Forgot your password?
typodupeerror
Social Networks Facebook The Internet Your Rights Online

Facebook Implements 'Download Your Profile' Option 114

Posted by CmdrTaco
from the just-want-a-damn-rss-feed dept.
eldavojohn writes "Facebook is rolling out some new changes (including groups) that are supposed to liberate user control. But something that might interest Slashdot readers even more is that they now allow you to download all your information from Facebook. That's everything — all your posts, pictures, videos, friend lists, etc. A video from David of the Open Source team at Facebook explains how it will work, although I don't see that option on my profile yet (they are slowly rolling it out). There's not a lot of details yet, but they at least require you to click a link from an e-mail and reenter your password to get this (to avoid spambots harvesting everyone's data and careless use of public computers resulting in data leaks). Perhaps competitors like Diaspora would be interested in using this base information to germinate user seeds?"
This discussion has been archived. No new comments can be posted.

Facebook Implements 'Download Your Profile' Option

Comments Filter:
  • by Anonymous Coward

    Well this certainly makes it much more easier to move your nonsense-data around, but how long untill all the data is available on piratebay?

    • Re: (Score:3, Interesting)

      by Pojut (1027544)

      Unless your account (or their servers) get hacked, it would only show up if you put it on there yourself...

      Aside from being able to back up everything, it would be interesting to do this and read some early correspondence on the service.

      • Re: (Score:3, Insightful)

        Facebook sending users an e-mail with a link to click on just invites spam and fake websites to harvest user's logins and passwords.

        Nice move on Facebook's part to help train their users to click on links in e-mails that take them to websites to enter authentication credentials.
        • by sinclair44 (728189) on Thursday October 07, 2010 @10:06AM (#33824058) Homepage
          I love how people used to bitch that you couldn't get your data off of Facebook (which wasn't even completely true, given Platform and Connect), but now that they added that exact feature, people are bitching that it will allow spammers to get information or that it trains users in some bad way. Can you give them a fucking break? They are honestly trying to add a feature exactly for the demographic here (most users probably don't care about this level of data portability one bit) and all most people can do is still complain.
          • by NeverVotedBush (1041088) on Thursday October 07, 2010 @10:11AM (#33824122)
            Dude, it is one of the basic tenets in computer security to not click on links in e-mails that take you to websites where you enter login credentials.

            Those kinds of e-mails are known as phishing and spear phishing attacks. They are very common and very dangerous.

            Facebook has had no end of security problems. Now with the publicity that they will be sending out e-mails that have a link, wait a few days and see what hits in computer security news.
            • They would only send these e-mails if you, as an authenticated facebook user, clicked the "Download my account" link.

              So an adversary would have to time extremely well the sending of the spam link in order for the user not to be suspicious.

              Even then, if facebook wanted to further deter account download masquerade phishing, they could prompt for some kind of comment at the point of requesting an account download, which they could recapitulate in the e-mail to show the request was legitimate and came from you.

              • Re: (Score:2, Insightful)

                by stephathome (1862868)
                You have a lot of faith in users. I know too many people who wouldn't realize that the link is only sent on request and think it sounds interesting to download their account.
              • by yabos (719499) on Thursday October 07, 2010 @12:40PM (#33826144)
                If everyone knew what they're doing then that'd be fine but the average user is an idiot. They will click an email link supposedly from their bank warning them that there's a problem with their account. Then they will enter all the account login information. If people do this with bank info, they're going to do it with facebook info as well. This happens all the time.
            • by LateArthurDent (1403947) on Thursday October 07, 2010 @11:04AM (#33824806)

              Dude, it is one of the basic tenets in computer security to not click on links in e-mails that take you to websites where you enter login credentials.

              Those kinds of e-mails are known as phishing and spear phishing attacks. They are very common and very dangerous.

              Facebook has had no end of security problems. Now with the publicity that they will be sending out e-mails that have a link, wait a few days and see what hits in computer security news.

              If you're going to train people to be security conscious, you can't half-ass it. "Don't click on e-mails that take you to websites where you enter login credentials" is most definitely the wrong message. Just because there are lots of phishing e-mails doesn't mean that every such e-mail is phishing, and it actually trains people to start drawing invalid conclusions: "well, this link didn't come by e-mail, so it's ok." Phishing websites can just as easily lead you to a malicious page where you enter your credentials.

              What you actually need to be teaching people is to go to the link from the e-mail, grab the ssl certificate and check the the company name, the verifying authority, and the fingerprint. The independently go to the main website where the e-mail claims to be from, in this case Facebook, and see if the signature matches. If it does, you can type in your credentials. There is no half-assing this procedure. Anything short of it is vulnerable to the attacks you are so concerned about.

              • Thanks for making me chuckle this afternoon.
              • "check SSL certificates". Yeah, right. I'm sure that this is the easiest concept to teach to non-computer poeple.

                just ask them always log-in manually by typing the site's home page (www.facebook.com, www.ubs.ch, etc.). If it's really something important, it will be available there too.

                don't mess explaining them small details of computer security they don't grasp.

            • Re: (Score:3, Insightful)

              by kevinNCSU (1531307)

              Your doing it wrong. Or at least applying it wrong. In your want to find something incorrect with Facebook you're ignoring the fact that sending an email to the user to confirm they are who they say they are before they are allowed to do things like change their password or download all their data is a tenet of website security in and of itself. These emails are always accompanied by the message "If you did not request this change/email then disregard this message and contact our fraud/tech/blah departme

          • I'll give them a break when they stop reseting options with new privacy policies or ToS that lowers the ability for users to lock down their accounts and defaults all options to the most open setting.

            I'll give them a break when their account deletion process no longer requires users themselves to manually go through and delete everything they put on the website.

            Given FB's history, a move like this makes me wonder what detrimental change they're also doing. I'm guessing the reseting of privacy options.

            • Re: (Score:1, Insightful)

              by Anonymous Coward

              I'll give them a break when their account deletion process no longer requires users themselves to manually go through and delete everything they put on the website.

              I was speaking with a bar tender in the airport the other week.

              He said he'd discovered what happens if he googles himself ... he gets loads of links into Facebook that he and others have put up, and that he had assumed was private.

              He subsequently went through and deleted everything and filled in the profile with garbage information.

              When a bartend

            • by sinclair44 (728189) on Thursday October 07, 2010 @10:35AM (#33824448) Homepage

              I'll give them a break when they stop reseting options with new privacy policies or ToS that lowers the ability for users to lock down their accounts and defaults all options to the most open setting.

              Over the summer, they added a "master control" which you can set to "friends only" (or several other settings). This will make all of your current settings "friends only" and will also make any future setting default to "friends only".

              I'll give them a break when their account deletion process no longer requires users themselves to manually go through and delete everything they put on the website.

              I don't believe this has been true for a while: https://ssl.facebook.com/help/contact.php?show_form=delete_account [facebook.com]

              • Wait, you mean people have only been reporting negative things about FB and largely left out anything positive that they have done?

                Alright, well... there go my arguments. *Tips hat*

              • by T-Bone-T (1048702)

                I deleted an account a few months ago and when I recently accidentally logged in to it, Facebook welcomed me back and all the info I had in my profile was still there. When I ask to delete my account, I mean everything.

          • by Painted (1343347)
            ...maybe they're different people? :-/
          • by pcolaman (1208838)

            Every heard of phishing, bro? This is the most common tactic used by phishers to gain info to stuff like bank account or website login info. Bad idea by Facebook in terms of the implementation, not necessarily the concept.

          • I'm very happy about this update. I've been wondering if I ever wrote anything questionable on my Facebook profile; once this feature is offered to me, I will download everything and scan through it.
          • by yabos (719499)
            It wouldn't be that hard to do it within the website without this email loop which is dangerous. Just require the user to re-enter their login credentials in the download my profile section of the website. You will already know if you're on facebook's website at that point.
            • Well, the idea is probably to use the email as additional security so that even if someone has your password, he cannot use this function, because you get a mail.

              However, they could just send an unique code which you have to enter at the facebook get-data page, without a link. You already navigated to that page (otherwise you'd not have gotten that mail), and if you closed it in the mean time, you know how to get back there (after all, you found it once; and if you fear to forget how to get there, just book

          • Maybe it's different people doing the complaining in this case than were doing the complaining before.
        • by multisync (218450) on Thursday October 07, 2010 @10:08AM (#33824090) Journal

          I would think the email with the link would be sent to the user in repsonse to a request of some sort. You know, you request your data, they email you a link to get it ...

          Have you never forgotten the password you use for an infrequently-visted site and had them email you a temporary one? This sounds like the same thing.

          • That kind of approach is fine. And yes, I have done the e-mail thing to recover or reset a password.

            It also seems you are right - the user requests the download and then Facebook e-mails a link. It's not in the Computerworld story but is in the YouTube link to an explanation.
      • To Reiterate! (Score:5, Informative)

        by eldavojohn (898314) * <[moc.liamg] [ta] [nhojovadle]> on Thursday October 07, 2010 @10:04AM (#33824034) Journal

        Unless your account (or their servers) get hacked ...

        If your account gets hacked, they still need to have your e-mail hacked. The link to download the zip file is later sent to your e-mail address when the processing is done. Zipping up videos and images takes a while so basically you request this data and they put it in a queue and an hour/day/week/month later you get your data to download e-mailed to you in a link and you re-enter your user password. I thought I described this in my summary but that means that even if your account is hacked they would need access to your e-mail and for quite sometime unless you had already requested it and left that e-mail in your account. Yes, this means that if they know the e-mail associated with your Facebook account, they can just hack that and then request a new Facebook password sent to that account and then initiate the profile zipping.

        Let's say their servers get hacked. Well, the data is still not zipped up unless they are retaining that data after someone requests it. So at most they'll have access to whoever is waiting to retrieve their data. And it's going to be a lot of data. So there are a lot of logistics involved to get access to only a few random person's data. And even if the hackers are smart enough to invoke the zip script for every single account, that's not something that will happen overnight.

        Basically if they have access to your account or the Facebook servers, they already have access to everything on your profile or Facebook as a whole (respectively). So while this presents mild security issues, it's already assuming that everything is compromised ... it just presents the possibility that a hacker could more easily zip up your data ... and then that requires time ... and access to another resource of yours. For me, this risk is acceptable consider the benefit involved. As I mentioned, I suspect this will allow you to move the history of your profile to another site, which is really really good.

        • Re: (Score:3, Insightful)

          by bsDaemon (87307)

          To be fair, we are probably talking about people who use the same password for everything.

          • To be fair, we are probably talking about people who use the same password for everything.

            Well then in your suggested case, to be fair, where is the real security issue? Is it Facebook or is it the user?

            The best and most flawless computer security systems will always have a human being as a security hole. The best 'hackers' reported in the news these days are those that use social hacks like sweet talking and shoulder surfing to gain access to very secure systems.

            I wouldn't go around faulting Facebook for catering to the lowest common denominator. Their security measures are okay.

            • by bsDaemon (87307)

              Well, I was mostly addressing the fact that if someone was able to "hack" a facebook account, there is a high probability that the account password will match the email account that is associated with the facebook account.

              It's the users' fault for re-using passwords which aren't that great, and its the users' fault for posting all their personal data on facebook, too. So, yeah, its the users' fault. It usually is.

          • by Gilmoure (18428)

            Hey, 1, 2, 3, 4, 5 is easy to remember.

            • Re: (Score:2, Funny)

              by maxwell demon (590494)

              Hey, 1, 2, 3, 4, 5 is easy to remember.

              Yeah, but it's very insecure, because everyone knows that sequence. That's why I use 5, 4, 3, 2, 1 instead.

        • Re: (Score:3, Insightful)

          by rthille (8526)

          If I hack your FB account, can't I change the email associated with it?

          • If I hack your FB account, can't I change the email associated with it?

            Yes, but the original e-mail address associated with your account gets e-mailed a notification allowing that to be blocked and if you do block it you have to change your password:

            Hey XXXXX,

            We've received your request to associate your account with the email address
            malicious@hotmail.com.

            An email was sent to malicious@hotmail.com to confirm the request and account
            ownership. To confirm that email address, just click on the confirmation link
            in the email sent to malicious@hotmail.com.

            However, if that address is not familiar or you did not request to change your
            contact email, please follow this link to cancel the request:
            http://www.facebook.com/cancel_contact.php?t=XXXXX&u=XXXXX...
            (If clicking on the link doesn't work, try copying and pasting it into your
            browser.)

            If you cancel the contact email change request, your account will remain with
            your current email (goodguys@umn.edu) and you will be asked to reset your
            password as a security precaution.

            Thanks,
            The Facebook Team

            Now, you'd probably prefer that the original e-mail address has to okay the transition but that's how they have it implemented. So you're right, they could change the account associated with it if they know your Facebook password (it asks you at every step of the way). Then they could request the zip and wait to get the e-mail. But if you checked your e-mail in that time and canceled the new e-mail and changed your password you'd be safe.

            That's definitely something they could do -- block the request of a new e-mail until an old one is okayed. But then you run into the trouble of someone hacking your e-mail account and gaining access to your Facebook account that way. In that case, they could change your Facebook account over to their e-mail account and then okay it in your hacked e-mail account. Once that's done, how would you reclaim your profile? They would always have the account associated with it.

            Also if your old e-mail gets hacked and you have no way of getting it back, you're kind of at the mercy of the person who has your old e-mail as you'll never be able to change the e-mail address associated with your Facebook status and if you do, you'll tip them off that they also have your Facebook account to do with as they please.

            What it usually boils down to is if your account is compromised, your account is compromised.

          • Welcome to 1995, where websites with user accounts email the user before they allow a change of email to prevent account stealing. It's a brave new world of distrust.
            • by rthille (8526)

              Even now, (not sure about FB), some sites realize that you may not have access to your old email account. A DoS to the old FB email (send a bunch of spammy, mostly legitimate looking 'someone hacked your FB account' emails, but with .ru links), will get most people to ignore the 'real' one, preventing them from noticing the change of email on their account.

        • by zzsmirkzz (974536)
          My thoughts on this are: ::don tin-foil hait::

          They implemented this code/functionality so that when requested they have an automated way to provide the entire details an interested parties account to whatever law enforcement agency requested it. In a grand PR scheme, they figured that it would eventually be leaked this functionality exists, so they present it as a feature to users who then get used to the idea of it being possible. So finally, later on, when it is discovered that they send those pretty pr
    • by Jugalator (259273)

      Well this certainly makes it much more easier to move your nonsense-data around, but how long untill all the data is available on piratebay?

      Install the Facebook application "Access others private profiles" and give it full access rights to your account, I heard that'll do the trick!

    • Well this certainly makes it much more easier to move your nonsense-data around, but how long untill all the data is available on piratebay?

      I guess that depends on how long it takes a clever virus to start looking for traces of these downloads on someone's PC and start harvesting the information. My guess is less than 60 days ... but it may not be on PB first as I'm sure there are other 'markets' for this type of information.

    • It's already available on Eschelon. But I think Facebook is a clever front for NSA already.
  • by Mazzie (672533) on Thursday October 07, 2010 @09:25AM (#33823604)
    I hope there is an option to disable this in case your account is hacked and someone wants to download all of your data, oh wait, doh....
    • Re: (Score:1, Insightful)

      by Anonymous Coward

      It would have to be a permanent disabler then, or at least require external verification to re-enable (email/text/voice message ID, whatever). Not that there's much point in disabling it anyway... webpage scraping isn't that hard.

    • Re: (Score:2, Insightful)

      by tris203 (1768578)
      and if they are in your account, then they can just re-enable the option? unless there is an external factor, oh wait there already is, email...
    • by PPalmgren (1009823) on Thursday October 07, 2010 @10:03AM (#33824012)

      I'll have to give FB credit here where it is due. There have been major complaints that your FB data isn't portable, so they have you stuck in a lock-in. This is clearly a response to those complaints. I'll be the first to hate on FB, and I still don't have an account, but we can't have it both ways bro. This brought me one step closer to signing up.

    • Now the phishers can just mock up the Facebook e-mail. Click [this link], and enter your Facebook password to finish downloading your information. If you didn't request a download, click [this link] and enter your password to change your settings and prevent this from happening in the future.

    • Re: (Score:3, Informative)

      by mr100percent (57156)

      The actual announcement [facebook.com] said "To protect your information, this feature is only available after confirming your password and answering appropriate security questions."

      I'm not sure what that will involve, but if it's like the security challenge they've been doing when you sign in from abroad, you have to correctly tag 8 of your friends in unlabeled photos.

  • You know (Score:5, Informative)

    by Ryanrule (1657199) on Thursday October 07, 2010 @09:30AM (#33823658)
    Facebook used to have a feature to dump your entire profile and contacts list as a csv. They removed that in the fall of 04.
  • Diaspora (Score:4, Interesting)

    by Rik Sweeney (471717) on Thursday October 07, 2010 @09:30AM (#33823662) Homepage

    Perhaps competitors like Diaspora would be interested in using this base information to germinate user seeds?

    Maybe, but it already looks like Diaspora development is starting to slow down. OK, there have been some commits today, but I expected to see more activity than what's currently going on.

    Remember when the source to Gish was released? A lot of activity and releases for about a fortnight and then nothing...

  • Wow... (Score:2, Insightful)

    by ihatejobs (1765190)

    So now hackers have even more reason to go after your Facebook account. All that data in one nice, neat little download? Hackers paradise.

  • This makes me glad to know that I will soon be able to download your profiles. They got the name just right.

  • by MouseR (3264) on Thursday October 07, 2010 @09:51AM (#33823878) Homepage

    ...because right now, their Ping thing is utterly useless. Downloading all your FB data, in particular, contacts, might make it easier to get started with Ping.

  • by Combatso (1793216) on Thursday October 07, 2010 @10:15AM (#33824174)
    FINALLY!!! A way to preserve all the comments from people I havent seen in 20 years telling me we need to smoke a joint together,..
  • What about messages? (Score:3, Interesting)

    by 2names (531755) on Thursday October 07, 2010 @10:17AM (#33824220)
    Does this download include all messages received and sent?
  • ALL of your data? (Score:4, Insightful)

    by davidshewitt (1552163) on Thursday October 07, 2010 @10:18AM (#33824238)

    allow you to download all your information from Facebook

    The question is, does it really allow you to download all of your data? Does it let you download everything anyone has ever posted on your profile? If it did, this could give you some idea of what Facebook has stored about you.

  • by Anonymous Coward

    I don't want to have to continuously delete tags of myself, remove posts from my wall and other annoying things while I'm trying to stay off FB. It's like a god damned disease you can't get rid of. Worse yet, my wife's profile has the delete option but she's not about to use it.

    -jp

  • Also (Score:5, Interesting)

    by Beer_Smurf (700116) on Thursday October 07, 2010 @10:23AM (#33824308) Homepage
    One thing that seems to be in the same update is removal of the "Clear Chat History" button in the chat window.
    There are thousands of complaints posted about this already.
    It doesn't take much imagination to see how not having this feature when one is expecting it can lead to comedy.
  • but.....the cloud! (Score:5, Interesting)

    by Sprouticus (1503545) on Thursday October 07, 2010 @10:39AM (#33824494)

    This is absolutely shocking. For the past few years it seems every article I have read has advocated that data be soley kept 'in the cloud' and that users will never need to download their data to a perosnal machine ever....

    'The Cloud' is hype. Just like all the other hyped techs in the last 15 years (ATM will change networking, Java will be out OS, thin clients will rule the business world)

    I? do think it will be interesting if real competition comes to FB how this will be used to transfer data.

  • by ukyoCE (106879) on Thursday October 07, 2010 @10:55AM (#33824704) Journal

    I can't think of any compelling reason for Facebook, as the clear market leader, to provide this service. I'm glad they did though, and it makes me feel a lot more comfortable about posting pictures, etc. there for family members without having to keep a mirror somewhere else.

    I saw they're also adding some type of sub-networks or groups, so you can make a post about video games and leave out your parents, or congratulate someone about a job offer without including their coworkers. I can think of a lot of tricks to making a good implementation of this, so can't wait to see how they did it.

    Those are probably the two most important features that have made me frown on facebook, so seeing both in one day is a big surprise.

    • I saw they're also adding ... groups, so you can make a post about video games and leave out your parents ...

      One could do that previously using Lists. However, Groups adds a "group space" for shared group content and group chat.

      • by equex (747231)
        Groups. The cycle is starting to turn again. In 3 years FB will be exactly like a regular forum site.
    • I can't think of any compelling reason for Facebook, as the clear market leader, to provide this service. I'm glad they did though, and it makes me feel a lot more comfortable about posting pictures, etc. there for family members without having to keep a mirror somewhere else.

      Maybe the second sentence is a reply to the first? For most people it doesn't matter, but for some, being able to move in the future makes them more likely to join now.

  • Thank you Facebook (Score:5, Insightful)

    by crf00 (1048098) on Thursday October 07, 2010 @10:56AM (#33824722) Homepage
    Thank you Facebook for supporting data portability and not use it as lame anti-competitive lock-in feature like Yahoo and M$ does.. I don't care how other slashdotters think, but you will earn more of my respect as you make your platform more open and release more open source projects. Well done for your effort, keep it on!
    • by Rutefoot (1338385)
      They need one more option:

      Give users a quick link to display a -clean- Facebook page and news feed. A lot of people are getting fed up with seeing non-stop wall posts for farmville and news feed items and application requests. I've known several people to leave the site for this exact reason. Sure, you can block various applications from showing up on your news feed, but as far as I know you can't hide them from other people's pages. Even if you could do this, it would be tedious to constantly filter
  • How long until spambots start sending you messages looking just like the one from Facebook directing you to a fake URL?

  • by SnowDog74 (745848) on Thursday October 07, 2010 @11:42AM (#33825360)

    Facebook has 500 million users. At this point, they have few places to go, but down is a very likely possibility if they don't extend themselves into the fabric of the net and collaborate so they will always stick around in some form or another. Zuckerberg reportedly even made a contribution to the Diaspora guys in an undisclosed amount because he thinks the idea has merit... or, more likely, he wants to make sure there's cross-compatibility for years to come.

    One other point, sort of tangential to the topic... Some of the comments in preceding discussions about Diaspora keep falling back on the "oh sure four guys in a garage with no professional experience EVER got a project off the ground" sort of sarcasm. Ok, I know it's all wonderful and cool to us nerds to rely on sarcasm and cynicism, but a little perspective should be in order as well: Facebook, Apple, Google, Yahoo and other "garage" startups... There's a reason there's only a handful of them. There are a ton of coders, but not everyone is Harvard educated, massively talented, in the right place at the right time or any combination of these. Not every coder who thinks he has a great idea can execute... ... Conversely, not everyone needs to be a Sergey Brin, Mark Zuckerberg or Steve Wozniak. In this Age of Entitlement, we all like to think life is a choice between either being rich or being nothing... but there's plenty of respectable room in between, even if all your project does is get you solid employment at someone else's company.

    • 500 million users? (Score:1, Interesting)

      by Anonymous Coward

      No, they have 500 million *user accounts*.

      Many of which are fake (spammers) or empty.

  • Anything at all to make people think they actually own and control the things they post to Facebook.

    See? I can get it all back, that means it's mine.....

    Facebook's had a run of bad press regarding lack of user control over posted content. This is just a feature nobody will use, dedicated to persisting the illusion of control that hides the fact that Facebook is "a place for Friending marketers".

  • I don't think this matters much unless they release these profiles in a free and open format. Otherwise it won't be much different than the way Microsoft has locked people into .doc format.

The first Rotarian was the first man to call John the Baptist "Jack." -- H.L. Mencken

Working...