Facebook Q & A thread

in light of this recent finding people might have some questions to ask or (at the least) change their Facebook privacy settings.

http://news.yahoo.com/s/pcworld/20100729/tc_pcworld/thefacebookdatatorrentdebacleqa

The Facebook Data Torrent Debacle: Q&A
Buzz up!635 votes Share
retweet
EmailPrint..Related Quotes Symbol Price Change
^DJUSS 453.69 +0.34
^IXIC 2,254.70 +3.01
^IXK 1,141.97 -4.27
Ian Paul Ian Paul "“ Thu Jul 29, 11:32 am ET
Security concerns over Facebook have been raised yet again after a security consultant collected the names and profile URLs for 171 million Facebook accounts from publicly available information. The consultant, Ron Bowes, then uploaded the data as a torrent file allowing anyone with a computer connection to download the data.

Simon Davies a representative of the U.K.-based privacy watchdog Privacy International accused Facebook of negligence over the data mining technique, according to the BBC. Facebook, however, told the British news service that Bowes actions haven't exposed anything new since all the information Bowes collected was already public.

So what are the security risks? Should you be concerned? Let's take a look.

What data was collected?

Ron Bowes, a security consultant and blogger at Skull Security, used a piece of computer script to scan Facebook profiles listed in Facebook's public profile directory. Using the script Bowes collected the names and profile URLs for every publicly searchable Facebook profile. All together, Bowes said he was able to collect names and Web addresses for 171 million Facebook users. That's a little more than a third Facebook's 500 million users. (Click image above to zoom)

What did he do with the data?

Bowes compiled this list of text into a file and made it available online as a downloadable torrent.

How many people have downloaded the torrent?

The Pirate Bay lists 2923 seeds and 9473 leechers for the torrent file at the time of this writing. Seeds are people who have downloaded the entire file and are uploading to others. Leechers are actively downloading the file.

Is this a big deal?

That depends on who you ask. Facebook points out that some of the data Bowes collected was already available through search engines like Google and Bing. The entire data set is also available to any user signed into Facebook. So the data was already publicly available, and nobody's private Facebook data has been compromised. Nevertheless, this is the first time that 171 million Facebook profile names have been collected into one set of files that can be easily analyzed and searched by anyone.

What could a malicious hacker use the data for?

As Bowes pointed out in a blog post, someone could use this data as a starting point to find other publicly available user data on Facebook. After all, you have to wonder how many of these 171 million Facebook users have publicly exposed e-mail addresses, phone numbers and other information on their profiles?

It has been proven time and again that the more a bad guy knows about you the greater your security risk is. Collecting personal data allowed a French hacker to steal confidential corporate documents at Twitter. Researchers were alarmed when Netflix wanted to release anonymous user data including age, gender and ZIP code for the Netflix Prize 2. Security researchers said the data dump by Netflix was irresponsible since it is possible to narrow down a person's identity just by knowing their age and ZIP code. The contest was eventually canceled. One Carnegie-Mellon study also found a flaw in the social security numbering system that could allow a sophisticated hacker using data mining techniques to uncover up to 47 social security numbers a minute.

How do I know if my name was caught in the data dump?

From your Facebook profile dashboard click on 'Account' in the upper right hand side of your dashboard. Select 'Privacy Settings,' and then on the next page under 'Basic Directory Information' click on 'View Settings.' You should see a page similar to the image above. If the first listing called "Search for me on Facebook" is set to "Everyone." Then chances are, your name and profile URL are in the torrent file. (Click image to zoom)

You should also check to see if external search engines like Google and Bing are indexing your profile. To do this go back to your main privacy settings page, and at the bottom click on the "Edit Settings" button next to "Public Search." On the next page, if the "Enable public search" check box is ticked then search engines are indexing your profile. To stop this just uncheck the box and then click on "Back to Applications."

My name is not in the public directory should I be concerned?

If you were not in the public directory Bowes says your name is not in the torrent file. However, you could be exposed to similar data mining techniques in the future. Bowes says that if any of your Facebook connections have made their friends lists public then your profile could easily be found through data mining your friends' profiles.

What can I do to keep my information private?

The biggest concern isn't so much about your name and profile URL being exposed. The greater concern, for you anyway, is the publicly available information contained on your profile page.

To protect yourself, you may want to reconsider your current privacy settings. To do that visit your Facebook profile's Basic Directory Information page by following the steps listed above or just click here.

On the top right of the page you should see a button that says "Preview My Profile." Clicking that button will show you all the information you make public on Facebook. Data you may want to consider hiding includes your hometown, birth date, age, phone number, current city and e-mail address.

So what do you say? Is Bowes' data dump making your rethink your Facebook profile settings or are you not concerned?
 
So what do you say? Is Bowes' data dump making your rethink your Facebook profile settings or are you not concerned?

I'm in the "not concerned" corner. Already have my settings so that only friends can view things. Even if the privacy settings weren't available, the only things I put on the internet are the things I could care less if someone knows. I recently came across an article that notes there are applications for Iphones and Droids that gather people's pictures and other info. Again, not really a big concern unless people have pictures or other things on their phones that they wouldn't want others to end up with. ;)
 
The completely closed off settings(only first name viewable, and picture to all that are not friends) should be the default. I've notified FB about this with many others that this needs to be put into place to protect it's members as well as the millions of underage users, especially the underage users. I've gone through and changed all the settings for my younger cousins and family just to protect our privacy. My family loves the fact that I'm a networking psycho and know how to use them.
 
The completely closed off settings(only first name viewable, and picture to all that are not friends) should be the default.
I couldn't agree more.
Wasn't this change in the works?

ABC News interviewed Zuckerman (Facebook) and he seemed to indicate changes were coming...................
 
not concerned. don't care. more important things to worry about......yeah, i'm in that category.
 
I'm not concerned for myself but have some concern for my 13 and 14 year old children. Because of them I wish FB would have the security settings all set to Friends Only by default. It doesn't matter how much you preach to them about being careful on the internet they are only kids and sometimes mistakes happen.
 
hypothetical question

hypothetical question

could I download/upload a picture of someone else and log into Facebook using their photo as my own?

Would it be possibble to use someone else's name, too?

I'm not concerned for myself but have some concern for my 13 and 14 year old children. Because of them I wish FB would have the security settings all set to Friends Only by default. It doesn't matter how much you preach to them about being careful on the internet they are only kids and sometimes mistakes happen.
x2
 
could I download/upload a picture of someone else and log into Facebook using their photo as my own?

Would it be possibble to use someone else's name, too?


x2

You could download a pic of anybody that has there security set to EVERYONE and then use it as your pic. Sure you could definitely use someone's name, they couldn't stop that. Think of how many people have the same name. You couldn't however log in to someone's account without their username/password.
 
could I download/upload a picture of someone else and log into Facebook using their photo as my own?

Would it be possibble to use someone else's name, too?

That would be very possible. I'm sure there a many hundreds of thousands of those 500 million users that have pictures up that aren't them as well as a fictitious name. Also one could come to a logical conclusion that a lot of the publicly viewable profiles are of fictitious people trying to meet someone to scam or sometimes worse. But that is why you never set up to meet and greet some one over the internet.
 
I've heard a good rule of thumb considering these sites..Anything you wouldn't put on a billboard outside your house,should never be posted online
 
I've heard a good rule of thumb considering these sites..Anything you wouldn't put on a billboard outside your house,should never be posted online

Exactly. But kids don't understand that, and neither do drama ridden teens and young adults. I've been caught up a few times in the internet world but luckily I have grown past that stage.
 
Back
Top