Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook Implements 'Download Your Profile' Option

Posted by CmdrTaco on from the just-want-a-damn-rss-feed dept.

eldavojohn writes "Facebook is rolling out some new changes (including groups) that are supposed to liberate user control. But something that might interest Slashdot readers even more is that they now allow you to download all your information from Facebook. That's everything — all your posts, pictures, videos, friend lists, etc. A video from David of the Open Source team at Facebook explains how it will work, although I don't see that option on my profile yet (they are slowly rolling it out). There's not a lot of details yet, but they at least require you to click a link from an e-mail and reenter your password to get this (to avoid spambots harvesting everyone's data and careless use of public computers resulting in data leaks). Perhaps competitors like Diaspora would be interested in using this base information to germinate user seeds?"

114 comments

  1. A nice gesture of openness by Anonymous Coward · · Score: 1, Insightful

    Well this certainly makes it much more easier to move your nonsense-data around, but how long untill all the data is available on piratebay?

    1. Re:A nice gesture of openness by Pojut · · Score: 2, Interesting

      Unless your account (or their servers) get hacked, it would only show up if you put it on there yourself...

      Aside from being able to back up everything, it would be interesting to do this and read some early correspondence on the service.

      --
      Living With a Nerd
    2. Re:A nice gesture of openness by Jugalator · · Score: 1

      Well this certainly makes it much more easier to move your nonsense-data around, but how long untill all the data is available on piratebay?

      Install the Facebook application "Access others private profiles" and give it full access rights to your account, I heard that'll do the trick!

      --
      Beware: In C++, your friends can see your privates!
    3. Re:A nice gesture of openness by NeverVotedBush · · Score: 2, Insightful

      Facebook sending users an e-mail with a link to click on just invites spam and fake websites to harvest user's logins and passwords.

      Nice move on Facebook's part to help train their users to click on links in e-mails that take them to websites to enter authentication credentials.

    4. Re:A nice gesture of openness by sinclair44 · · Score: 4, Insightful

      I love how people used to bitch that you couldn't get your data off of Facebook (which wasn't even completely true, given Platform and Connect), but now that they added that exact feature, people are bitching that it will allow spammers to get information or that it trains users in some bad way. Can you give them a fucking break? They are honestly trying to add a feature exactly for the demographic here (most users probably don't care about this level of data portability one bit) and all most people can do is still complain.

      --
      Omnes stulti sunt.
    5. Re:A nice gesture of openness by WrongSizeGlass · · Score: 1

      Well this certainly makes it much more easier to move your nonsense-data around, but how long untill all the data is available on piratebay?

      I guess that depends on how long it takes a clever virus to start looking for traces of these downloads on someone's PC and start harvesting the information. My guess is less than 60 days ... but it may not be on PB first as I'm sure there are other 'markets' for this type of information.

    6. Re:A nice gesture of openness by multisync · · Score: 3, Insightful

      I would think the email with the link would be sent to the user in repsonse to a request of some sort. You know, you request your data, they email you a link to get it ...

      Have you never forgotten the password you use for an infrequently-visted site and had them email you a temporary one? This sounds like the same thing.

      --
      I don't care why you're posting AC
    7. Re:A nice gesture of openness by NeverVotedBush · · Score: 5, Insightful

      Dude, it is one of the basic tenets in computer security to not click on links in e-mails that take you to websites where you enter login credentials.

      Those kinds of e-mails are known as phishing and spear phishing attacks. They are very common and very dangerous.

      Facebook has had no end of security problems. Now with the publicity that they will be sending out e-mails that have a link, wait a few days and see what hits in computer security news.

    8. Re:A nice gesture of openness by GrumblyStuff · · Score: 1

      I'll give them a break when they stop reseting options with new privacy policies or ToS that lowers the ability for users to lock down their accounts and defaults all options to the most open setting.

      I'll give them a break when their account deletion process no longer requires users themselves to manually go through and delete everything they put on the website.

      Given FB's history, a move like this makes me wonder what detrimental change they're also doing. I'm guessing the reseting of privacy options.

    9. Re:A nice gesture of openness by NeverVotedBush · · Score: 1

      That kind of approach is fine. And yes, I have done the e-mail thing to recover or reset a password.

      It also seems you are right - the user requests the download and then Facebook e-mails a link. It's not in the Computerworld story but is in the YouTube link to an explanation.

    10. Re:A nice gesture of openness by The+Clockwork+Troll · · Score: 1

      They would only send these e-mails if you, as an authenticated facebook user, clicked the "Download my account" link.

      So an adversary would have to time extremely well the sending of the spam link in order for the user not to be suspicious.

      Even then, if facebook wanted to further deter account download masquerade phishing, they could prompt for some kind of comment at the point of requesting an account download, which they could recapitulate in the e-mail to show the request was legitimate and came from you.

      Dude.

      --

      There are no karma whores, only moderation johns
    11. Re:A nice gesture of openness by Anonymous Coward · · Score: 1, Insightful

      I'll give them a break when their account deletion process no longer requires users themselves to manually go through and delete everything they put on the website.

      I was speaking with a bar tender in the airport the other week.

      He said he'd discovered what happens if he googles himself ... he gets loads of links into Facebook that he and others have put up, and that he had assumed was private.

      He subsequently went through and deleted everything and filled in the profile with garbage information.

      When a bartender starts figuring out that Facebook has shitty privacy, it should be pretty obvious to everyone. (No offense to bartenders, they're not stupid people, just not who you think to go to for tech opinions.)

      Sending it to you in an email link is just another in a long series of ways in which Facebook has never been a place you should trust. Hell, my mother (a senior citizen) has figured out not to trust Facebook.

    12. Re:A nice gesture of openness by sinclair44 · · Score: 3, Informative

      I'll give them a break when they stop reseting options with new privacy policies or ToS that lowers the ability for users to lock down their accounts and defaults all options to the most open setting.

      Over the summer, they added a "master control" which you can set to "friends only" (or several other settings). This will make all of your current settings "friends only" and will also make any future setting default to "friends only".

      I'll give them a break when their account deletion process no longer requires users themselves to manually go through and delete everything they put on the website.

      I don't believe this has been true for a while: https://ssl.facebook.com/help/contact.php?show_form=delete_account

      --
      Omnes stulti sunt.
    13. Re:A nice gesture of openness by Painted · · Score: 1

      ...maybe they're different people? :-/

      --
      http://marsandmore.com - Posters of space, spacecraft, and astronomy.
    14. Re:A nice gesture of openness by LateArthurDent · · Score: 3, Informative

      Dude, it is one of the basic tenets in computer security to not click on links in e-mails that take you to websites where you enter login credentials.

      Those kinds of e-mails are known as phishing and spear phishing attacks. They are very common and very dangerous.

      Facebook has had no end of security problems. Now with the publicity that they will be sending out e-mails that have a link, wait a few days and see what hits in computer security news.

      If you're going to train people to be security conscious, you can't half-ass it. "Don't click on e-mails that take you to websites where you enter login credentials" is most definitely the wrong message. Just because there are lots of phishing e-mails doesn't mean that every such e-mail is phishing, and it actually trains people to start drawing invalid conclusions: "well, this link didn't come by e-mail, so it's ok." Phishing websites can just as easily lead you to a malicious page where you enter your credentials.

      What you actually need to be teaching people is to go to the link from the e-mail, grab the ssl certificate and check the the company name, the verifying authority, and the fingerprint. The independently go to the main website where the e-mail claims to be from, in this case Facebook, and see if the signature matches. If it does, you can type in your credentials. There is no half-assing this procedure. Anything short of it is vulnerable to the attacks you are so concerned about.

    15. Re:A nice gesture of openness by GrumblyStuff · · Score: 1

      Wait, you mean people have only been reporting negative things about FB and largely left out anything positive that they have done?

      Alright, well... there go my arguments. *Tips hat*

    16. Re:A nice gesture of openness by kevinNCSU · · Score: 2, Insightful

      Your doing it wrong. Or at least applying it wrong. In your want to find something incorrect with Facebook you're ignoring the fact that sending an email to the user to confirm they are who they say they are before they are allowed to do things like change their password or download all their data is a tenet of website security in and of itself. These emails are always accompanied by the message "If you did not request this change/email then disregard this message and contact our fraud/tech/blah department". It would be neigh impossible for a spammer to somehow manage to send such a spam email that would show up next to the real one the very instant the user requested the feature that told them they will receive this email. .

    17. Re:A nice gesture of openness by stephathome · · Score: 2, Insightful

      You have a lot of faith in users. I know too many people who wouldn't realize that the link is only sent on request and think it sounds interesting to download their account.

    18. Re:A nice gesture of openness by pcolaman · · Score: 1

      Every heard of phishing, bro? This is the most common tactic used by phishers to gain info to stuff like bank account or website login info. Bad idea by Facebook in terms of the implementation, not necessarily the concept.

    19. Re:A nice gesture of openness by pcolaman · · Score: 1

      Ever, not every. Need to increase (or drastically decrease) the coffee intake.

    20. Re:A nice gesture of openness by insufflate10mg · · Score: 1

      I'm very happy about this update. I've been wondering if I ever wrote anything questionable on my Facebook profile; once this feature is offered to me, I will download everything and scan through it.

    21. Re:A nice gesture of openness by insufflate10mg · · Score: 1

      Thanks for making me chuckle this afternoon.

    22. Re:A nice gesture of openness by yabos · · Score: 1

      It wouldn't be that hard to do it within the website without this email loop which is dangerous. Just require the user to re-enter their login credentials in the download my profile section of the website. You will already know if you're on facebook's website at that point.

    23. Re:A nice gesture of openness by yabos · · Score: 3, Insightful

      If everyone knew what they're doing then that'd be fine but the average user is an idiot. They will click an email link supposedly from their bank warning them that there's a problem with their account. Then they will enter all the account login information. If people do this with bank info, they're going to do it with facebook info as well. This happens all the time.

    24. Re:A nice gesture of openness by Anonymous Coward · · Score: 0

      What you actually need to be teaching people is to go to the link from the e-mail, grab the ssl certificate and check the the company name, the verifying authority, and the fingerprint. The independently go to the main website where the e-mail claims to be from, in this case Facebook, and see if the signature matches. If it does, you can type in your credentials. There is no half-assing this procedure. Anything short of it is vulnerable to the attacks you are so concerned about.

      lolz! Are you fucking serious? Do you realize how out of touch this is? I suppose you also feel that anyone incapable or unwilling to learn this is an idiot and should be banned from the internet. Is that an incorrect assumption on my part? Do you also think people should have a license to use the internet that is similar to a driver's license?

      I know you don't agree, but the rest of the internet world (outside of slashdot) does: It's up to the mail hosts that do the spam, virus, etc. filtering to filter out phishing emails. It's up to the web browsers and their content checks (the things you disable, but the rest of the world leaves enabled) to warn them about blacklisted phishing sites. The very last and most unreliable line of defense is the education of users.

    25. Re:A nice gesture of openness by catmistake · · Score: 1

      It's already available on Eschelon. But I think Facebook is a clever front for NSA already.

      --
      The Admin and the Engineer
    26. Re:A nice gesture of openness by clone53421 · · Score: 1

      Whoosh.

      All that and it didn’t even occur to you to point out how much easier it’d be to just double check to make sure the domain name in the URL in the address bar was correct; barring the possibility of DNS poisoning it’d be just as safe...

      --
      Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
    27. Re:A nice gesture of openness by maxwell+demon · · Score: 1

      Well, the idea is probably to use the email as additional security so that even if someone has your password, he cannot use this function, because you get a mail.

      However, they could just send an unique code which you have to enter at the facebook get-data page, without a link. You already navigated to that page (otherwise you'd not have gotten that mail), and if you closed it in the mean time, you know how to get back there (after all, you found it once; and if you fear to forget how to get there, just bookmark it).

      --
      The Tao of math: The numbers you can count are not the real numbers.
    28. Re:A nice gesture of openness by DarthBobo · · Score: 2, Interesting

      Spear phishing is phishing targeted at a single individual. Since its in Wikipedia and all over the Interwebs and all those black hatted types talk about I'm guessing the poster didn't make it up. Then again maybe he is one of those black hatty, Wikipedia writing trolls making s***t up in a conspiratorial way. You never know ...

      --
      +--------------------- You idiot! I told you we were facing the wrong way!
    29. Re:A nice gesture of openness by T-Bone-T · · Score: 1

      I deleted an account a few months ago and when I recently accidentally logged in to it, Facebook welcomed me back and all the info I had in my profile was still there. When I ask to delete my account, I mean everything.

    30. Re:A nice gesture of openness by iluvcapra · · Score: 1

      I don't see how facebook could prevent this sort of attack by any means...

      --
      Don't blame me, I voted for Baltar.
    31. Re:A nice gesture of openness by WhiskerBiscuit · · Score: 1

      Maybe it's different people doing the complaining in this case than were doing the complaining before.

  2. No security concerns here... by Mazzie · · Score: 5, Insightful

    I hope there is an option to disable this in case your account is hacked and someone wants to download all of your data, oh wait, doh....

    --
    Having a bookmark to Google does not make you an expert on everything.
    1. Re:No security concerns here... by Anonymous Coward · · Score: 1, Insightful

      It would have to be a permanent disabler then, or at least require external verification to re-enable (email/text/voice message ID, whatever). Not that there's much point in disabling it anyway... webpage scraping isn't that hard.

    2. Re:No security concerns here... by tris203 · · Score: 2, Insightful

      and if they are in your account, then they can just re-enable the option? unless there is an external factor, oh wait there already is, email...

      --
      http://snappeh.com/blog/ - My Blog, not that any of you care...
    3. Re:No security concerns here... by PPalmgren · · Score: 5, Insightful

      I'll have to give FB credit here where it is due. There have been major complaints that your FB data isn't portable, so they have you stuck in a lock-in. This is clearly a response to those complaints. I'll be the first to hate on FB, and I still don't have an account, but we can't have it both ways bro. This brought me one step closer to signing up.

    4. Re:No security concerns here... by aardwolf64 · · Score: 1

      Now the phishers can just mock up the Facebook e-mail. Click [this link], and enter your Facebook password to finish downloading your information. If you didn't request a download, click [this link] and enter your password to change your settings and prevent this from happening in the future.

    5. Re:No security concerns here... by Anonymous Coward · · Score: 0

      MyLife (the data broker) already downloaded everyone's profile when facebook security was lax. Check it out for yourself on their site, they will be able to link you to tons of facebook pictures, etc. from you and connect them to your address. Real nice, huh. Even if you changed your prefs to lock it all down, they got it back when it wasn't locked down.

    6. Re:No security concerns here... by Anonymous Coward · · Score: 0

      Its facebook. No need for phishers to get all fancy about their phishing attempts. Just send them a message saying this hot girl wants to know them better, and do whatever you wish with the link destination.

    7. Re:No security concerns here... by mr100percent · · Score: 2, Informative

      The actual announcement said "To protect your information, this feature is only available after confirming your password and answering appropriate security questions."

      I'm not sure what that will involve, but if it's like the security challenge they've been doing when you sign in from abroad, you have to correctly tag 8 of your friends in unlabeled photos.

  3. You know by Ryanrule · · Score: 5, Informative

    Facebook used to have a feature to dump your entire profile and contacts list as a csv. They removed that in the fall of 04.

    1. Re:You know by spintriae · · Score: 4, Informative

      Nowadays you can download most of it as JSON: http://developers.facebook.com/docs/api. If you're logged in, the links on that page will automatically be populated with authorization keys, so you can just right-click-save-as.

    2. Re:You know by Abcd1234 · · Score: 2, Insightful

      Probaby because no one was using it. Combine that with their desire to add new features that would break that kind of functionality, and I can see why they wouldn't want to continue to support it.

    3. Re:You know by aztektum · · Score: 1

      And are replacing it with a much more robust option in 2010.

      So what's your point?

      --
      :: aztek ::
      No sig for you!!
    4. Re:You know by bill_mcgonigle · · Score: 1

      Facebook used to have a feature to dump your entire profile and contacts list as a csv. They removed that in the fall of 04.

      The Give Me My Data app has been working pretty well for me. If I remember to use it...

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  4. Diaspora by Rik+Sweeney · · Score: 3, Interesting

    Perhaps competitors like Diaspora would be interested in using this base information to germinate user seeds?

    Maybe, but it already looks like Diaspora development is starting to slow down. OK, there have been some commits today, but I expected to see more activity than what's currently going on.

    Remember when the source to Gish was released? A lot of activity and releases for about a fortnight and then nothing...

    --
    Summation 2
    1. Re:Diaspora by Anonymous Coward · · Score: 1, Interesting

      I've got no faith in the Diaspora project. From what I hear, its a slow, buggy conglomeration that doesn't even really solve the problem at hand. It requires an obscene amount of gem dependencies, and it doesn't even run on Apache. It seems like it was more of an exercise in raising money by crowd sourcing, because this project is turning out to be bigger vaporware than DNF.

    2. Re:Diaspora by Conspiracy_Of_Doves · · Score: 5, Interesting

      Even if diaspora dies, Appleseed is still around

      http://www.drumbeat.org/project/appleseed-social-networking

      --

      Technoli
    3. Re:Diaspora by Simon80 · · Score: 1

      Especially considering that DNF will probably come out first.

  5. Wow... by ihatejobs · · Score: 2, Insightful

    So now hackers have even more reason to go after your Facebook account. All that data in one nice, neat little download? Hackers paradise.

    --
    Can anyone tell me why 99% of /. users are total assclowns?
    1. Re:Wow... by Bobakitoo · · Score: 0, Troll

      Hackers dont give a fuck about your farcebook account. Spamer might tho, and those can already scrape all the data from the html source. This download option is just a tool so the average user can backup and use offline his data. You, indeed, deserve to be moded down for been a fear mongering tool.

    2. Re:Wow... by ihatejobs · · Score: 1, Interesting

      Your stupidity is astounding. A 2 second Google search shows that people do indeed care about hacking into Facebook accounts, so I'm guessing you just pulled that out of your ass because, well if you think it, it must be true!

      Information is everything these days. It would also be easier for a spammer to break into your account and get one nice neat little download instead of scraping back years of data.

      This tool is a download option for the average user. Its also a giant gaping security breach waiting to happen. Someone only needs to get into your account ONCE, and then they can browse years of data offline at their choosing. Just because you are too thick to see the security implications of this doesn't mean they aren't there.

      --
      Can anyone tell me why 99% of /. users are total assclowns?
    3. Re:Wow... by icebraining · · Score: 1

      On the other hand, scraping is much safer because it doesn't send the user a email account with either the link to the download (which the spammer would have to somehow get access to) or a confirmation to change the email address.
      Both would get the user suspicious and possibly cancel the request and change the password.

      Scraping, as long as you have the password, is much safer. Yes, it may take a while, but that's what webspiders are for. At least the user won't be contacted to confirm a request.

      --
      Dilbert RSS feed
    4. Re:Wow... by ihatejobs · · Score: 1

      Chances are if they have the FB password they already have access to the users e-mail account. Lets face it, the average user uses one password for most of their online services. Why scrape when you can just download everything in one shot? If the download doesn't work (i.e the user was smart enough to use different passwords) then fall back to scraping the old fashioned way. You can even confirm access to the e-mail account before trying the download, meaning it would be risk free to try.

      --
      Can anyone tell me why 99% of /. users are total assclowns?
    5. Re:Wow... by icebraining · · Score: 1

      Yes, but how is that a "giant security hole" compared to what they could already do? Being able to download all at once doesn't really change the fact that they'll get the data. It doesn't make FB any less safer than it was.

      --
      Dilbert RSS feed
    6. Re:Wow... by Anonymous Coward · · Score: 0

      Trolls make me laugh.

    7. Re:Wow... by ihatejobs · · Score: 1

      They can download all of the data, almost instantly, and store it offline or release it into Torrentland. Scraping takes time, and prolonged access to the account. Now they only need access for a few minutes and they have everything. Changing your account password won't help since they already have everything they need and can freely and safely browse it offline.

      I can totally understand why they made this move, and overall it is probably a good thing (Makes getting away from FB when it comes crashing down a whole lot easier), but at the same time they are making it even easier for people to steal your data.

      --
      Can anyone tell me why 99% of /. users are total assclowns?
    8. Re:Wow... by Anonymous Coward · · Score: 0

      You, sir, don't belong here.

    9. Re:Wow... by Anonymous Coward · · Score: 0

      Trolls make me laugh..

    10. Re:Wow... by Anonymous Coward · · Score: 0

      u mad bro?

    11. Re:Wow... by Anonymous Coward · · Score: 0

      Yep. u mad.

      Keep ragin' bro. Nerd rage is the funniest rage.

  6. Somehow by Dunbal · · Score: 1

    This makes me glad to know that I will soon be able to download your profiles. They got the name just right.

    --
    Seven puppies were harmed during the making of this post.
  7. This could be a game changer for Apple by MouseR · · Score: 2, Interesting

    ...because right now, their Ping thing is utterly useless. Downloading all your FB data, in particular, contacts, might make it easier to get started with Ping.

  8. Re:Germ...what? by somersault · · Score: 1

    I read it and understood it without even thinking about it until your post here. It's concise and to the point, I don't see what's wrong with it?

    --
    which is totally what she said
  9. Well, The Response Was a Bit Harsh ... by eldavojohn · · Score: 3, Insightful

    Maybe, but it already looks like Diaspora development is starting to slow down. OK, there have been some commits today, but I expected to see more activity than what's currently going on.

    Well, following the release of the Diaspora source code everyone did kind of rip them apart (myself included). We all sort of hoped that such criticism would be constructive and the developers would redouble their efforts or seek more help or new developers would aid them.

    It's equally likely that after receiving black eyes instead of kudos, developers left Diaspora in droves. It might end up being a failed project with important lessons learned.

    --
    My work here is dung.
    1. Re:Well, The Response Was a Bit Harsh ... by corbettw · · Score: 5, Funny

      It's equally likely that after receiving black eyes instead of kudos, developers left Diaspora in droves.

      If only there were a term to describe it when people suddenly flee en masse from a larger group of people and/or location.

      --
      God invented whiskey so the Irish would not rule the world.
    2. Re:Well, The Response Was a Bit Harsh ... by iamhassi · · Score: 1

      Failed project with 200,000+ important lessons learned, like you can't trust projects on kickstarter

      --
      my karma will be here long after I'm gone
    3. Re:Well, The Response Was a Bit Harsh ... by HyperQuantum · · Score: 1

      It's equally likely that after receiving black eyes instead of kudos, developers left Diaspora in droves.

      If only there were a term to describe it when people suddenly flee en masse from a larger group of people and/or location.

      fork?

      --
      I am not really here right now.
  10. My data is safe by Anonymous Coward · · Score: 0

    Facebook has 0 pictures and 0 info about me. Ha ha.

  11. To Reiterate! by eldavojohn · · Score: 4, Informative

    Unless your account (or their servers) get hacked ...

    If your account gets hacked, they still need to have your e-mail hacked. The link to download the zip file is later sent to your e-mail address when the processing is done. Zipping up videos and images takes a while so basically you request this data and they put it in a queue and an hour/day/week/month later you get your data to download e-mailed to you in a link and you re-enter your user password. I thought I described this in my summary but that means that even if your account is hacked they would need access to your e-mail and for quite sometime unless you had already requested it and left that e-mail in your account. Yes, this means that if they know the e-mail associated with your Facebook account, they can just hack that and then request a new Facebook password sent to that account and then initiate the profile zipping.

    Let's say their servers get hacked. Well, the data is still not zipped up unless they are retaining that data after someone requests it. So at most they'll have access to whoever is waiting to retrieve their data. And it's going to be a lot of data. So there are a lot of logistics involved to get access to only a few random person's data. And even if the hackers are smart enough to invoke the zip script for every single account, that's not something that will happen overnight.

    Basically if they have access to your account or the Facebook servers, they already have access to everything on your profile or Facebook as a whole (respectively). So while this presents mild security issues, it's already assuming that everything is compromised ... it just presents the possibility that a hacker could more easily zip up your data ... and then that requires time ... and access to another resource of yours. For me, this risk is acceptable consider the benefit involved. As I mentioned, I suspect this will allow you to move the history of your profile to another site, which is really really good.

    --
    My work here is dung.
    1. Re:To Reiterate! by bsDaemon · · Score: 2, Insightful

      To be fair, we are probably talking about people who use the same password for everything.

    2. Re:To Reiterate! by rthille · · Score: 2, Insightful

      If I hack your FB account, can't I change the email associated with it?

      --
      Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/
    3. Re:To Reiterate! by kevinNCSU · · Score: 1

      Welcome to 1995, where websites with user accounts email the user before they allow a change of email to prevent account stealing. It's a brave new world of distrust.

    4. Re:To Reiterate! by Gilmoure · · Score: 1

      Hey, 1, 2, 3, 4, 5 is easy to remember.

      --
      I drank what? -- Socrates
    5. Re:To Reiterate! by zzsmirkzz · · Score: 1

      My thoughts on this are: ::don tin-foil hait::

      They implemented this code/functionality so that when requested they have an automated way to provide the entire details an interested parties account to whatever law enforcement agency requested it. In a grand PR scheme, they figured that it would eventually be leaked this functionality exists, so they present it as a feature to users who then get used to the idea of it being possible. So finally, later on, when it is discovered that they send those pretty profile-encompassing zip files to law enforcement its not completely new.

    6. Re:To Reiterate! by maxwell+demon · · Score: 2, Funny

      Hey, 1, 2, 3, 4, 5 is easy to remember.

      Yeah, but it's very insecure, because everyone knows that sequence. That's why I use 5, 4, 3, 2, 1 instead.

      --
      The Tao of math: The numbers you can count are not the real numbers.
    7. Re:To Reiterate! by rthille · · Score: 1

      Even now, (not sure about FB), some sites realize that you may not have access to your old email account. A DoS to the old FB email (send a bunch of spammy, mostly legitimate looking 'someone hacked your FB account' emails, but with .ru links), will get most people to ignore the 'real' one, preventing them from noticing the change of email on their account.

      --
      Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/
  12. High times from the past by Combatso · · Score: 4, Insightful

    FINALLY!!! A way to preserve all the comments from people I havent seen in 20 years telling me we need to smoke a joint together,..

  13. What about messages? by 2names · · Score: 2, Interesting

    Does this download include all messages received and sent?

    --
    "I'm just here to regulate funkiness."
  14. ALL of your data? by davidshewitt · · Score: 4, Insightful

    allow you to download all your information from Facebook

    The question is, does it really allow you to download all of your data? Does it let you download everything anyone has ever posted on your profile? If it did, this could give you some idea of what Facebook has stored about you.

    1. Re:ALL of your data? by Anonymous Coward · · Score: 0

      HUH?

      Facebook has stored nothing more or less than everything you've ever entered into it, of course.

    2. Re:ALL of your data? by iammani · · Score: 1

      And not to forget everything others have entered about you.

  15. Yeah but, When Can I Delete It? by Anonymous Coward · · Score: 1, Funny

    I don't want to have to continuously delete tags of myself, remove posts from my wall and other annoying things while I'm trying to stay off FB. It's like a god damned disease you can't get rid of. Worse yet, my wife's profile has the delete option but she's not about to use it.

    -jp

    1. Re:Yeah but, When Can I Delete It? by Anonymous Coward · · Score: 0

      You can set your privacy options such that people won't be able to tag you in photos, or post on your wall if you like.

    2. Re:Yeah but, When Can I Delete It? by Anonymous Coward · · Score: 0

      Uh, download it then delete it from your harddrive? Duh!

  16. Also by Beer_Smurf · · Score: 4, Interesting

    One thing that seems to be in the same update is removal of the "Clear Chat History" button in the chat window.
    There are thousands of complaints posted about this already.
    It doesn't take much imagination to see how not having this feature when one is expecting it can lead to comedy.

  17. but.....the cloud! by Sprouticus · · Score: 4, Interesting

    This is absolutely shocking. For the past few years it seems every article I have read has advocated that data be soley kept 'in the cloud' and that users will never need to download their data to a perosnal machine ever....

    'The Cloud' is hype. Just like all the other hyped techs in the last 15 years (ATM will change networking, Java will be out OS, thin clients will rule the business world)

    I? do think it will be interesting if real competition comes to FB how this will be used to transfer data.

    1. Re:but.....the cloud! by icebraining · · Score: 1

      They still don't need. They can. It's different.

      Not that I disagree about the hype.

      --
      Dilbert RSS feed
  18. Yeah But You Get a Notification with Revert Option by eldavojohn · · Score: 3, Insightful

    If I hack your FB account, can't I change the email associated with it?

    Yes, but the original e-mail address associated with your account gets e-mailed a notification allowing that to be blocked and if you do block it you have to change your password:

    Hey XXXXX,

    We've received your request to associate your account with the email address
    malicious@hotmail.com.

    An email was sent to malicious@hotmail.com to confirm the request and account
    ownership. To confirm that email address, just click on the confirmation link
    in the email sent to malicious@hotmail.com.

    However, if that address is not familiar or you did not request to change your
    contact email, please follow this link to cancel the request:
    http://www.facebook.com/cancel_contact.php?t=XXXXX&u=XXXXX...
    (If clicking on the link doesn't work, try copying and pasting it into your
    browser.)

    If you cancel the contact email change request, your account will remain with
    your current email (goodguys@umn.edu) and you will be asked to reset your
    password as a security precaution.

    Thanks,
    The Facebook Team

    Now, you'd probably prefer that the original e-mail address has to okay the transition but that's how they have it implemented. So you're right, they could change the account associated with it if they know your Facebook password (it asks you at every step of the way). Then they could request the zip and wait to get the e-mail. But if you checked your e-mail in that time and canceled the new e-mail and changed your password you'd be safe.

    That's definitely something they could do -- block the request of a new e-mail until an old one is okayed. But then you run into the trouble of someone hacking your e-mail account and gaining access to your Facebook account that way. In that case, they could change your Facebook account over to their e-mail account and then okay it in your hacked e-mail account. Once that's done, how would you reclaim your profile? They would always have the account associated with it.

    Also if your old e-mail gets hacked and you have no way of getting it back, you're kind of at the mercy of the person who has your old e-mail as you'll never be able to change the e-mail address associated with your Facebook status and if you do, you'll tip them off that they also have your Facebook account to do with as they please.

    What it usually boils down to is if your account is compromised, your account is compromised.

    --
    My work here is dung.
  19. Great news - groups too by ukyoCE · · Score: 2, Interesting

    I can't think of any compelling reason for Facebook, as the clear market leader, to provide this service. I'm glad they did though, and it makes me feel a lot more comfortable about posting pictures, etc. there for family members without having to keep a mirror somewhere else.

    I saw they're also adding some type of sub-networks or groups, so you can make a post about video games and leave out your parents, or congratulate someone about a job offer without including their coworkers. I can think of a lot of tricks to making a good implementation of this, so can't wait to see how they did it.

    Those are probably the two most important features that have made me frown on facebook, so seeing both in one day is a big surprise.

    1. Re:Great news - groups too by pauljlucas · · Score: 1

      I saw they're also adding ... groups, so you can make a post about video games and leave out your parents ...

      One could do that previously using Lists. However, Groups adds a "group space" for shared group content and group chat.

      --
      If you reply, do so only to what I explicitly wrote. If I didn't write it, don't assume or infer it.
    2. Re:Great news - groups too by icebraining · · Score: 1

      I can't think of any compelling reason for Facebook, as the clear market leader, to provide this service. I'm glad they did though, and it makes me feel a lot more comfortable about posting pictures, etc. there for family members without having to keep a mirror somewhere else.

      Maybe the second sentence is a reply to the first? For most people it doesn't matter, but for some, being able to move in the future makes them more likely to join now.

      --
      Dilbert RSS feed
    3. Re:Great news - groups too by equex · · Score: 1

      Groups. The cycle is starting to turn again. In 3 years FB will be exactly like a regular forum site.

      --
      Can I light a sig ?
  20. So What Is the Real Issue? by eldavojohn · · Score: 1

    To be fair, we are probably talking about people who use the same password for everything.

    Well then in your suggested case, to be fair, where is the real security issue? Is it Facebook or is it the user?

    The best and most flawless computer security systems will always have a human being as a security hole. The best 'hackers' reported in the news these days are those that use social hacks like sweet talking and shoulder surfing to gain access to very secure systems.

    I wouldn't go around faulting Facebook for catering to the lowest common denominator. Their security measures are okay. They probably could be better but, hey, it's a mostly free service.

    --
    My work here is dung.
    1. Re:So What Is the Real Issue? by bsDaemon · · Score: 1

      Well, I was mostly addressing the fact that if someone was able to "hack" a facebook account, there is a high probability that the account password will match the email account that is associated with the facebook account.

      It's the users' fault for re-using passwords which aren't that great, and its the users' fault for posting all their personal data on facebook, too. So, yeah, its the users' fault. It usually is.

  21. Thank you Facebook by crf00 · · Score: 4, Insightful

    Thank you Facebook for supporting data portability and not use it as lame anti-competitive lock-in feature like Yahoo and M$ does.. I don't care how other slashdotters think, but you will earn more of my respect as you make your platform more open and release more open source projects. Well done for your effort, keep it on!

    1. Re:Thank you Facebook by Rutefoot · · Score: 1

      They need one more option:

      Give users a quick link to display a -clean- Facebook page and news feed. A lot of people are getting fed up with seeing non-stop wall posts for farmville and news feed items and application requests. I've known several people to leave the site for this exact reason. Sure, you can block various applications from showing up on your news feed, but as far as I know you can't hide them from other people's pages. Even if you could do this, it would be tedious to constantly filter out every application's posts. Additionally it's also quite possible that people may want to see the items only sometimes.

      Forcing people to manually block applications (ie, income generating advertisers) only does 2 things: 1) Piss people off due to the tediousness of it and 2) Permanently eliminates those advertisers ability to make money off you. Wouldn't it just make sense to make people happy and at the same time not cut off advertisers completely?

  22. Security by mordejai · · Score: 1

    How long until spambots start sending you messages looking just like the one from Facebook directing you to a fake URL?

  23. Probably to make Facebook more useful... by SnowDog74 · · Score: 3, Insightful

    Facebook has 500 million users. At this point, they have few places to go, but down is a very likely possibility if they don't extend themselves into the fabric of the net and collaborate so they will always stick around in some form or another. Zuckerberg reportedly even made a contribution to the Diaspora guys in an undisclosed amount because he thinks the idea has merit... or, more likely, he wants to make sure there's cross-compatibility for years to come.

    One other point, sort of tangential to the topic... Some of the comments in preceding discussions about Diaspora keep falling back on the "oh sure four guys in a garage with no professional experience EVER got a project off the ground" sort of sarcasm. Ok, I know it's all wonderful and cool to us nerds to rely on sarcasm and cynicism, but a little perspective should be in order as well: Facebook, Apple, Google, Yahoo and other "garage" startups... There's a reason there's only a handful of them. There are a ton of coders, but not everyone is Harvard educated, massively talented, in the right place at the right time or any combination of these. Not every coder who thinks he has a great idea can execute... ... Conversely, not everyone needs to be a Sergey Brin, Mark Zuckerberg or Steve Wozniak. In this Age of Entitlement, we all like to think life is a choice between either being rich or being nothing... but there's plenty of respectable room in between, even if all your project does is get you solid employment at someone else's company.

    1. Re:Probably to make Facebook more useful... by Anonymous Coward · · Score: 0

      Harvard educated != smart

  24. I guess they'll do anything.... by daemonenwind · · Score: 1

    Anything at all to make people think they actually own and control the things they post to Facebook.

    See? I can get it all back, that means it's mine.....

    Facebook's had a run of bad press regarding lack of user control over posted content. This is just a feature nobody will use, dedicated to persisting the illusion of control that hides the fact that Facebook is "a place for Friending marketers".

  25. 500 million users? by Anonymous Coward · · Score: 1, Interesting

    No, they have 500 million *user accounts*.

    Many of which are fake (spammers) or empty.

  26. Re:Germ...what? by Anonymous Coward · · Score: 0

    Granted the "author" of this story eldavojohn isn't exactly the sharpest tool in the box, there wasn't anything really wrong with that statement. Perhaps you should brush up on some reading?

  27. Open Format by Davidian1024 · · Score: 1

    I don't think this matters much unless they release these profiles in a free and open format. Otherwise it won't be much different than the way Microsoft has locked people into .doc format.

  28. too complicated by DrYak · · Score: 1

    "check SSL certificates". Yeah, right. I'm sure that this is the easiest concept to teach to non-computer poeple.

    just ask them always log-in manually by typing the site's home page (www.facebook.com, www.ubs.ch, etc.). If it's really something important, it will be available there too.

    don't mess explaining them small details of computer security they don't grasp.

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]