WingNews logo WingNews
top | item 40435205

(no title)

billjings | 1 year ago

> I used to work at FB and they have a team that tries to catch employees selling access like this.

For folks who aren't familiar with FB, maxrmk is absolutely right. But some more color would probably help:

When one of the privacy teams discovers a violation of this kind, the employee is generally called into a meeting with HR and fired the very next day.

A friend of mine did this inadvertently - just trying to help a real personal friend with an account issue, and inadvertently accessed a system in a way he didn't realized was a privacy violation. Months later, he was investigating data for a project, which triggered an audit. They walked him out the door the next day after finding it.

So: yeah. This is not a very good business idea.

discuss

order

tdeck|1 year ago

> and inadvertently accessed a system in a way he didn't realized was a privacy violation

Sounds like they need better controls, there shouldn't be ways to inadvertently access personal data and violate someone's privacy. Particularly not at such a mature company.

jasonfarnon|1 year ago

I don't work there but I imagine when this happens it's because the employee needs access to the resource for some legit reasons, but accessing it for illegitimate reason is what amounts to the violation. So access controls here would amount to reviewing the reasons for the access.

loeg|1 year ago

The controls have gotten better / more explicit over time. They flash you up a pretty explicit clickthrough wall now. And there's pretty explicit training that you hand off issues for friends/family to a 3rd party engineer to handle rather than accessing user/friend data yourself.

itissid|1 year ago

That two letter tool at meta for profile access?