Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Privacy Hacking Worse Than PR Flacking

Roblimo posted more than 3 years ago | from the one-day-the-cool-kids-will-all-leave-Facebook dept.

Privacy 59

Here's frequent Slashdot contributor Bennett Haselton who writes "Facebook apparently hired a PR firm that tried to seduce some pundits into writing negative editorials about Google. The 'attack angle' would have been that Google was endangering users' privacy by scraping information about users from Facebook and making such information easier to find with a Google search." Hit the link below to read the rest of Bennett's story.

The reliably cynical Seth Finkelstein commented that the attempted editorial-planting was just "often implicit dealing made explicit", (i.e. that pundits are drafted as fronts for corporate publicity campaigns like this all the time, and that the PR firm in this case spoiled the game by rudely blurting out the terms of the deal, like a guy offering to buy a girl dinner if she'll sleep with him). Steven Levy of Wired opined that with regard to the privacy issues, Facebook was the real villain for exposing information in the first place that many users would rather keep private.

Some perspective here: In 2008, I was corresponding with a high school student (using one of the Circumventor sites to get around their local school Internet blocker, naturally) who mentioned that he was able to see all the personal information of other students in his Facebook high school network -- including email address, phone number, and home address, if the user had uploaded that information to Facebook -- even if those users had not confirmed him as a friend. (Facebook allows users to join one or more "networks" indicating their school affiliation, workplace, city of residence, etc. -- such networks are distinct from Facebook groups and fan pages.) Double-checking with a few more users in the same network and in other high school networks, we found that it really was possible for any member of a high school network to view the profiles of any other member of that high school network and see all of their personal information.

Unlike other types of "networks" on Facebook, it is not possible to join a high school network simply by specifying it in your preferences. However, all of the students that I corresponded with said that in order to join their high school networks, they simply had to request to join the network, and then get a friend request confirmed by an existing member of that high school network. Which means that conning your way into the network would be easy: either (1) create a profile with the name and photo of a real student at that school, and send out friend requests to that student's friends, hoping that one of them would confirm you (not remembering that they had already friended that person under their real account), or (2) create a profile with a hot girl's picture and send out random friend requests to a bunch of guys in the network. Once you got confirmed, you'd have access to all the personal information that any student in that high school had posted on their profile. (I hasten to add that we did not actually try either of these things, but it stands to reason that it would work, since it wasn't functionally any different from what all of those students actually had to do in order to join their networks in the first place!)

I sent a message to Facebook's security team about this, and got a non-form-letter response from a real person -- their reply, however, was that this behavior was by design:

We believe this allows for greater sharing and helps make the site more useful for people, though we also recognize the potential for misuse. That's why we've built a peer verification system around the joining of high school networks. We also use automated systems to detect and flag anomalous behavior, like lots of messages sent to non-friends or a high percentage of ignored friend requests.

Smart, but probably not secure enough. For one thing, if someone is creating disposable accounts to send out friend requests in hopes of getting into a high school network, it only has to work once, so even if most of their accounts get flagged for "anomalous behavior," they only need one that doesn't get flagged. And even if that account does get flagged and cancelled later, by that time it might be too late, if they've already grabbed enough users' information. In any case, some time between 2008 and 2011, Facebook did change the behavior of high school networks so that members can no longer see the personal information of other members without a confirmed friend request. But this loophole was not that difficult to find, and it's likely that at least a few other users had discovered the same issue.

Now, imagine what would have happened if Facebook had announced that, for a fee of a few hundred dollars, they were offering CDs for sale containing the names, addresses, mobile phone numbers, and instant messenger names of all the high school students on their site (along with, of course, all the photos those students had posted of themselves). It goes without saying that after the class action lawsuits had finished, there'd be nothing left of the company but a smoldering crater. Now, I'm not suggesting that Facebook's security policy for high school networks was anywhere near as bad as selling CDs with all the personal information of their high school users, but it's worth thinking about why it should not be considered as bad. In either case, anybody willing to spend a few hundred dollars (or, equivalently, a few hundred dollars' worth of effort -- the effort to discover the loophole, and then to crank out the friend requests) could obtain the personal information of as many high school students as they wanted. What's the difference?

Well, obviously, there's the message that it would send if a company like Facebook offered to sell CDs full of users' personal information. It would lower the bar for future behavior by similar companies, it would make users extremely cynical about trusting the motivations of social networking sites, and in the long run it might even cause courts to decide that users had no reasonable expectation of privacy when joining those sites, because it was "common knowledge" and "common practice" that those sites offered up people's personal information for sale! On the other hand, if Facebook makes that information available indirectly through "benign neglect" -- by, for example, forcing you to create a fake high school profile and send out a bunch of friend requests and create a new profile from scratch if your first one gets canned -- that's far less likely to cause the side effects I just listed. MySpace is not going to get the idea that it's OK to start selling CDs of users' personal information because, hey, Facebook let people pry out the same information if they jumped through enough hoops.

But what this means is that fairly mild privacy issues, if they arise as a result of deliberate choice by a company like Facebook, are likely to get more press attention than far more serious privacy issues that arise as a result of benign neglect. Because when Facebook makes a deliberate choice that affects user privacy (like sharing users' preferences with Pandora), the pundits and the public are reacting to the direct privacy implications of that action, plus all the auxiliary issues, like the "message" that it sends, and the precedent that it sets for future actions by that company and other companies. Whereas if an issue arises as a result of neglect (as in the case of PlayStation Networks users' credit cards being stolen), people are reacting only to the direct privacy implications of the incident, so the issue has to be much more serious to get the equivalent amount of press.

For example, the right reason to be concerned about Facebook sharing users' personal information with Pandora, was the principle that it violated -- if users say "no" to sharing their personal information, Facebook shouldn't be allowed to switch that choice unilaterally. But as for the practical implications -- come on. Facebook and Pandora are both big faceless corporate behemoths as far as we're concerned, so why would we trust one with our personal data but not the other? Besides, what if Facebook had simply bought out Pandora? Then they could share all of our personal information with all the employees of the newly merged Facepanbookdora, and the exact same people would have had access to the exact same data, but it wouldn't have violated the agreement against sharing information with "third parties," because they wouldn't be a third party any more.

When I first found that email addresses of Ameritrade customers had been obtained by a pump-and-dump stock spammer, I was sure (as were most readers, probably) that Ameritrade was not deliberately selling its customers' email addresses; I figured that they had simply left their database inadequately secured, and some third party had broken in and stolen it. On the other hand, because the incident happened as a result of benign neglect and not deliberate choice, I figured the incident would not garner much press as a result, and that seems to have been the case -- the wholesale thievery of Ameritrade customers' personal information by financial criminals received far less press attention than, say, Facebook's decision to change their privacy policy so they could share information with Pandora.

What this means is that if you're an ardent cyber-rights hippie like me, then yes, you should care about the privacy issues that set the blogosphere afire, even if they're fairly minor privacy issues that are magnified out of proportion because they speak to the deliberate intentions of the companies involved. It matters that Facebook decided one day to share our music preferences with Pandora, even if it doesn't hurt anyone.

On the other hand, if you simply care about threats to your personal privacy, then you should heavily discount the noise being made about deliberate choices taken by companies like Facebook, and pay far more attention to dangers of benign neglect by the company guarding your privacy, when that benign neglect is exploited by malicious outsiders. If you have a stalker and you're worried about them finding your Facebook profile, it makes no sense to be worried about Google scraping the information from the public version of your Facebook profile, if it's the same information that your stalker would be able to see anyway if they were logged in to Facebook themselves. It's far more likely that your stalker would try to exploit a weakness in Facebook's privacy settings -- for example, ingratiating themselves with one of your Facebook friends and getting them to accept a friend request, so that they can then see any information on your Facebook profile that is viewable to "friends of friends." Maybe you knew about that already, but if you didn't, you wouldn't know it from reading all the punditry about the Facebook-Google kerfuffle.

cancel ×


Sorry! There are no comments related to the filter you selected.

Bennett Haselton Wikipedia Article?! (5, Interesting)

eldavojohn (898314) | more than 3 years ago | (#36217420)

This is sort of offtopic but did anyone else find it odd that the bulk [] of edits for Bennett Haselton's wikipedia article are made by Reservoirhill alias Hugh Pickens [] alias pickens [] alias Reservoir Hill [] alias Ponca City, We Love You [] ? Nearly all of the content from that article [] originates from Hugh Pickens and also one of the other editors is the Seth Finkelstein mentioned in today's contribution to Slashdot.

Hugh Pickens is a prolific contributor to Slashdot and I am thankful for his submissions but it is my humble opinion that this sort of ... wikipedic inbreeding? wikinepotism? ... somewhat deteriorates Wikiepdia's credibility. Should an encyclopedia have an article for Bennett Haselton or is he just friends with the right people inside Wikipedia?

In response to the discussion, Facebook has always been about violating privacy first to make cash and then asking the users what was wrong after it was violated. Remember when the news feed went live unexpectedly and was by default enabled? People were up in arms and privacy was the big discussion point but here we are today with everyone using it. Sometimes it works out for Facebook, sometimes it doesn't. They just too big to care about individual privacy and if they can make cash by sacrificing it, they will. Only after enough kick back will they change it.

"Deteriorates Wikipedia's Credibility" ??! (2)

RobotRunAmok (595286) | more than 3 years ago | (#36217584)


Re:"Deteriorates Wikipedia's Credibility" ??! (1)

plunderscratch (2169382) | more than 3 years ago | (#36217748)


... unless credibility can be expressed as a negative value!

Re:"Deteriorates Wikipedia's Credibility" ??! (2)

FatdogHaiku (978357) | more than 3 years ago | (#36219664)


... unless credibility can be expressed as a negative value!

In which case I believe you are required to register the organization as a major political party.
On the up side you can then commence the solicitation of funds to support your noble efforts. Oh, wait...

Re:"Deteriorates Wikipedia's Credibility" ??! (1)

ashidosan (1790808) | more than 3 years ago | (#36220270)

credibility can be expressed as a negative value

Citation needed.

Facebook and privacy? (4, Insightful)

LWATCDR (28044) | more than 3 years ago | (#36217822)

I always find it amusing when people get upset about "privacy" on Facebook. Why can't people get that their is no such thing as privacy on Facebook? It is a public website and is for sharing. What people want is just a little privacy. They want Facebook to show what they want to show to who they want show it too.
That maybe asking too much. I mean really just go with the idea that Facebook is a public place and only post to it what you want to be seen in public.
Now what your friends do is a different story. Buy hey they could be posting that picture of you from that strip club on the bathroom wall.

Re:Facebook and privacy? (1)

overlordofmu (1422163) | more than 3 years ago | (#36218108)

You are right on the money. No mod points so a "word up" to you!

Personally, I solved the facebook privacy problem. I cancelled my facbook account, but not before I found about two dozen friends from college that I had lost track of. It was very useful to reestablish contact, but of little use after that.

Re:Facebook and privacy? (0)

lucm (889690) | more than 3 years ago | (#36218240)

> Why can't people get that their is no such thing as privacy on Facebook?

Yeah, that's what I told this guy who was all upset because I downloaded all the pictures of his 9 years old daughter.

> I mean really just go with the idea that Facebook is a public place

I totally agree, Facebook is a public place, like school yards, and privacy is like a restraining order, it is a violation of my civil rights.

Re:Facebook and privacy? (1)

NoSig (1919688) | more than 3 years ago | (#36218612)

Needs more effort.

Re:Facebook and privacy? (0)

Anonymous Coward | more than 3 years ago | (#36219804)

Agreed. I give it a 2/10. Troll harder GP.

Re:Facebook and privacy? (0)

Anonymous Coward | more than 3 years ago | (#36219146)

I have a nine year old daughter, and I would not be opposed to anybody downloading any pictures of her that I've posted in a public place. I made that determination before I posted them,. Facebook is no different than any other website in that regard.

Also, despite your sarcastic fear-mongering, I don't have a problem with people *gasp* SEEING KIDS in the PLAYGROUND.

Re:Facebook and privacy? (1)

LWATCDR (28044) | more than 3 years ago | (#36220954)

Not even annoying much less entertaining.or infuriating, you suck at trolling you should go read CNN comments for some pointers.

Re:Facebook and privacy? (1)

lucm (889690) | more than 3 years ago | (#36223384)

The tendency to whining and complaining may be taken as the surest sign symptom of little souls and inferior intellects.
  -Lord Jeffrey

Re:Facebook and privacy? (0)

Anonymous Coward | more than 3 years ago | (#36219188)

I always find it amusing when people get upset about "privacy" on Facebook. Why can't people get that their is no such thing as privacy on Facebook?

Because Facebook told us when we signed up that there IS such a thing, and that they would respect our decisions regarding it, and we think it would be kind of nice if they would stick to that.

Re:Facebook and privacy? (1)

LWATCDR (28044) | more than 3 years ago | (#36221126)

Really where is this promise of privacy of which you speak? I have seen some settings but I have seen no such banner saying things would be private.

Re:Facebook and privacy? (1)

Riceballsan (816702) | more than 3 years ago | (#36219988)

Well I do agree on that for adults, I think the weakness however is the false sense of security the fact that teens think that only their friends can see when they are posting their schedules, where they will be when etc.... What's worse is the parents don't know either. Facebook has a pretense implying security and privacy that many parents and teens don't realize how weak it is and set things wrong.

Re:Facebook and privacy? (1)

LWATCDR (28044) | more than 3 years ago | (#36221102)

You see that is a new problem. You see never before in human history have teens been so dumb as to put themselves in dangerous situations. IT is sad that things have changed so much that parents have no got to keep up with potential dangers so they can help teens make good choices.
What is the world coming to.

All kidding aside back in 1982 when I was in high school a kid a knew went to a local pond and got drunk. He then got a a rope swing and swung out and back and hit the tree fell in the water and died. Young people making bad and unsafe choices and tragic outcomes are nothing new. Of course I didn't think my parents had a clue and teens today don't think adults today have a clue. It boggles there mind that at this time of their life they have the power to make a bad choice that can destroy not just their life but others as well. That is why the transition from child to adult has always been a very hard time for people. As to Facebook pretending I don't think they really are. I think for a public site it has more controls than most but what people need to get is this is a site for sharing information. Only post what you want to share and you will have no problems. As to the problem with your friends posting something that gets you into trouble. Well guess what that old saying that goes back for how long looks to be true. "You are know by the company you keep".
All the problems people have with Facebook would be solved if you just followed the advice parents have been giving to people for years.
1. Don't act like a fool in public.
2. Don't hang your dirty laundry out for the world to see.
3. Choose good friends.
I am not a fan of living your life in a fishbowl but if you jump on Facebook you are putting yourself out their for the world to see. I will add a new rule for the 21st century.
4. Don't expect anyone to care as much about your privacy as you do and do not expect anyone to make anymore effort to protect your privacy as you do.
And one last one.

Re:Facebook and privacy? (1)

knorthern knight (513660) | more than 3 years ago | (#36221794)

> 3. Choose good friends.

Not that easy. Today's straight A honour-roll student may get hooked on drugs next year. The quiet guy in accounting may have a large stash of child porn at home, and get raided 2 weeks after you accept his "friend" request. And how many murderers seemed like such nice guys to the whole town?

About the only way out is not to join Facebook in the first place.

Re:Facebook and privacy? (1)

LWATCDR (28044) | more than 3 years ago | (#36222248)

True and I don't encourage people to abandon friends in trouble. But if that drug addicted friend asks you to a party... And not getting on Facebook will not solve it. All it takes is a "friend" to get a picture of you doing something stupid to hurt you. It doesn't even have to be doing something stupid. A young lady at a sleep over could end up with a picture of her in a state of dress that she wouldn't be comfortable with being published for the world to see.

Re:Facebook and privacy? (1)

Threni (635302) | more than 3 years ago | (#36222126)

You might not be able to have privacy on Facebook, but that doesn't mean it's not possible. I'm waiting for a reputable company like Google to do something similar, but with all default settings to be `go away; don't share; whitelist only' so that you're completely invisible other than to people you actually want to correspond/share updates with. If Google did it there'd be no reason it couldn't have free Skype like voice (and video, if anyone actually gives a shit about that) chat. Etc.

Facebook got there first. Great - good for them. But it's shit, with a confusing, unintuitive UI and I've no interest in it. Sites don't last forever. Friends reunited...myspace... here today, gone tomorrow when something less crap comes along. It's not hard to imagine something more secure, private and less of a mess than Facebook usurping it.

i believe the phrase is 'conflict of interest' (1)

decora (1710862) | more than 3 years ago | (#36217966)

and/or "incestuous".

Re:Bennett Haselton Wikipedia Article?! (1)

ohnocitizen (1951674) | more than 3 years ago | (#36218066)

Nothing to see here, Hugh Pickens is just extremely notable and well sourced.

Re:Bennett Haselton Wikipedia Article?! (1)

mrex (25183) | more than 3 years ago | (#36218650)

I don't know the /. team or Mr. Haselton personally. I remember Bennett's name and work on Peacefire and other projects way back in the 90s, though. He's of course also been a frequent contributor here with timely electronic civil liberties news. The Wiki article about him has merit for me, but can't speak for anyone else.

FF (-1)

Anonymous Coward | more than 3 years ago | (#36217428)

Fuck Facebook

it's not google's fault (5, Insightful)

Anonymous Coward | more than 3 years ago | (#36217434)

Look people, it's a search engine. It searches everything it has access to. It's up to the content providers to police what is accessible or not-accessible. What is this, some kind of nanny state?

Re:it's not google's fault (1, Insightful)

commodore6502 (1981532) | more than 3 years ago | (#36217540)

+1 insightful.

Instead of facebook complaining about google caching public information, THEY should be making sure the information is not public to non-logged-in visitors (like googlebot).

Re:it's not google's fault (1)

memojuez (910304) | more than 3 years ago | (#36218050)

They are complaining about Google to deflect the blame or owning up to their deficiencies. It was not all that long ago that /. reported that Facebook was teaming up with Micro$oft to go against Google. [] So Google is their ideal candidate to blame.

Re:it's not google's fault (3)

makomk (752139) | more than 3 years ago | (#36217988)

Not only that, but all the information that Facebook was trying to get the media to write articles about Google abusing user's privacy by accessing is (as far as I can tell) information that Facebook considers to be public - which means that they don't let you hide it from the world, are quite happy to sell it to advertisers, etc. Facebook's attempts to smear Google were totally and utterly dishonest from the start: their position is that you have no reason to keep any of this information private, at least when they're the ones making use of it.

Re:it's not google's fault (1)

VortexCortex (1117377) | more than 3 years ago | (#36219018)

Yeah, besides, it's not like Google was trying to hide the fact they are crawling any Internet site -- The user agent is:
Googlebot/2.1 (+
Mozilla/5.0 (compatible; Googlebot/2.1; +

Many sites actually show more information if they detect the Google bot to increase their search rankings.

Later, If you click the search listing and can't see what the bot saw, in most cases, it's not because the search database is out of date, it's because of a pay/register wall bait & switch. Protip: Firefox plugin User Agent Switcher [] will sometimes let you in with the "right" user agent (if the site doesn't also check IP addresses).

My point is that Google is distributed -- they could hit a site from a different IP range and use a different User Agent string (ie pretend to be Chrome or FF), to hide their identity but they are not... (This is actually how Google detects bait and switch type links).

It's hard to fault a web crawler for crawling the web. This is especially true in Facebook's case since Facebook promotes all those external links back to Facebook pages via "like this" and "follow us on Facebook" links.

When you find the mouse trap has sprung, do you complain that the bait is gone?

Re:it's not google's fault (1)

Anonymous Coward | more than 3 years ago | (#36218238)


User-agent: Googlebot
Disallow: /ac.php
Disallow: /ae.php
Disallow: /album.php
Disallow: /ap.php
Disallow: /feeds/
Disallow: /l.php
Disallow: /o.php
Disallow: /p.php
Disallow: /photo.php
Disallow: /photo_comments.php
Disallow: /photo_search.php
Disallow: /photos.php

I don't see the problem here.

Re:it's not google's fault (1)

houghi (78078) | more than 3 years ago | (#36218826)

It would have been great if the default for search engines would have been opt-out and only if you want it to be opt-in then it would be opt-in.

Unfortunately too late for that now.

Re:it's not google's fault (1)

theArtificial (613980) | more than 3 years ago | (#36223952)

It would have been great if the default for search engines would have been opt-out and only if you want it to be opt-in then it would be opt-in. Unfortunately too late for that now.

No it's not, simply refrain from placing things you don't want accessed by all in publicly accessible locations. Your opt-in is implicit when you share something on a webserver. "I've made my information freely accessible to all, but I don't want it accessible by some." The issue is that search engines are part of the 'all'.

This reminds me of a PHB/CFO at a web hosting company I worked for during the recent real estate bubble who was bothered that another company was accessing listing information on one of our client's sites. I'm aware of licenses with data and copyright, however my point is the lack understanding with the underlying technology.

I imagine one hypothetical implementation of your opt-in would require anyone (not just search engines since they don't always identify themselves) who accesses a website to request access similar to an email spam guard system (Earthlink?). The admin or whomever then chooses to whitelist or deny the request and the user is notified. It sounds like a complete step backwards for users. However you could pitch this to countries which have interest in restrictive firewall tech and lobby/mandate having the access control mod installed on all servers operating within its borders or doing business with nationals.

Re:it's not google's fault (1)

gad_zuki! (70830) | more than 3 years ago | (#36219476)

Not to mention, Facebook's TOS is that you must use your real name when creating an account. If FB cared one whit about privacy it would let people uses aliases. It really is incredible how ghetto and scammy FB is with their tactics and policies.

Short version (1)

Anonymous Coward | more than 3 years ago | (#36217504)

If you have a stalker and you're worried about them finding your Facebook profile, it makes no sense to be worried about Google scraping the information from the public version of your Facebook profile, if it's the same information that your stalker would be able to see anyway if they were logged in to Facebook themselves. It's far more likely that your stalker would try to exploit a weakness in Facebook's privacy settings -- for example, ingratiating themselves with one of your Facebook friends and getting them to accept a friend request, so that they can then see any information on your Facebook profile that is viewable to "friends of friends."

Basically, beware of both grand intent -- Facebook selling information -- and what the author calls 'benign neglect' -- lackluster security leading to abuse.

Re:Short version (0)

Anonymous Coward | more than 3 years ago | (#36217620)

If you really mean to lock down your facebook profile and leave anything open to "friends of friends" you're a retard anyway and you'll get what you deserve.

Re:Short version (0)

Anonymous Coward | more than 3 years ago | (#36217714)

If you use facebook you're a retard anyway and you'll get what you deserve.

Fixed it for you.

Re:Short version (0)

Anonymous Coward | more than 3 years ago | (#36220246)

or how about actually using the privacy settings. For instance if you make a photo album and then white list it to three people. Anyone with the link at the bottom of ever album can still see the pictures (if they use the link but not if they search manually). In theory that link is for your 'friends who don't have facebook'. But considering how obsessed [] the world is with facebook, 90 times out of 100 when I send someone a picture the first thing they ask is if I can upload it to facebook. Why is the biggest and (i'm pretty certain) most penetrated social media platform trying 'so hard' to accommodate people who aren't in it especially to the detriment of my privacy. Even YouTube knows how to properly allow me to make a video private never mind the hassle of having to know everyone's YT name if I want maximum privacy. At least it's an option. FB keeps talking about their privacy settings and yada yada yada but when a simple link completely loop-holes them all the talk is pointless.

WTF? (4, Insightful)

Anonymous Coward | more than 3 years ago | (#36217548)

Google was endangering users' privacy by scraping information about users from Facebook and making such information easier to find with a Google search.

Isn't that the whole point of a search engine... to scrape publicly listed information?

On the other hand, apart from Facebook account names, there's almost no valuable information there.

Re:WTF? (1)

VortexCortex (1117377) | more than 3 years ago | (#36219446)

Not to mention, the Googlebot user agent is announce BEFORE Facebook willingly gives Google the data.

Googlebot: Hi Facebook, I want page
Facebook: Sure, Googlebot, here you go! [transfers publicly visible data]
Googlebot: BuhBie! I'll talk to you again in a second or two!

How is it NOT Facebook's fault? There are two willing parties in a Client / Server connection.

Facebook promotes Like buttons and badges everywhere, then bitches when a web crawler, crawls those links, and Facebook gives it the data.

Truly Asinine. Glad I never signed up for that bullshit service.

Hey, have you used any Facebook apps? Did you know that the token in the URL for those apps can be used by anyone with that token to impersonate you? Did you know that token, since it's in the URL, can be seen by ads that are in that app (HTTP-REFERER [sic]). All it takes is someone "hacker" to scrape "index of" for an ad network's http log to snag thousands of these tokens, and impersonate thousands of Facebook users. Change Your Facebook Password & re-auth any apps. This shit really works -- it's like Firesheep, only the tokens are out in the wild in possibly unsecured server logs, or even link-back farms (where ad networks automatically provide links back via posting a public link to the HTTP-REFERER URL).

What MORON doesn't time limit tokens!? It's like Facebook was TRYING to give ad networks full access to your accounts.

robots.txt (0)

Anonymous Coward | more than 3 years ago | (#36220116)

Did FB even attempt to publish a robots.txt?

What's that? "No"? You mean they like getting free publicity from Google?

Facebook wants your children, too (3, Insightful)

Awkward Engineer (2178204) | more than 3 years ago | (#36217560)

It's not just high school students. The Zuck said he wants facebook available for kids under 13, too. Child protection laws require age verification for kiddies, and the hastle of doing that is pretty much the only thing stopping them right now. Facebook, from it's founding, has always been on morally ambiguous ground, and there's no reason to suspect they'll change in the future. [] .

Contrary opinion (4, Insightful)

Compaqt (1758360) | more than 3 years ago | (#36217634)

I actually appreciate that you can see the "cached" version of a Facebook Google result without having to log in to Facebook (or even have an account).

I'd say that preserves your privacy by allowing you to not have a Facebook account!

Google 'scraping' information (2)

unity100 (970058) | more than 3 years ago | (#36217670)

as opposed to facebook just selling it to 3rd parties behind its users' backs.


Re:Google 'scraping' information (0)

Anonymous Coward | more than 3 years ago | (#36218160)

Explains why Facebook's so pissed; "Sure I'm a cheap whore, but I ain't no slut!"

I did not initially see who the poster of this was (1)

Attila Dimedici (1036002) | more than 3 years ago | (#36217700)

I did not initialy look to see who posted this. I was reading it and started thinking that the reasoning seemed circuitous and tortured, then I looked and sure enough it was a Bennett Haselton submission.

Re:I did not initially see who the poster of this (1)

UnknowingFool (672806) | more than 3 years ago | (#36218002)

I don't know who approves these submissions but if I wanted to read someone's wordy personal opinion, I would read their blog. Obviously Bennett has not taken Shakespeare's advice: "Brevity is the soul of wit."

Re:I did not initially see who the poster of this (1)

jdgeorge (18767) | more than 3 years ago | (#36218196)

Obviously Bennett has not taken Shakespeare's advice: "Brevity is the soul of wit."

Shakespeare's comment is more observation than advice. Seems pertinent, though.

Where is the consumer advocacy? (4, Insightful)

SilasMortimer (1612867) | more than 3 years ago | (#36217812)

You know, I still remember those commercials and almost remember the address of that place in Pueblo, Colorado for a free booklet about consumer protection. When I was growing up, that was a phrase that was commonly heard everywhere. Including the media. You know, back when Ralph Nader was a respected name.

You could still get suckered, but there was information that had been compiled and you could get it if you looked for it (and not just from Pueblo). Then the Internet happens. Over a decade and a half after it becomes a daily thing for the average consumer and it's closer to the myth of the "Wild West" than the actual Wild West was. At times, it seems like the sheriffs aren't that much better than the bandits and occasionally you wind up sympathizing with the bandits more. And what does the hope-to-be-savvy consumer find when s/he looks for information of the kind they used to write to the fine folks in Pueblo for? "You need to get smart" is what it boils down to. How? From what? Who's the villain and who's the guy in the white hat?

Yeah, yeah, I'm oversimplifying. But really, this dichotomy isn't working for me. There's always been a chance for the consumer to get screwed, but it hasn't been so blatant since the uglier days of the Industrial Revolution. The fuckers have gotten smart and some of the fuckees have kept up, but most people are just hoping that when it happens, it's over quickly (better have "protection" installed, just in case, ya know). Most of the legislation regarding the Internet that I've heard of has been something to do with helping the straw boss keep his iron grip and helping the company sto' keep you from going to St. Peter- holy crap, my metaphors are all over the place here.

I never thought I'd say this, but I'm looking forward to the next Ralph Nader. Where the hell is he? Or she? Or it? I don't give a damn, just get here already.

Easy Fix? (0)

mysidia (191772) | more than 3 years ago | (#36217968)

Remove Facebook from Google's index completely.

Hiring a PR firm to slam them over scraping FB's content would seem to indicate FB doesn't really want their content scraped, which could translate into justification not to index them.

It's not like FB needs a listing in the Google index for people to find FB anymore, anyways.

They obviously don't like Google much. So unless Mark Zuckerberg writes a personal letter of apology to Google, delisting seems proper.

Unless it's to Google's benefit to have FB indexed, they should consider delisting FB :)

Re:Easy Fix? (0)

Anonymous Coward | more than 3 years ago | (#36218214)

90% of Facebook users log in by Googling 'Facebook' or 'Facebook login.'

Re:Easy Fix? (0)

Anonymous Coward | more than 3 years ago | (#36222522)

That's facebook's problem.

I was deeply disappointed on reading this article. (1)

Nadaka (224565) | more than 3 years ago | (#36218206)

Not one bit of innuendo. Not one explicit offer. So much for "seduce". I was expecting some tabloid scandal here.

FB is scared (1)

Sprouticus (1503545) | more than 3 years ago | (#36218338)

If google has most of the same information on FB users as FB does, they can create a similar database and sell that information (or sell access to the information) to advertisers and marketing firms who want to mine the data.

And that would mean that FB would lose out on revenue.

Re:FB is scared (0)

Anonymous Coward | more than 3 years ago | (#36243056)

Google might be able to cache the information for the purpose of using it with their search engine, but they probably wouldn't be allowed to compile and sell it, you know, copyright law and all that. However Google themselves sell advertising, they probably would be able to use it to improve their ad targeting.

A bit OT - the real problem (1)

lucm (889690) | more than 3 years ago | (#36218958)

I think Google should not be indexing Facebook. And they should also not be indexing websites like or that keep polluting the search results when I am googling for an answer to a technical problem.

I don't understand why the IT world is going down the drain like that. Ten years ago there was Dejanews - a gold mine for technical people, a place to go in your hour of need when you had this mysterious log entry and all you had to access usenet was Lynx. Also a place to hang out on your lunch break at the office and help other people. The best of both worlds - usenet and the web; I remember knowing what search keywords to use to always find that one-liner I sometime needed. Then Google took over (poorly) and now usenet is a wasteland of pr0n, spam and support groups for people with albino cats.

Nowadays if you look for an answer you have to deal with thousands of poorly maintained forums. You find blog posts from two years ago where the answer does not apply anymore. You get Wikipedia entries where there is just enough information to be listed in the results but not enough to help you. And if you want to help people you need to start your own blog or to post a comment on another blog.

It will be a sad day when I will get results from Facebook while googling for a problem with mod_autoindex.

Re:A bit OT - the real problem (2)

Lazy Jones (8403) | more than 3 years ago | (#36219436)

I don't understand why the IT world is going down the drain like that. Ten years ago there was Dejanews...

My generalized $0.02 on this: this resulted from "commoditization" of the Internet. Where technical prowess, cooperation and hacking ethos used to rule, nowdays you see marketability and revenues, competition and legal issues dominate the field. Spamming is highly profitable and does not involve a lot effort, so it has to win. Projects with limited resources cannot concentrate on their main task, they have to deal with SEO, PR, possibly revenue (when was the last time you saw a highly successful open source project being hosted at no cost by a university?), even patent research and copyright issues.
If anyone knows of a technical field where the general spirit is closer to those "old values" and making a quick buck isn't the most important thing, I'm interested (robotics? perhaps).

Re:A bit OT - the real problem (0)

Anonymous Coward | more than 3 years ago | (#36242820)

I really don't know why people complain about because if you follow a link from Google you'll be able to see the answer, just scroll to the bottom of the page. I'm sure I've found an answer or two there myself in the past, although I don't actually remember it showing up in any of my queries in the past couple of years, perhaps my technical queries have been too esoteric to be asked on that site. Of course if you really don't want it showing up I'm sure you can customise your results to prevent it if you log in to Google.

Of course.. (1)

Weaselgrease (2050100) | more than 3 years ago | (#36222738)

Instead Facebook won't sell the data, they'll just sell a piece of software to corporations that already does the loophole jumping for them, and claim that it's for educational or security evaluation purposes for their 3rd party apps.

FaceBing Live is coming. (1)

Torodung (31985) | more than 3 years ago | (#36224662)

Wait for it... Here it comes... FaceBing Live. Premiering only on Windows 8.

Because you need a "decision engine" that has access to all your personal data, because you are an indecisive fool, incapable of critical thought, and you never got to know yourself as well as a comprehensive personality algorithm could. John Anderton, wouldn't you like a Budweiser?

Google had best hire a brute squad to deal with the kind of crap this unholy Zuckerberg/Microsoft marriage is going to try to pull on them.

Think that's too steep? Well do your worst mods. Microsoft has always been unethical, and they are courting, IMHO, a criminal. Zuckerberg cracked his way through Harvard's network to steal personal data, hijacked someone else's idea without so much as a credit, and utterly backstabbed even his closest associates on his way to the top. He makes venerable old Bill Gates, in his heyday, look like a wide-eyed philanthropist.

This is only going to get uglier.


Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>