Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook Master Password Was "Chuck Norris"

Posted by samzenpus on from the ad-nauseum-roundhouse dept.

I Don't Believe in Imaginary Property writes "A Facebook employee has given a tell-all interview with some very interesting things about Facebook's internals. Especially interesting are all the things relating to Facebook privacy. Basically, you don't have any. Nearly everything you've ever done on the site is recorded into a database. While they fire employees for snooping, more than a few have done it. There's an internal system to let them log into anyone's profile, though they have to be able to defend their reason for doing so. And they used to have a master password that could log into any Facebook profile: 'Chuck Norris.' Bruce Schneier might be jealous of that one."

19 of 319 comments (clear)

  1. Chuck Norris... by thewils · · Score: 4, Insightful

    doesn't need a password.

    --
    Once I was a four stone apology. Now I am two separate gorillas.
    1. Re:Chuck Norris... by Anonymous Coward · · Score: 1, Insightful

      doesn't need a password.

      But us mere mortals must invoke his name to access his powers.

    2. Re:Chuck Norris... by Monkeedude1212 · · Score: 1, Insightful

      Haha, now THAT one is actually clever.

    3. Re:Chuck Norris... by electricbern · · Score: 4, Insightful

      That joke is so clever you get modded insightful for calling it clever. It had to be about Chuck Norris.

      --
      alias possession='chmod 666 satan && ls /dev > il && tail daemon.log'
    4. Re:Chuck Norris... by skelterjohn · · Score: 4, Insightful

      The joke is so clever that you get modded insightful for talking about how someone got modded insightful for calling it clever.

      Hopefully we'll see some recursion here...

  2. Lulz by Anonymous Coward · · Score: 0, Insightful

    A privatized social networking site does not actually give you any privacy. Surprise!!!

  3. Reason #2378238 not to be on Facebook by Anonymous Coward · · Score: 5, Insightful

    Like you need another reason?

  4. SHOCKER by Monkeedude1212 · · Score: 4, Insightful

    Nearly everything you've ever done on the site is recorded into a database

    Considering nearly everything you ever do on Facebook is made public to either your friends or everybody - thats not shocking at all. The entire system is basically built around informing everybody of everything you do. You can't even perform an action without some app or another prompting you "Do you want to post this on your profile? YES/NO".

    And for those of you wondering, it's obvious what the new password is;

    The only man to have ever beaten Chuck Norris? Bruce Lee.

  5. There's funny... by DeadPixels · · Score: 3, Insightful

    There's funny, and then there's irresponsible. Having "Chuck Norris" as a master password that grants access to any account is most definitely the latter. I would expect that from a couple of teenagers running their first web server, not one of the most popular websites on the Internet.

    There is a time and a place for silly HTML comments or in-joke variable names, but a master password for a site with hundreds of millions of users is not one of them.

    1. Re:There's funny... by coastal984 · · Score: 5, Insightful

      There's funny, and then there's irresponsible. Having "Chuck Norris" as a master password that grants access to any account is most definitely the latter. I would expect that from a couple of teenagers running their first web server, not one of the most popular websites on the Internet. But Facebook WAS a couple of teenagers running a web server (He was 19 when FB launched)... and it grew. Not that I don't disagree with it being irresponsible, I'm just saying...

    2. Re:There's funny... by Gudeldar · · Score: 2, Insightful

      That is a false dichotomy. It is both very irresponsible and funny.

    3. Re:There's funny... by Rary · · Score: 2, Insightful

      Yes, but this is a childishly simple and unaccountable way to provide said access.

      Considering Facebook logs everything, I wouldn't describe this as "unaccountable". I'm sure it's not that difficult to track who did what and when. In fact, the interview discusses cases where people who abused it were tracked down and fired.

      It's not the best system, but that's exactly why they replaced it. It did the job for a while, then they introduced a better system. That's how things usually work.

      --

      "You cannot simultaneously prevent and prepare for war." -- Albert Einstein

  6. Re:Not the master password by hansamurai · · Score: 3, Insightful

    My pants...

    this is idle, right?

    --
    Reviewing just the first hour of video games.
  7. TFA accuracy? by carvell · · Score: 4, Insightful

    Rumpus: When you say “click on somebody’s profile,” you mean you save our viewing history?

    Employee: That’s right. How do you think we know who your best friends are? But that’s public knowledge; we’ve explicitly stated that we record that. If you look in your type-ahead search, and you press “A,” or just one letter, a list of your best friends shows up. It’s no longer organized alphabetically, but by the person you interact with most, your “best friends,” or at least those whom we have concluded you are best friends with.

    This is rubbish, isn't it?

    I've just typed "a" into the search box and it comes up with an alphabetical list of contacts. The first one happens to be someone whos profile I don't think I've ever clicked on.

  8. We Have A "Magic" Password Too by TheNinjaroach · · Score: 3, Insightful
    We have a "magic" password for our internal website as well as our customer website. It's highly obscure and serves as a great tool for walking our customers through issues they have with the website, since it changes quite a bit depending on who they are. So I'm not really surprised Facebook has (had) a "magic" password, but I was pretty disappointed to read in the summary it was something as simple as "Chuck Norris." Then I read this:

    I’m not going to give you the exact password, but with upper and lower case, symbols, numbers, all of the above, it spelled out ‘Chuck Norris,’ more or less.

    Sounds like it was obscure enough to me. If a user just happened to be using that password they would have never known it was magic unless they thought to try it on another user id.

    --
    I went to eat some animal crackers and the box said, "Do not eat if seal is broken." I opened the box and sure enough..
  9. But it only works ... by Ungrounded+Lightning · · Score: 3, Insightful

    The real WTF is that "Chuck Norris" works as a password into anything: Facebook, your online bank account, your sister's pants...

    But it only works for Chuck Norris.

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
  10. Re:True story.... by VJ42 · · Score: 2, Insightful

    What company would decide not to employ you for having a drink at a party in your own time? Seriously, here in the UK when we talk about what we did on the weekend at the office more than one of my bosses has to going out and getting absolutely hammered. If they saw that picture, it would only prove that your friend is a sociable person that likes to have fun; i.e. someone that will also have a sense of humour around the office. What's wrong with that?

    --
    If I have nothing to hide, you have no reason to search me
  11. Stores in a database by ucblockhead · · Score: 3, Insightful

    Nearly everything you've ever done on the site is recorded into a database.

    Unlike slashdot, which writes everything in code on paper and has mute gnomes who it in a locked vault.

    Seriously, I expect this kind of idiocy from the AP, but I thought slashdot editors were supposed to be technical. Nearly every goddamn site stores user data in a database, and in nearly all these cases there are employees with the master passwords that allow them to see every damn thing. (Except, if you're lucky, the password.)

    --
    The cake is a pie
  12. Re:New feature on Slashdot! by Anonymous Coward · · Score: 1, Insightful

    U: AzureDiamond
    P: hunter2