Another week, another Facebook privacy issue.
A few days ago, a database was uploaded to Bit Torrent with the names and public information of every searchable Facebook user’s profile. The 2.8 GB file contains information on more than 170 million profiles.
The Facebook database disclosure is just the latest of several privacy issues, from apps that reveal more than you realize to confusing privacy settings. And users aren’t agreeing on their responses, although most suggest this latest issue is a sign of things to come.
Facebook was quick to respond that the data was easily accessible via Facebook and web searches and the posting was no threat to user security. A spokesperson wrote to the New York Times:
“People who use Facebook own their information and have the right to share only what they want, with whom they want, and when they want. Our responsibility is to respect their wishes. … No private data is available or has been compromised. Similar to the white pages of the phone book, this is the information available to enable people to find each other, which is the reason people join Facebook.”
From the Web, few were as nonchalant.
Dan Tynan at IT World thinks Facebook is missing the point. The Internet is full of bits and pieces of information that are “marginally useful — until someone collects them all in one spot and organizes them. Then, suddenly, they can be extremely useful,” he says.
Tynan specifically addresses Facebook’s phone book analogy.
“Think about the phone book. Tons of information in there, but not terribly useful for looking up more than one name at once — until you put it online. Suddenly it’s a lot more useful. Now you can locate numbers for everyone in a particular area or ZIP code, plug them into a piece of software, and start robo-dialing.”
He goes on to explain how nefarious users might use similar data to take control of people’s Facebook accounts or try to extort your friends for a few bucks.
The database was created by Ron Bowes, a Canadian security consultant, to get a list of the most probable combination of first and last names to test a new password security tool he helped develop.
“It is designed to test password policies of organizations by using brute force attacks; in other words, guessing every username and password combination,” he told the BBC.
“Bad guys” could easily use the same strategy to create password-cracking software that could be used for virtually anything, instead of testing password security for large corporations.
It seems like large corporations might also be interested in the data — which, as Tynan said, could prove useful for marketing, targeting specific demographics, and finding potential customers.
A Gizmodo reader discovered that several IP addresses of users that were also downloading the file belonged to 65 companies including: Lucasfilm, Motorola, Mcafee, Nvidia, Pepsi, Coke, Boeing, Apple and Hewlett-Packard (to see a more complete list check out the Gizmodo post). To be fair, that doesn’t mean the company sanctioned the download; it just means that someone at the company was probably downloading it.
My PC World colleague Tony Bradley says if the corporations did sanction the downloads they might not have specific reasons for acquiring the data or future plans for it.
“But, the fact that a file exists which contains personal information for millions of customers that might prove valuable in the future is reason enough to go ahead and acquire the data while it’s still out there,” he says.
Aaron Couch of NPR’s All Tech Considered thinks this could be the beginning of personalized advertising, much like that seen in Minority Report where companies know so much about you they “can give us exactly what we think we want and need.”
“When it comes to online privacy, I’m like a smoker circa 1965. Despite all the evidence, I don’t want to admit there’s a problem,” he says.
If nothing else, this should serve as a reminder for those of you who haven’t taken advantage of Facebook’s privacy options to do so now. Check out a PC World guide on how to test your settings.
As PC World user Milesobrien commented on a story, “… Put yourself or information on a ‘social networking’ site and it IS PUBLIC!!”