Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Facebook Security

Would Be Cool if Everyone Normalized These Pesky Data Leaks, Says Data-Leaking Facebook in Leaked Memo (theregister.com) 33

Facebook wants you to believe that the scraping of 533 million people's personal data from its platform, and the dumping of that data online by nefarious people, is something to be "normalised." The Register: A blundering Facebook public relations operative managed to send a journalist a copy of an internal document detailing the social network's strategy for containing the leaking of 533 million accounts -- and what the memo contained was infuriating though unsurprising. Belgian tech journalist Pieterjan van Leemputten asked the Mark Zuckerberg-owned company some questions about the theft and dumping online of account data earlier this month.

Miscreants had helped themselves to 70GB of names, phone numbers, dates of birth, email addresses, and more from people's Facebook profiles, thanks to a security weakness in the platform. Having stolen the data in 2019, crims bought and sold it among themselves before one shared it via a Tor-hidden site in early April, inviting anyone to come and help themselves to it all. Yet when van Leemputten asked Facebook's mouthpieces to respond, what he got in return was quite unexpected. As he told The Register: "Facebook accidentally sent me an internal email where they literally state that they will frame the recent 533 million data leak as a 'broad industry issue' and that they want to normalize this." The memo added, "To do this, the team is proposing a follow-up post in the next several weeks that talks more broadly about our anti-scraping work and provides more transparency around the amount of work we're doing in this area."

This discussion has been archived. No new comments can be posted.

Would Be Cool if Everyone Normalized These Pesky Data Leaks, Says Data-Leaking Facebook in Leaked Memo

Comments Filter:
  • It's already normalized, and not just in the tech industry.

    • Was it an CORS issue that they had? I know though that you can just have the scraper send a header to get the data. If the content is set to public, it is publicly available. It sucks that people aggregated it, but if you dont want that data out there, set it to friends only! Unless I am misunderstanding the nature of the weakness?
      • by DarkOx ( 621550 )

        Well its not clear to me how vulnerable it was. The issue was the find friends functions let you upload your contacts database from your phone. Supposedly the search on facebooks end found possible relations based on phone numbers, and suggested them to you for 'friending'.

        What is not clear is if it would return matches for cases where people don't share their number but facebook has it; collected for MFA/account recovery or whatever other reasons facebook asks for phone numbers these days.

        The attack was s

    • by ptaff ( 165113 )

      This.

      Users are experiencing data leak fatigue, as every month there's major news about such and such large firm being breached [wikipedia.org]. So they just shrug it off, rationalize that it's part of the deal, and resume uploading personal data to whatever social media website that produces the most dopamine for them.

    • by xystren ( 522982 )
      Banks have done this for years. Remember the mid 2000 all the identity theft commercials they would run. That want just to advertise their identity theft protection, but to normalize it. These are things that never should have even occurred, but now it has become so "normal", we don't even question it. Facebook is just doing what the banks did back them, and any other company that has had a data breech. Welcome to the new normal (well, old new normal).
  • by awwshit ( 6214476 ) on Tuesday April 20, 2021 @03:11PM (#61295040)

    Wouldn't we all be better off if we normalized deleting Facebook? Facebook won't be able to shit the bed with your data if they don't have your data.

    • by saloomy ( 2817221 ) on Tuesday April 20, 2021 @03:18PM (#61295066)
      Funny you think Facebook wonâ(TM)t have your data if you delete your profile off of it. Facebook tracks you accross other sites through cookies and compile profiles on you whether you are a member or not.
      • Funny you think Facebook wonâ(TM)t have your data if you delete your profile off of it. Facebook tracks you accross other sites through cookies and compile profiles on you whether you are a member or not.

        Which is why I let uMatrix block the Facebook widget and all third party Javascript by default. Which breaks an appalling number of sites these days, but then I selectively enable the missing pieces needed. Frequently jquery.com and a few others. One I never enable is facebook.com.

      • If you live in California and they keep your data after you request deletion, that's a several thousand dollar fine they are looking at for each instance.

      • by AmiMoJo ( 196126 )

        That's coming to an end as all major browsers disable third party cookies.

      • Funny that you think I allow/keep those cookies. I don't have an account in the first place, its possible that they have some phantom profile of me but its not worth much. When you block ads and tracking its a lot harder for anything FB does to be meaningful.

    • But only one person needs to delete Facebook -- no need to delete it multiple times, since after the first time there's no Facebook anymore. And no need for "normalizing".
      • I deleted my Facebook account and so far it's been worthwhile in a limited way, despite some isolation from some friends and organisations who tend to do most things through Facebook because that's where everyone else is. I'm still, however, living in a world where large populations of people are influenced to levels of accuracy that were unprecedented before Facebook entered the scene. This affects how populations interact, how they perceive each others opinions, what they buy or don't buy, how they see e
  • Time to end FB (Score:5, Insightful)

    by sgage ( 109086 ) on Tuesday April 20, 2021 @03:14PM (#61295050)

    These people are sociopathic tools, always have been. MZ is the head sociopath, and inspires the whole crew. It is high time for this shit-show to be shut down. It's well beyond fixing.

  • You can't treat them like they ever cared about your wishes.
    They only care about you thinking you care for their wishes.
    And that they can keep doing what they want.

    So the solution is to ... give them a ... good reason ...to actually want what we want. Even if just pretend they like it too.
    Threat of death, with our choice being the only one out, is an obvious reason. Even if a morally unacceptable one.
    But threat of losing benefits they gain from us is a pretty good reaon.
    But make sure you studied Sun Tsu be

  • I agree (Score:5, Insightful)

    by gweihir ( 88907 ) on Tuesday April 20, 2021 @03:26PM (#61295092)

    Make it normal that those responsible go to prison and make it normal that companies that messed up pay $1000 to every person affected and more if the victims can prove more damage done. I.e. finally make it normal to treat these people and companies like the criminal entities they are.

    The abnormal state of affairs that absolutely noting happens to those fuckups on the legal side cannot continue.

  • Just log in and fill out this quiz on our new app.

  • From what I understand, these folks that had data scraped, all had public profiles. Did the scrapers go foul of the Terms of Service? Sure. Was it public data? It was on private Facebook servers, but set to public by the owners.

    I think the reality is that outside of a few tech circles, no one cares.
    --
    We live in a world where mental health is real. Emotional health is real, and people feel like no one cares. - Malik Yoba

  • FUCK THAT SHIT!!! The names and personal info of users of a website isn't a mother effing open phone book for the criminals of the planet. I barely want my neighbors one road over to know my name, much less mister nice foreign hacker.

  • by SmaryJerry ( 2759091 ) on Tuesday April 20, 2021 @04:02PM (#61295218)
    Is it a leak if it is public facing data already? It’s just scraping websites, which anyone with an hour of python experience can do. I mean it seems pretty normal to me already. If this data wasn’t already publicly available that is a different story.
  • "Normalizing" and out of control disease-state hardly sounds like an intelligent choice if you want less of the disease. On the other hand, mandating a minimum payout if your data was stolen at all - with "sky's the limit" if you can prove you suffered harm would clean up the problem rather smartly. A company which "secures" data - which is later to be found to be incompetent at said task - needs to be bankrupt, not coddled. A business can reasonably secure insurance, from a well-heeled company, to help c
  • I keep my FB usage pretty trivial, but being an old person, I do have an account. And I have logged onto it regularly since 2010 or so.

    Every time, FB asks for my mobile phone number so they can set up 2 factor authentication. "For security".

    They are not getting that number and they are not getting my actual birthdate. Well, at least not from me. I can't do anything about their cross-referencing skullduggery.

  • Time to let FB go. It adds no value and just enables domestic terrorism
  • To me this looks like exactly what I would expect to see in this situation. The PR sausage is being made. Big deal. It doesn't appear to be a leak of a technical directive, strategic plan, or mitigation strategy. It's just discussion on narrative control.

  • Umm ever since Facebook launched they made massive privacy blunders. Aside from the odd we are sorry nothing has really stuck. These companies do as they please. People are the product, and you are sold many times over.
  • though I could really do without the author's inflammatory op/ed.

  • Am I the only one that originally assumed that with "normalization" they meant having single industry-agreed labels for fields, designing the tables in Backus-Naur Form, that sort of thing? I mean, why not make life easier for those ... erm, entities .... that use the data, leaked or otherwise?

Real programmers don't comment their code. It was hard to write, it should be hard to understand.

Working...