our technology), is that the backends for these two systems are entirely different. The messages backend is hbase-backed, designed for real-time communication more than history. The timeline backend is MySQL / C++ backed. Migrating data from hbase to MySQL would have to take months of effort.
I know that even though there was no bug here, this can be an alarming experience to see old posts surfaced like this. We're working on ways to make this interaction clearer so people aren't so surprised in the future. That said, please rest assured that your inbox is not on your timeline.
I know that even though there was no bug here, this can be an alarming experience to see old posts surfaced like this. We're working on ways to make this interaction clearer so people aren't so surprised in the future.
You ought to be doing more than that, actually. Having been an early user of Facebook, I can assure you that people viewed wall-to-wall and other types of posts differently from how they view wall posts now. No one expected their data to be exposed this way, so for practical purposes, this is tantamount to a bug or data breach from the user perspective.
Disabling this immediately for old posts or allowing users to opt out would be the right thing to do.
What a thoughtful response. I can imagine that you're having a very difficult day over there. Keep up the good work.
Personally, I'm sad that all of my private messages have been so mundane that if they got out, it would be no big deal. I just looked through and I didn't find any meaningful dirt at all. What a shame.
I don't think that private messages can transform into wall posts with such ease. This would have to be intentional, it's not a simple click of a switch that can do something like some are thinking that is occurring.
True, I wouldn't give Facebook a free pass on this alone.
Is it really so hard to imagine that somebody, somewhere fudged a query and accidentally ran [pseudo-SQL] "UPDATE posts SET type='status' WHERE type='private-message' AND date = 'x' TO 'y'"?
I'll admit, it's a bit of a stretch; but the fact that these show up as wall posts is not necessarily an indication that there is no bug.
The bug may very well be that data has been manipulated to look like wall posts.
Unless Facebook discloses that these posts were flagged as "status updates" _in an archived version of their dataset_ (specifically an archive before the issue first manifested), this information means practically nothing. We could gather from the bug itself that these were flagged as wall posts in FB's backend.
No one is giving Facebook a free pass. We currently have no evidence whatsoever of a bug. On the other hand, we do know that wall posts could not be commented on pre-2009. Informal conversations were carried out with quick exchanges of wall posts. The whole conversation could be viewed with the "wall-to-wall" link. We used Facebook in a different way back then, and the conversations reflect that. If you have email notifications confirming that a private message is now public then please let us know. So far every person to check their records has found that there was no bug, they merely forgot how Facebook used to be.
According to one Facebook employee, private messages are stored on an entirely different system (MYSQL vs HBase). This seems perfectly reasonable, and precludes the possibility of a bad SQL query leaking private messages. http://news.ycombinator.com/item?id=4567009
- Wall posts didn’t have comments in those days (nor did they have a “like” button. Can you believe it?) Conversations were all about the “wall-to-wall”.
- Chat didn’t exist, and messaging was used much less frequently. So wall posts were used for things that would be private messages now.
- Most importantly, our attitude to public wall posts was very different.
It’s the last point that’s most important. It’s hard to remember, but the current massive controversies around social media privacy were barely on the radar a few years ago. The subsequent change in attitudes is partly due to Facebook making their platform more “open”, and partially due to raising concerns amongst users.
For example, you didn’t have to worry about your posts being read by the general public – that wasn’t even an option back in 2008. You did, of course, have to worry about your mum reading about your drunken misadventures. But even that felt like much less of an issue than it does now. People hadn’t yet learned to self-censor.
The best analogy I can think of: old Facebook was like having some friends around at your own house. Though you probably wouldn’t prance about naked or insult people to their face, you’d feel comfortable dressing down or trading off-colour jokes. New Facebook is more like a social gathering in a public place – still friendly and informal, but you have to be much more careful to present a respectable image and avoid saying anything offensive.
I think Zuck was right when he said that people would adapt to a world with less privacy and more “transparency” – people adapted, and became more polite, bland and inoffensive as a result. “I never would have posted something like that on my wall”, they say, and really mean it.
This seems to be anecdotally confirmed by multiple people here. To me, if true, this screams of a broken engineering culture inside Facebook, where the model for data privacy and security is secondary, not primary. If this is indeed verified, no one should ever use Facebook for anything truly private, regardless of what apologies or excuses are made.
It is difficult to think of something like this, where private emails are accidentally disclosed publicly en masse, happening with gmail (or any other email service).
If it is indeed verified I would be the first one to jump on the bandwaggon and delete the account and tell others to do so. But so far I have not seen anything to verify it and more reports on Facebook claims that it is indeed old user to user wall posts (something I remember and used in the past personally) just showing up from people now liking them which at the time they didn't have a like button.
Regardless of what the actual situation is, if these posts are being brought to people's attention by friends because they seem sensitive and are now more prominent than they once were, isn't that a concern in and of itself?
Good point. Mass hysteria being used as a carrier for sudden bursts of clarity would be an interesting phenomenon in itself. Thousands of people suddenly realizing "Oh god, what have I been doing?"
Edit: The more I read about this, the more it seems to me that this is what is going on. I think this has interesting implications for the "Privacy is dead" attitude. It suggests to me that, contrary to popular belief in some circles, people are not ok with their diminished privacy.. they just haven't been thinking about it.
I wouldn't put this on the users' lack of clarity as much as I would blame Facebook for changing the course of it's features so much so that this is now happening to people. People were using the site as it was once intended and we can't blame them for being infuriated when the logic behind that usage changes. To me it's no different than Quora deciding to make all of your posts public without the chance to opt-in, except because of Facebook's privacy settings mess, it isn't easily reversible without severely crippling the content you've posted over the entirety of your account's lifespan.
Think about what you're asking for here. You are essentially asking to compound the error facebook made by making a screenshot of their private communications and posting it on yet another open forum.
That's like asking a rape victim to show her bruises publicly or you won't believe it. Pics or it didn't happen applies to lots of stuff but when there are a lot of people with pretty good reputations making the exact same claims then you might want to give them the benefit of the doubt.
Facebook is not above making mistakes and the number of people right here that make these claims is too large to simply be ignored or waved away. Clearly something has changed for some people, now the question is how many people are affected and what can be done about it.
It was the best I could come up with on the spur of the moment but I should have thought about it a bit longer. The weirdness of the request is what angered me to the point of being careless with words.
It's pretty easy to redact a message so as to show they are the same message but without giving away sensitive info. Hell, some of these are probably benign messages like "sure meet you there" or something anyway. Your analogy is ridiculous.
Yes, but 'sure meet you there' wouldn't be quite juicy enough to satisfy the 'that was not private enough so therefore it wasn't a private message' crowd.
With the way sharding works I wouldn't be surprised if the whole thing was real but only affected an extremely small portion of the users, and in such a way that stuff that had been pushed into the mists of time made it back to the present somehow. That alone would qualify as a bug, the fact that facebook would shine the spotlight on old data like this is worrysome all by itself. If the data was private or in some other way hidden from normal view and suddenly given a much more prominent spot without the users being made aware of that ahead of time then that would be much more serious still.
"Yes, but 'sure meet you there' wouldn't be quite juicy enough to satisfy the 'that was not private enough so therefore it wasn't a private message' crowd."
The whole point of showing it next to a screenshot of the email or the message in the private inbox is to confirm that it is PRIVATE regardless of the actual content. There might be somebody out there who has an unusual interest in other people's private messages, but I think the vast majority of people are looking for something a bit more real than "this happened to me."
You heard it here folks, an engineering bug that didn't actually happen is tantamount to rape. Perhaps we should stop referring to them alleged bugs and start calling them rapes. I'm sure the rape victims in the audience would love this idea.
Well it IS happening, and it's spreading. People are pissed.
I found private messages published. And no, no pics because, you know, they were supposed to be private. And I am very careful on the matter. I am very annoyed to see it downplayed.
Keep in mind that facebook's engineering philosophy is to push new code out every single day. This means that there is little to no QA on code push. Every engineer takes responsibility for their own code push and because people are human they mess up from time to time. I don't think this means that the culture is broken... there are simply pros and cons to on the fly site builds.
It looks like it's only for old messages. My guess is that what happened is that they migrated some old messages to a new model. Maybe they had a mess of different old models, and some of them where converted to the wrong kind. I guess they were not careful enough with it, I just hope they will be able to revert it...
i can confirm this too. 3 private message threads from 2009-2010 were on my wall with the privacy set to "friends". these were conversations right out of my private messages (which were also in my private messages).
i'm deleting every facebook message as a result of this, which isn't easy as it has to be done one by one.
i am in the US, but my UK friends are the ones who alerted me to it, as it was happening to them as well.
Same here, my wife just called me crying because a large number of very private conversations she had with friends in the past are now visible on her timeline.
Is the quickest option a manual delete? She is freaking out.
Edit: I have set her privacy as strict as I can for now, but having pressed her on the topic, it isn't entirely certain that these messages were ever private.
My comment to her was that even if they were always on your wall, you (in hindsight) don't think they should have been. Don't let Facebook convince you that you are wrong to have thought differently. Facebook's model doesn't work like the arrow of time, memories and conversations don't fade out naturally and disappear, they just stay there permanently. And today, your present self wonders what you were thinking that made you post that. When you add that to the fact that your social graph on Facebook was different 5 years ago than it is today, it makes sense that you naturally think certain things should have been private.
In other words, you weren't fit in 2006 to know what in 2012 you would regret having posted and you aren't fit in 2012 to know what you are going to regret in 2018.
If you really are freaking out about stuff that your past self thought should be known to the world, then do your future self a favor and stop putting your life on Facebook.
Had the same problem as well. About 10-15 private messages were shown on my timeline form 2008-2009. I've hid my timeline so only I can see it for right now until it's fixed. Seems like an quicker /easier than deleting the messages.
Same thing here, I'm French and lots of my friends are having the bug as well. Lots of mention in the online newspaper too.
I think once it's obvious that it's real, it's going to be a big deal for Facebook...
It's no coincidence that people that have tried to verify this by comparing to email notifications have posted as much, and people that have "confirmed" based on memory have yet to do so and post the result of their verification.
Do not trust your memory. Do not trust your assumptions. Just because this is plausible and everyone is claiming to be affected by it is not proof that it is in any way true. Check your notifications and find real evidence.
No one in here has even claimed to have confirmed this with email, let alone posted any evidence.
What can one do? They aren't a government entity -- you can't vote management out or change policies. They aren't regulated -- you have no complaint procedures or escalation mechanism. The best you can do is yell at them. They will gladly laugh at you through their young-and-rich-and-by-the-way-fu billionaire eyes.
If they decide to make public every thing you've ever written in rolling 10 year intervals there is nothing you can do to stop them.
The public has no idea how much can go wrong giving one entity essentially a copy of their entire private lives.
The Data Protection Act 1998 would presumably apply in the UK and Ireland, and the EU has a data protection directive. My expectation would be that they could not disclose everything without consequence.
So TC have basically rewritten their entire article rather than add an update but anyway.
It's probably not private messages - but it is messages that people think should be private TODAY. But it doesn't really matter - it's perception that matters here. And also I guess this is an illustration of how people's attitudes to FB have changed over time.
"I would NEVER have shared this publicly." they say. But either they did, and now don't trust FB in the way they used to. Or they didn't and there's a bug. Neither are good for FB's brand.
Oh its false and not real, did that even occur to you or is your hate of facebook so intense that this possibility that users could be mistaken is just not possible. You know the very same people who gladly give up a ton of personal information on line to any one in the first place and stupidly trust corporations with personal information. I mean really is it impossible that these very same users could be mistaken with regards to old wall to wall posts?
You seem to have misconstrued the parent comment; he was talking about trusting FB (and by extension the media outlets that are reporting their statement as fact) over his social contacts on this issue specifically.
For a community that is usually quick to dismiss anecdotal evidence and fear, uncertainty, and doubt there seems to be quite a bit of all of the above going around in these comments.
Given the update on the Tech Crunch article, and the fact this is regarding wall posts from three years ago (which people probably don't have the best recollection of) my two cents is for those that believe that this is affecting them to temporarily deactivate their FB account, and the rest of us wait until we see some follow up blog/news posts with hard evidence before we start yelling that the sky is falling.
I see a few messages on my timeline; thankfully they are all _really_ unimportant. (One liners like "hey thanks again.", etc.)
In principal, though, this bug shakes me to the core. Had it chosen to sample posts from 2010+ rather than 2008-2009; hell, I could easily be out of a job, or be dealing with some very upset family members.
This is unacceptable; it violates any shred of trust I had left in Facebook as a platform.
Can at least one person making these claims actually show any real proof about this? Just one person. I mean if its such a major flaw and verifiable I would expect at least one screen shoot showing this to be the case.
"TechCrunch has investigated more, and we have found no evidence that the allegedly exposed posts were actually private messages. Their email receipts show they were in fact wall posts, and the posts do not appear in users’ Facebook Messages inbox.
Facebook also says in no uncertain terms that there is absolutely no privacy bug. What people are seeing are old Wall postings, not private messages. A spokesperson tells TechCrunch:
“Every report we’ve seen, we’ve gone back and checked. We haven’t seen one report that’s been confirmed [of a private message being exposed]. A lot of the confusion is because before 2009 there were no likes and no comments on wall posts. People went back and forth with wall posts instead of having a conversation [in the comments of single wall post.]
A small number of users raised concerns after what they mistakenly believed to be private messages appeared on their Timeline. Our engineers investigated these reports and found that the messages were older wall posts that had always been visible on the users’ profile pages. Facebook is satisfied that there has been no breach of user privacy.”"
This is why real reporters actually check into news stories first before publishing. I have yet to find a single shred of evidence anywhere that shows this has been verified and repeated. And I've been looking pretty hard for the last 30 minutes.
They aren't confirming anything. People are looking at wallposts and thinking/remembering they are private messages, but everyone that has tried to verify using email notifications has found only wallposts. Until someone shows that a verifiable private message showed up publicly, than there's no reason to continue spreading this. If it's a problem, it can easily be confirmed. Even Techcrunch, who criticised Facebook's response have now backpedaled.
yup due to a friend that puts way to much value in posters opinions here vs using logic and his own mind. People are jumping the bandwaggon of facebook hate on something that isn't verified based on reports that make a lot more sense that its old wall to wall posts and not personal messages. The lack of any real evidence including from those posting here that can confirm yet cant show screen shots of this is just more cause of concern this is just bandwaggon hopping. I have no love for facebook. None at all. But I am not going to go nuts over something that isn't proven in the slightest.
To me it looks that they were trying to buy some time. Trying to slow down the propagation of the story. But I think by now it's not fixed and it's obvious that it's very real, they will have to find something else...
I too thought I found private messages on my timeline. But it turns out they were indeed wallposts. It shows how much facebook has changed from a friends-only environment where you used the wall of people for semi-private chats, to a place where you have to be carefull and try to present yourself in a decent manner. Noone would ever use the wall in the same way it was used back then.
I 100% think that this is what is happening. Before Facebook's chat feature became as prominent as it is, the number of 'trivial' wall-to-wall posts was very high, such as 'hey, what what you been up to?' or 'Thanks again'. These posts look like 'messages' because these days you would normally just send it as a message.
Yeah, I'm really certain too. Some of them seem surprisingly private though, so no wonder people get scared. It's still a bad thing that friend banter from long ago suddenly shows up for all your new friends / colleagues / family to see...
This is exactly what I'm seeing. I just spent half an hour on the phone with my friend going over public posts from 2007 saying "WOAH, did we _really_ say that in public?". Every one was public. There were no examples of private messages showing up.
Wow, a few weeks ago I was joking that if Facebook went through my private messages, I wouldn't be surprised, based on how scummy they've behaved in the past. Now apparently they've done this, except also shared everything with the whole world. I don't think I have to say this, but this is totally, 100% unacceptable. Back then I was using FB almost as a personal e-mail; the consequences of something like this could be cataclysmic. Can you imagine having your personal email "accidentally" posted to the general public?
This is where someone typically parrots:
"If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place." -- Eric Schmidt; Executive Chairman, Google, Inc.
To which I reply: I'm sorry, but my personal matters are personal _expressly because_ I've found people to be ignorant, bigoted, biased, or otherwise untrustworthy when it comes to matters of my identity.
The fact that I could lose my job because of my thoughts on cannabis prohibition? Or that I could be disowned because of my political and [lack of] religious tendencies? These things are private not because they're wrong, Mr. Schmidt. They're private because _someone_ thinks they're wrong; and _someone_ is making decisions that could impact _my future_ by judging what's publicly available.
I can no longer trust Facebook to be a secure messaging platform, which is basically all I used it for. I'm going to take charge of my web presence to whatever degree I can. I'm done letting large corporations abuse my data for their own gain, only to have shit like this happen.
Q: People are treating Google like their most trusted friend. Should they be?
A: I think judgement matters… If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place. But if you really need that kind of privacy, the reality is that search engines including Google do retain this information for some time, and it’s important, for example that we are all subject in the United States to the Patriot Act. It is possible that that information could be made available to the authorities.”
Haven't seen concrete evidence yet though...I went ahead and looked through some profiles and there's stuff that looks very revealing, as though it were a private incoming conversation but then every time I click on them, the convo box expands and I can see that people 'liked it', meaning it was public from the start.
Does anyone actually have real evidence? Maybe a screenshot of a message that CLEARLY is private and in no circumstance would they have forgot posting it on a wall THREE YEARS ago?
Not true. This is the source of all the confusion. Originally you couldn't like or comment on wall posts. Conversations were individual posts on each other's walls. You could click the "wall-to-wall" link to view the whole conversation.
This system gave conversations a different feel, and is now causing people to confuse them with private messages.
I seem to be mistaken. However I was twice as stupid because I have hidden all these messages, and now I can't recover them on my timeline. I don't find them in my activity log (not under "hidden" nor "all"). Strangely, if I update my status and make it "hidden" in my timeline, it shows under "hidden" in the activity log...
i went to check my fb timeline and indeed some messages between 2008-2009 DO look like they must've been private messages - people writing their home addresses and phone numbers and similar stuff.. i doubt these were public wall posts to begin with .. i can't find any old fb notification emails as i am deleting this things, unfortunatelly. but i does feel a bit scary :|
One thing I'm walking away from this incident with is a better understanding of the power of the Facebook PR machine. I would be interested in a timeline of how this whole process unfolded... too bad only companies like Google and Twitter will ever know for sure how it all spread.