A small array of scripts programmed to pass themselves off as real people stole 250 gigabytes worth of personal information from Facebook users in just eight weeks, researchers said in an academic report to be presented next month. The 102 “socialbots” included a name and picture of a fictitious Facebook user and used …
I think what's really interesting is that people are just accepting friend requests left and right. What's the point of 'friending' people you don't even know? Is it to boost your friend count as though that holds some sort of social credibility? Are people really that insecure/lacking that much self-esteem that they want to 'friend' everyone?
Back when I used Facebook, I only ever accepted people whom I was actually friends with and spoke to on a regular occurence. Sure, I only had a few dozen friends on there, but I'd go for quality over quantity anytime.
Making new friends, of course. Who doesn't want to be friends with a scraper bot?
It does mean that no matter how many privacy controls social networks would introduce (even if they were well-thought-out, which Teh Zuck wouldn't be able to do to save his life) you're still dependent on other people. Well, good luck with that.
As a privacy mechanism, it's entirely worthless. And by now people are so addicted to the inane banter and lure-you-to-stay stupid little (and not so little) games that they're not going to choose privacy, automatically giving themselves up to the data trolls instead.
I still don't have a facebook account but I do see an increase in things you can only see with such a thing, announced on non-fb sites, as if "everyone" has an account and is willing to be tracked. The walled privacy-eating garden is slowly enroaching. If we want to get serious about privacy we have our work cut out for us.
"...as if "everyone" has an account..."
That is what it feels like sometimes (and perhaps what some would like), but reality is that take up apparently seems to flatten off at about 50 percent in most countries, not accounting for duplicate or inactive accounts. Perhaps the rest of us ought to be a bit more vocal about the fact we are in a (slim) majority, rather than allowing facebok to present itself as a near inevitability in everyone's lfe.
You're on Facebook, bored and single. Suddenly a hot man/woman/horse (delete according to taste) in your area asks to friend you.
Personally I'm not a fan of using Facebook as a dating tool and don't add anyone I've not met in real life, but you can see why other people might..
Turing test 2.0
Machine passes, if you can not tell your new friend is not human...
the human on the other end is Turning-capable. Many aren't!
who is Turning?
I deduce you are human because you made a mistake, and to err is human. Do you want to be friends now?
bzzt... blip-blip... All your data are belong to us!
Are you sure they were actual researchers?
Maybe the title should be "journalists accept story concocted by robots".
Because there the same happens: once an outrageously improbable story gets accepted somewhere online by a legitimate journal (the "Sydney Bugle & Watchtower" or so), then other papers suddenly copy it en mass.
@LM I know you are a real person.
A machine would not auto-correct its own spelling of 'the creator'.
Cats are, and always have been, anti-social little buggers...
Not just the users
It's not just those who sign up who get shafted by data scraping like this, their non-facebook using mates get screwed too. I've never used facebook or any other so-called 'social network', but every time someone I know dumps their Gmail address book or mobile to their facebook account, my data is up for getting scraped too. I find it offensive enough that fscebook can and does benefit from this in building a 'shadow' profile of me, but it really takes the Michael that their slack-arsed approach to security allows everyone from the penis pill pushers to the Friends of Miriam Abacha to get hold of my information and a picture of who I know.
Data protection law ought to start taking a far dimmer view of the care of the data of third parties who have no control over it's distribution. Facebook has the capacity to remove details not belonging to signed up users. Its should be compelled (preferably violently) to do so. Yeah, right...
It's entirely unsurprising to find out what happens on Faecesbook.
Will work for the greater greed
""Overall, our research goal is ... to help Facebook and the wider community to build more secure systems that are less vulnerable to both human exploits... and technical exploits...."
Don't DO that; some would call it accommodation, but the short-term effect of any such effort is to encourage the (quite obviously mistaken) belief that "it's secure". ...right. Doesn't a data suck of 30G/week not tell you that there's a serious problem in personnel?
Academics! Head, orifice, insert.
No doubt the people who were mined were asking for it by not taking their responsibility for the own security seriously.
'No doubt the people who were mined were asking for it by not taking their responsibility for the own security seriously.'
Indeed. They were using facebook.
At the very least the ethics is questionable, and it may be considered illegal in some jurisdictions.
Makes me wonder how much e-mail spam is the result of similar research.
how much e-mail spam is the result of similar research
I'm imagining knob-boffins down at the Institute of Penis Enlargement, scratching their heads and saying "why the hell has NO-ONE contacted us back about our miracle breakthrough ??? We've sent gazillions of emails..."
Re: "they've annoyed and deceived a lot of FB users."
Only one part of that statement is probably true, the other is highly doubtful. And I say that as someone who still has a FB account.
The whole "wow this girl/guy looks nice/hot and wants to friend me, must accept" happens in all social networks, even real ones.
Just smile and you can pretty much get a lot of,data on any number of people.
Something for the next Reg reader survey
It would be interesting to know what proportion of Reg readers are also 'serious' facebook/Twitter users (as opposed to having half a dozen accounts under fake names for test purposes) - methinks might be a fairly low number!
What is this 'facebook' of which you speak?
"test purposes" eh?
Just like those midget porn site accounts, no doubt!
I smell BS
250 gigabytes worth of personal info? How much is that per "friend"? Sounds like they had access to a lot of cat photos.
I have practically no personal info on Facebook.
The email address is one knocked up for Facebook, location and everything else is either non-existant or bogus.
Seems to work as even close friends have asked if it was me who posted stuff.
With any social network system it's all down to how much you want to tell world+dog about your intimate details.
I've not even got any cat photos - must drag a load off t'intertnet and put them there for those who want such things.
Farcebook by another name
Another article on the security, or apparent lack of it, on the social website linked to a book.
It must be a very thin line between real friends and those on FB, you know... people you see at school or work, "I shared a bus trip with you don't you remember?". Why not distinguish between friends and people I vaguely know by granting appropriate security to them rather than some totally lame system which resets to open access each time those allegedly in charge tinker with it?
PaedoBook was probably the funniest rename of it I heard.... although FarceBook seems wholely appropriate!
Nothing new ...
In "The Mighty Micro" (pub 1979) by the late, and sadly missed Dr. Christopher Evans, he recounts a tale of using a proto chat system which was in use at a conference, to talk to other delegates. One delegate he was chatting to had to leave suddenly, and the system happily carried on burbling for a few minutes, before Evans twigged he was talking to a machine, not a person.
Trusted IP addresses?
I wasn't aware that criminals went around with special naughty IP addresses. Obviously if they were stealing someone's personal details in real life they'd be easy to spot because of the black and white striped top and the large bag marked with 'SWAG'..
they received 331 requests from Facebook users
People so thick that they try to make friends with a 'bot. Should we laugh or cry?
It's either a great illustration of how dumb farcebook users are, or shows that a substantaial number of those users are also unrecognised 'bots. Wonder how long it will be until > 50% of farcebook users aren't real people?
Which reminds me, where's Second Life these days? Haven't heard anything about it in ages.
Failbook rides again
As I only accept "friend" requests from people who are actually "friends" (or at least people I know exist in real life), i guess that makes me (a) an old curmudgeon and (b) immune to this kind of social engineering.
I'd be interested to know
What the Academics do with the data they slurped? Do they consider it fair game as the friend request was accepted? Is it destroyed, stored anonymised or just stored by them? They've already used the data (friends lists harvested from the first trawl) to do the second trawl run.
Not that I'm having a go at the Academics though, it seems obvious this is an issue that needs highlighted. More for FB and the like to (try to) step up the warnings that friend requests might be a stranger trying to con you.
Re: I'd be interested to know
In the report linked in the article, the researchers said they strongly encrypted the data and then permanently destroyed it once their project was completed.
....Hard and Loud at the FB losers!
They will all get what they rightly deserve.
No one would leave their door keys in the lock when leaving the home, so if they are stupid enough to leave their personal information with someone they have never met, they deserve, indeed asking for the trouble they will receive.
Did they ask Facebook's permission before carrying out this work?
If not why not?
Its so frustrating and weird to see the comment from the FB spokesperson. Hello Sir, have you heard of insider attach which contributes to the max number of hacking incidents in any organization. What the researchers have done is one form of insider attach were they had taken advantage of the special status given to the IP addresses and hacked your system. It is good that it were researchers but imagine if some one with malicious intent had done it.
- Infosec geniuses hack a Canon PRINTER and install DOOM
- Feature Be your own Big Brother: Monitoring your manor, the easy way
- Boffins say they've got Lithium batteries the wrong way around
- In a spin: Samsung accuses LG exec of washing machine SABOTAGE
- Phones 4u slips into administration after EE cuts ties with Brit mobe retailer