WingNews logo WingNews
top | item 19754924

(no title)

orijing | 6 years ago

The article claims the practice "was uncovered by Business Insider last week", implying FB was being sneaky about it. But if you look at the Business Insider article (https://www.businessinsider.com/facebook-uploaded-1-5-millio...), you'll see this:

> A Facebook spokesperson said before May 2016, it offered an option to verify a user's account using their email password and voluntarily upload their contacts at the same time. However, they said, the company changed the feature, and the text informing users that their contacts would be uploaded was deleted — but the underlying functionality was not.

> "Last month we stopped offering email password verification as an option for people verifying their account when signing up for Facebook for the first time. When we looked into the steps people were going through to verify their accounts we found that in some cases people's email contacts were also unintentionally uploaded to Facebook when they created their account"

so Facebook discovered this bug in an audit of its code, fixed it, and planned to notify everyone who was impacted.

discuss

order

kerng|6 years ago

Can we please stop calling these privacy violations bugs? It sounds like a benign thing. These are not bugs anymore. It's unauthorized access to records of millions, and Facebook is the one who performed the violation.

I can give a dog walker or cleaning personel the keys to my apartment, still if they steal stuff and I have evidence they will be prosecuted. It's not a bug that they don't have business ethics.

product50|6 years ago

So a hacker took all of Equifax's data including your SSNs, address, names, DOB etc. By your analogy, all of Equifax engineers should be in jail right now!

BTW, just in case you are unaware, Equifax got away with this hack with zero fines in US.

orijing|6 years ago

I'm curious, if the message saying that "FB will also import contacts if you proceed" were still visible, would you still consider it "unauthorized access"? Is it really "unauthorized" if users give informed consent?

I doubt it, so it seems that we're just bickering over whether the accidental removal of the message is considered a "bug" or a malicious act by some engineer to trick users into sharing their data because they (and their company) lack business ethics.

Which is more likely?

bryan_w|6 years ago

Yeah, this seems like punishing FB for being too honest. There was no technical reason to disclose the bug. I mean if they just quietly deleted the data that they didn't mean to collect, it doesn't seem likely that anyone would even notice.