Log in  |  Skip to main content
       
 about  program  speakers  media
WORLD FORUM FOR
COMMUNICATION
TOP-MANAGERS
IN DAVOS

News

  • Latest privacy brouhaha comes with a lesson we should have already learned

    by Helen A.S. Popkin

    You know that guy who just posted the personal details of 100 million Facebook profiles in an online downloadable file? He ain't Matthew Broderick in "War Games," Keanu Reeves as "Neo" or "The Girl with the Dragon Tattoo."

    Sure, the dude wrote some code to access and aggregate user information through Facebook's directory , but he isn't a "cracker." He didn't even need to be a "hacker" to do it. Ron Bowes is just a security researcher who used a tool to quickly access all the profile info made readily available by Facebook users who — by either choice or chance — didn't lock it down.

    If we take any lesson from this latest Facebook privacy brouhaha, it's one we should have already learned: Facebook isn't for people who don't wish to be known. Because here's the deal: Facebook has not now, nor will it ever, protect your information for you.

    The thing to remember is that on Facebook, your wishes (or privacy settings, whatever) are by default, indexed for search engines. That's how Bowes was able to access and aggregate the 2.80 gigabyte file he uploaded to file-sharing website Pirate Bay. As in the Facebook statement, the information on this file "already exists in Google, Bing, other search engines, as well as on Facebook."

    If users haven't properly understood and changed the default settings, information is available to be collected and aggregated by a security researcher like Bowes, or any unsavory character that may have already done the same and didn't bother mentioning it to the press.

    "Facebook has been making so many changes, and every time those changes are made, the information is by default publicly available," said Nicole Ozer, technology and civil liberties policy director for the ACLU of Northern California.

    "The 100 million people on that file make up one-fifth of Facebook. How many of those people haven't made a conscious choice, misunderstood a setting or even knew where to find it to change the default?" Failing to understand and change settings means people can inadvertently share private information that can be used in a way most users can't predict, Ozer says.

    "How many of those 100 million users anticipated that a security researcher was going to aggregate and leak their information on a peer-to-peer sharing site?"

    It's not like Facebook provides worst-case scenarios. Though, it's hardly surprising that a bunch of huge corporations may be downloading all that info posted on Pirate Bay, as Gizmodo reported today.

    Using a peer block-like program, the tech blog was able to identify a cavalcade of IP addresses accessing the BitTorrent data, including Disney, Church of Scientology, Halliburton, Lucasfilm, Procter & Gamble, Sega, the United Nations and a whole heck of a lot more. (To be fair, it could just be some guy at work who's downloading for kicks and giggles, plus the fact that IP addresses do fluctuate.)

    Source: http://www.msnbc.msn.com/id/38474945/ns/technology_and_science-tech_and_...