Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Facebook Privacy Social Networks

Facebook Launches Bug Bounty Program To Report Data Thieves (cnet.com) 66

Facebook on Tuesday launched a data abuse bug bounty program, just hours ahead of CEO Mark Zuckerberg's testimony to the Senate judiciary and commerce committees in Washington, DC. The bug bounty program is asking for people to report any apps that abuse data on Facebook, and it offers a reward based on how severe the abuse is. From a report: "While there is no maximum, high impact bug reports have garnered as much as $40,000 for people who bring them to our attention," Collin Greene, Facebook's head of product security, said in a post. The new program comes almost a month after the New York Times and the UK's Observer and Guardian papers revealed that Cambridge Analytica, a voter profiling firm, took advantage of a Facebook app to siphon off personal information on 87 million people. The scandal has fanned the flames of a backlash against Facebook by lawmakers and users.
This discussion has been archived. No new comments can be posted.

Facebook Launches Bug Bounty Program To Report Data Thieves

Comments Filter:
  • Better idea (Score:5, Insightful)

    by 110010001000 ( 697113 ) on Tuesday April 10, 2018 @11:05AM (#56412665) Homepage Journal
    Here is a better idea: do it yourself. You know, actually monitor your website and stuff. It is a radical idea.
    • But having an operations team costs money. It's so much easier to just hire more developers who have no clue about operations. DevOps!
  • by Anonymous Coward

    Where was all this outrage four years ago?

    • There is a difference between using data that was openly available with links to apps that were open to what they were doing with your data to see that you may fit the demographic that would vote for Obama, and have ads that pop up and say go out and vote for me. Vs. Having apps to trick you into figuring out what political persuasion you are and give you a custom message showing how evil opposition is, not just official running, but how all of their supporters are sub-human monsters. Scheduling rallies fo

      • by gnick ( 1211984 )

        I posted this [politifact.com] in another thread the other day. Some similarities & differences between what the Obama campaign did and what Cambridge Analytica did.

        The Obama campaign and Cambridge Analytica both gained access to huge amounts of information about Facebook users and their friends, and in neither case did the friends of app users consent.

        But in Obama’s case, direct users knew they were handing over their data to a political campaign. In the Cambridge Analytica case, users only knew were taking a personality quiz for academic purposes.

        The Obama campaign used the data to have their supporters contact their most persuadable friends. Cambridge Analytica targeted users and their friends directly with digital ads.

  • "We have met the enemy and he is us." - Walt Kelly

  • by Oswald McWeany ( 2428506 ) on Tuesday April 10, 2018 @11:15AM (#56412741)

    Facebook Launches Bug Bounty Program To Report Data Thieves (cnet.com)

    Hello, I would like to report Mark Zuckerburg please!

    • Re:Report Der Zuck (Score:4, Insightful)

      by Rosco P. Coltrane ( 209368 ) on Tuesday April 10, 2018 @11:19AM (#56412773)

      You can't report Zuck: he ain't a thieve, he's a con artist: he managed to convince his users that giving away their data is a negligible price to pay in exchange for a great service. People are slowly discovering it's the other way around, but it's too late now.

      • If he would only gather your personal information from your account on facepalm, you were right. If he collects data about me from other facepalm accounts, web beacons and other software or services that turn out to be facepalm-owned, the he is a thief.
        • I doubt it. I bet you anything that deep down in the TOS that all Facebook users have agreed to - after reading it carefully from beginning to end, no doubt - there is a provision saying the users lets FB use and abuse their data any which way it wants.

      • by Anonymous Coward

        well put.

        if that information your giving to him is so innocuos how come he's worth *billions* from selling it?

  • We have so much data about you, your kids, your family, your friends, your vices, your drugs, your vacations and we leak them like a sieve.

    Please tell us who captures your data, so that we can send them a bill.

    Thanks a lot suckers^h^h^h^h^h^h^h

  • lol sure (Score:5, Interesting)

    by o_ferguson ( 836655 ) on Tuesday April 10, 2018 @11:27AM (#56412847)
    I reported a bug under their last bounty program and they said "while this is a bug, and we will fix it, it's not a 'security bug' so we won't be paying you for reporting it." I hope they die in a fire.
    • Do you think it was a security-related bug?

      • Other than the fact that all bugs are security bugs, yes: it allowed you to post content direct to other users' walls, who were not your friends but in the same group as you, and to do so with no attribution, so the other users could see that you posted it to their wall, but not why you had access to their wall. It was a way to clearly violate their user compartmentalization organization, but they argued that since users had joined groups willingly, their rights hadn't been violated and so it wasn't really
    • by ViXiV ( 5346587 )
      Did this EXACT same shit to me for a CSRF bug where I was able to wipe and brick certain residental routers over their messaging system. They said it needed to be fixed in all the routers in the entire world by the manufacturers instead of incorporating appropriate CSRF filters in messages..... LMFAO, do not trust any bounty program from FB for any reason whatsoever!
      • lawsuit time
        • by ViXiV ( 5346587 )
          Apparently they are notorious for worming out of paying for legitimate bug bounty reports. They will refuse to pay you if at all possible and they have gotten really good at scamming security researchers and hackers into free work. IMO a lawsuit would be frivolous as they would likely spend more on their attorneys then paying the actual bounty just to make an example of the researcher and deter others from following suit. Stop reporting bugs to FB and just sell them for what they're actually worth instead o
  • 40,000?

    Look, FB, you're facing probable fines with four commas in the US and similar ones in the EU.

    Try adding more commas. I'd go for at least two.

  • by forkfail ( 228161 ) on Tuesday April 10, 2018 @11:57AM (#56413073)

    Yes, I'd like to report Facebook, Inc. It seems that they have provided APIs through which they sell private data to anyone with a bank account and a keyboard.

    Where can I pick up my check?

  • ... That They Won't Own Up To A Fucking Thing.

    discuss

  • by Tominva1045 ( 587712 ) on Tuesday April 10, 2018 @12:07PM (#56413131)
    So improper abuse is when you skim data off Facebook and market to those people elsewhere. Proper abuse is when you do a Google search on a product and two minutes later it's in your Facebook feed. Got it-
  • They want to make sure the only people taking data are the ones paying for it.

  • "Bug: you business model is based on selling data gathered without permission from users; effectively, this is like the Mafia asking people to help guard their loot. I can't imagine the cognitive dissonance needed to sustain that sort of hypocrisy, so it must be a bug?"

    Do you think they'd pay me?

  • Another Bug Bounty system from Facebook? Except they have been stealing from security researchers since the first bounty program was started by finding loop holes allowing them to not pay those bounties. They neglected to pay at least 2 legitimate bounties for bugs provided by myself stating that the bugs needed to be fixed in every router in the entire world instead of providing filters for it in their own messaging system which they eventually enabled without the bounty being issued. So essentially, they

You know you've landed gear-up when it takes full power to taxi.

Working...