Yup, it's a match.
Facebook's Download Your Information (DYI) tool has occasionally been criticized for not offering enough transparency into user-account data, but it recently revealed more than it intended when a bug led it to leak the contact information of some six million users. In an advisory posted on Friday, Facebook's security team …
Yup, it's a match.
Ah, I should have specified re.DOTALL. Thanks for the additional test case, though.
Don't know about most people here, but about eleventy-seven security and privacy goofs back I went through my Facebook profile and deleted EVERYTHING that I could. My profile has two things: My City (which makes sense) and my e-mail address - hardly a secret.
Almost every privacy setting is set to "Friends Only" and I vigorously block all the stupid spam that Facebook feeds me, and aside from "Scrabble" don't accept requests from games and apps and other dreck.
Still, I have no illusions about what Facebook might have on me, and who they would sell it to.
Funny things is that I have no real qualms about handing large swaths of my life to Google, storing my e-mail on their servers, and have never found their advertising particularly irritating.
It doesn't matter one iota what you put in, it is what everyone else around you puts in that matters, that is what Big Data is about.
It would be very easy to extrapolate your tastes and pleasures based upon your social circle and their preferences.
Even not using Facebook at all can't protect you from Facebook, unless you have no friends IRL and never show your face in public.
At least that's my excuse.
"Still, I have no illusions about what Facebook might have on me"
I found out a few years back a little of what Facebook like to keep after you "delete" it.
I changed the e-mail address of my main account 3 years ago, and blocked and deleted a load of "friends" in the process. I have re-used that e-mail address for a couple of test accounts since, and each time Facebook would recommend I add all the people I deleted. More recently, it's started recommending I add people I work with (that are not friends with my main account). From what I can tell, even if you delete information like your contact details and who you want to be friends with, Facebook still keep a record behind the scenes.
Odlly enough, for all they go on about people having multiple accounts and how awful it is, they clearly know I have more than one and haven't auto-closed it or even given me a warning...
Yep, like I always say, the difference between a tattoo and something on the internet is that, no matter how painful or expensive, at least a tattoo can be removed.
I'm always amazed when I add people I barely now (quite rare these days) and find their street address, phone number etc.
ID fraudsters dream. I personally hate the way these sites try to coerce you into using your real name, surely having a pseudonym means you aren't sharing information useful for ID fraudsters?
And they're still employed?
That's the real news - it's just hidden with all this "6 million users" distraction...
More pertinently, their TESTING team should be staring down some P45s! Surely even mildly thorough testing of this tool would've shaken this out? This isn't a security failure, it's a QA one.
Yeah, every time I read those words I can't help smirking.
Facebook's security team.
Seems the fb security team forgot to add the "If account = NSA, giveall access" filter to their new setup.
I thought that's what it was for?
"... only other people could have had access to the data – as opposed to developers or advertisers ..."
Because developers and advertisers are not people and they don't have Facebook accounts.
"Hello, is that the NSA? Facebook here. We've got some more user data we thought you might like, you know, for an extra fee. What do you say?"
"I thought we already had all your data? Under the contract we signed with you, we're supposed to have a direct intercept on your servers."
"Yes but this is a new, experimental product, the data is presented in a more accessible format."
"Well, we would normally be interested, but the hard disks are pretty full right now, so we cannot take any more data until next Wednesday."
"OK then, so what do we do with it?"
"Just throw it away, it's useless."
Facebootards, remember! You're the product being dealt with, not the customer.
Just like with Google, Outlook.com, Yahoo, Twatter, and much of the other free services out there.
As an experiment try enabling prompts before setting cookies in your browser, and then count how many third-party 'wtf is that' domains you'll get requested to allow on the average ad displaying page...
I'm not particularly worried, as I only have fake data in my Facebook account. My email is the only true data point in there.