Slashdot Mirror
How Facebook Can Out Your Most Personal Secrets
McGruber writes "The Wall Street Journal is reporting that Facebook revealed the sexual preferences of users despite those users have chosen 'privacy lock-down' settings on Facebook. The article describes two students who were casualties of a privacy loophole on Facebook—the fact that anyone can be added to a group by a friend without their approval. As a result, the two lost control over their secrets, even though both students were sophisticated users who had attempted to use Facebook's privacy settings to shield some of their activities from their parents. Facebook spokesman Andrew Noyes responded with a statement blaming the users: 'Our hearts go out to these young people. Their unfortunate experience reminds us that we must continue our work to empower and educate users about our robust privacy controls.'"
this is a tragedy... I'm truly sorry for the students who were violated. No snark from me today...
let's have a conversation! let me know what you think.
Privacy concerns part of it.
Requiring that I provide a legitimate phone number for each of my farmville bot accounts was most of it. But farmville was the main reason I was logging on in the first place. I would have never given them any legitimate information after the first half dozen privacy dumps.
Plus- it just sucked the way they kept colliding and smashing up different groups of friends and different groups of relatives and causing me grief in my personal life.
So I cut them loose. And haven't missed them since.
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
Privacy will soon be the most sought-after world commodity, and unfortunately we can't get in the middle east.
That they like to be f*cked by corporate champions?
Well I could've told you that.
Forward! -- Emperor Norton, 2012
I preferred the title given to the Facebook spokesman in the summary originally written by the submitter:
Facebook spokesprick Andrew Noyes responded with a statement blaming the users ...
I wonder how fast they'll fix this issue after major political figures start getting added to "Gay Studs" and "Scouting for Sex" groups?
Stop learning! Only you can prevent esoterrorism.
It's not that one of them "handed it over" it's that she got added to a group (Queer Chorus, a choir group she had recently joined) whose name alone exposed what she was hiding from her father (among others).
Maybe I'm missing something, but if the loophole here is that you can be added to a group without your involvement or active consent, then surely that gives you an out when your ignorant homophobe of a father sees that you're associated with a queer choir group - say it was a case of mistaken identity or a prank or a troll or anything else you like.
That said, I don't think it's a non-issue when group membership can leak actual or apparent private information; ought to be a simple fix to make it ask before you're added to any group and then the whole problem goes away without anyone getting interrogated about groups they're attached to. The existence of potential deniability doesn't remove the issue, just provides at least some way of coping with problems casued until it's actually fixed.
'Our hearts go out to these young people. Their unfortunate experience reminds us that we must continue our work to empower and educate users about our robust privacy controls.'"
How about instead of giving them some false sympathies deep fried and battered in guilt, served with a side of buzzwords, you put your money where your mouth is? You people don't have a heart to speak of, so it's not going out anywhere -- so why not send them something you actually value, like the cash you earned in extra publicity and selling of their personal data after you outed them?
Your entire business model is built on invasive marketing, selling people's personal data to the highest bidder, and despite numerous high-profile security and privacy failings, including pictures that don't get deleted off servers and remain publicly accessible for years after they've been pulled from user profiles and indefinate storage of all data ever submitted to facebook, even after it has been deleted and the profile removed, you people still have the gumption to say you have "robust" privacy controls? Screw you. Give the kids some money, then maybe I'll believe you actually give a damn.
#fuckbeta #iamslashdot #dicemustdie
Sexual orientation is becoming less important, especially to the younger generation. Unfortunately, there are still people, even parents, to whom it matters. Those people are the problem, not Facebook. Facebook is just one more avenue for a person's orientation to be revealed.
The best defense against your parents finding out about your sexual orientation from someone else will always be to tell them yourself, from whatever distance is safe.
The determined Real Programmer can write Fortran programs in any language.
The person didn't reveal the information themselves. Facebook allowed someone else to do so. That's the whole point of the article.
The determined Real Programmer can write Fortran programs in any language.
At first I thought it was "Interest in" becoming public information. If that was the case the easy solution is to leave it empty, but it wasn't.
The "loophole" allowed someone to add them to "Queer Chorus" discussion group.
I laugh at the talking head that talked about "robust privacy controls". I locked up my account so that no one except friends can see anything. Or so I thought. Sometime recently (changeover to timeline?) all new posts started becoming public, and I had to re-lock it down. As I notice searching people on Facebook, it seems there's lots of people who previously intended to keep their profile private now have public timelines. These sure are robust controls!
My heart goes out to these students and their intolerant environment.
To this statement I say: Rubbish!
It's just standard boilerplate rhetoric. It's sad, sad indeed. But can one please remind me of what I am losing by intentionally refusing to join Facebook?
I should add that even without Facebook, I am doing pretty good so far. What am I missing?
I am getting tired of people seemingly surprised when facebook does something not in their best interest - especially privacy wise...
That's what they are in business for. To get and aggregate as much info about you as possible. Security, loopholes, and privacy are secondary. In fact privacy is a dirty word in facebook land. If you give you secrets and info on face book and think only the people you want to know - know, Your nuts. You have told the world. If you want privacy, then don't join the facebook privacy abomination. It's funny that people (like my aunt) think face book is doing this out of the goodness of their hearts, bringing people together,.. Nothing is further from the truth..
Don't try to un-friend me since i'm not there.. ever..
If one user gets it wrong - sure, that's a dumb user.
Ten? Yeah.
100? Probably still that, considering how many users FaceBook has.
But they should really take a clue from Coursera - in Daphne Koller's TED talk on Coursera she touches on something very similar, namely students having misconceptions on a subject, and how they instead sort of blame the course material, and help correct the students' misconceptions.
This, by the way, is something we see entirely too little of in many types of development.
Not just software - the Stockholm Metro system has automatic gates that open and close to let you through, if you have a valid electronic ticket. And people get hit by those gates and in some cases hurt or stuck.
The company's response? Educate the users on how to use a fucking automatic door!
Honestly, when I read that, I felt like hitting the spokes person in the face and telling him that he obviously needs to be educated in the use of my fist.
It's too bad this happened, but perhaps it will convince some people to simply not use Facebook. Facebook's habit of raping users' privacy shouldn't be a surprise to anyone who uses a computer - they've done it many times, and it's been big news.
Users don't pay Facebook any money, so they have no reasonable expectation of ANY standard of privacy, service, or redress, and Facebook has no 'duty of care' obligations. So it's really quite simple - don't use Facebook, and if you DO insist on using it, then A), don't post anything from which your secrets might even be deduced, and B), prepare to suffer the consequences when, (not if), your secrets are revealed.
It's been said before, and it bears repeating: when you aren't paying for a service, then YOU ARE THE PRODUCT. If you don't want to be treated as a product, don't use the service.
'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
Those "robust security policies" are nothing but paper walls, that can be slid back or removed entirely at the whim of your host, whose house you're visiting.
And your esteemed and generous host is a businessman who's stated quite clearly that your privacy is for sale for his own profit, and that you are a complete fool for trusting him.
Maybe at some point in the future, people will wise up and stop visiting.
Corporation, n. An ingenious device for obtaining individual profit without individual responsibility. - Ambrose Bierce
"Facebook spokesprick Andrew Noyes responded with a statement blaming the users..."
Well played. Sry it got modded to oblivion.
They are robust for facebook's purpose. They are robust against your attempts to use them to secure your privacy!
Can you be Even More Awesome?!
Facebook asked me "to empower and educate users about our robust privacy controls." That's a great idea. Let me educate you: Facebook has no privacy controls whatsoever. Everything you ever post to Facebook will be exposed for money. That didn't take so long. I think we should all do as Facebook says and educate as many people as possible.
That night, Ms. Duncan's father left vitriolic messages on her phone, demanding she renounce same-sex relationships,
He then went back to spanking his monkey to the lesbian porn DVD he had been watching before all of this happened.
'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
"you should never post". Get a clue - it may not be you doing the posting.
Here's the problem. They didn't post. They, in fact, used what little privacy controls they had to shield off any posts and activities that would let on their sexual orientation to friends and the public at large.
Who did post, was the then-president of a choir group called Queer Chorus. He added these two individuals to their facebook group. He did so while the group was set public (an 'open' group).
facebook, in turn, notified all the 'friends' of these two individuals that they had joined the group, because that's just how facebook - in all its "privacy? what privacy?" ways - works.
The only time these two individuals ever did anything related to the chain of events was when they friended, or accepted a friend request, from this choir group in the first place. If you're saying that they shouldn't have done that unless they were 'ready and willing' to own, that's fine.
I suppose if they had never befriended the choir on facebook only dealt with them in person, and the then-president had merely mentioned them in passing in a wall post and somebody who knew them had stumbled on that, and posted about it publicly, then they should simply not have dealt with the choir in person.
Maybe you believe that if they weren't 'ready and willing' to own to being gay, they should just have kept up appearances of being straight through all aspects of life.
Rather dangerously close to an "if you have nothing to hide"-argument, I'd say.
Personally, while I agree that anything you post online should be considered a matter of public record, just like picking your nose from the sanctity of your home doesn't mean people won't talk about it the next day if they happened to look through your windows. But then, I have curtains, and I feel that I can reasonably expect that nobody is going to peer through a small slit in those curtains - just as I feel that I should be able to reasonably expect that if I set facebook settings to hide practically everything about me, that they then don't betray that effort by opening up another vector to third parties that is public by design. Naive in both cases, perhaps, but I certainly wouldn't say that it boils down to blaming the users. It's just not that simple.
"robust privacy controls"
laughing...too hard...make coherent...post...hang on a sec
If you tell Facebook your secret, it's not a secret anymore and you're a moron for thinking it would be.
The problem isn't what they told to Facebook. The problems is that the girls got added to some queer-themed group. group-adding on facebook doesn't require user confirmation nor anything.
A 3rd party just clicked on a group button while the girls were online, and their homophobic parents saw "Girl1 and Girl2 joined group 'lesbian chorus singers' " and freaked out. Without the girls ever needing to do anything, they didn't even need to write their preferences into their profile, and in fact their account could even have been dormant.
The biggest problem is not only that clueless users could mess their own privacy online, but morons can mess other people's privacy as well (and in a few cases including privacy of people who aren't even on facebook themselves).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Pay to read? What strange things are you encountering? I didn't see any paywall.
She helped him set up his facebook account.
You know how that goes.. you set it up for them.. get asked if you're on facebook, tell them that you are and log in to show it to them, and oh my gosh they never saw those pictures of the newborn/dog/car/whatever, how can they get them, well by adding as a friend of course they'll see them pop up in their facebook account automatically and hey presto.
What? Would you be so heartless as to deny your parents photos of their grandchildren/your dog/car (okay, car's not a good example - deal with it)? Why would you not want to be facebook friends with your parents?
The pressure can be overwhelming.
( Anecdotal - not personal, just seen it happen. Didn't have any trouble with it, but they did cut down on posting 'meme' pictures right after that. )
The pressure can be overwhelming.
Simple solution: Keep more than one Facebook account. I have one for friends, another for family, another for work, and a fourth for people I don't like very much, which I also use for testing plugins and FB apps.
Internet 101: anything you post will eventually become public; if you you want to keep it a secret, don't post it in the first place. The fact that these two individuals thought that they could mantain two different public personas and keep one of them a secret is simply a testement to their ignorance.
Keeping info private on Facebook is like living in a dorm with no locks on the doors that go from the hallway to the rooms, and you are only allowed to lock or unlock your own windows.
You can bar your dorm room window, wall it up with bricks, etc. But every so often an RA comes around and quietly unlocks it again without saying anything. On top of that, your lazy neighbors dont bother locking THEIR windows. EVER.
What happens is eventually some prick climbs through either your window you THOUGHT was locked, or even worse, your neighbor's window. Next thing you know your "stuff" is missing because the burglar just went from the neighbor's unlocked window, through his room, and through your interior door.
Dont like it? then move out of the dorm. thats the only answer to security. Sure you dont get a cool place to hang out with your freinds, keep in touch, etc. but your "stuff" is safe.
Privacy will be sacrificed in the interest of convenience.
But their joining that choir wasn't online.. it wasn't posted by them. The only thing they did wrong was either pursueing their interests by joining the choir or being like everybody else by having a Facebook account. Since science has taught us that everyone who doesn't use Facebook is a horrible murderer-to-be, the latter can't be ruled out-... so they weren't supposed to join that choir?
Tell them to not use facebook.
Seriously, your privacy is in the hands of your friends of friends. Can anyone guarantee that all his friends of friends are "sophisticated" users?
No matter how hard you try, people with a camera will take shots of you and tag you or will talk about you. No settings will save you from that (I believe you can now deactivate tagging of your name, right?)
Facebook privacy model is broken. Quite possibly by design. If you want privacy about tour friends, your opinions, your sexuality, DO. NOT. USE. FACEBOOK.
The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
This is not just about what you do online, it is about what you and all the people you associate with do online. I am not on Facebook, yet Facebook still manages to collect information about me (and spread it around): people "tag" me in photos, sometimes people invite me to join Facebook, and people might mention me in messages they send to each other on Facebook (including public messages). So despite the fact that I have no Facebook account, at least part of my personal life is being collected by that system.
That is the point of TFA. These people did not announce their sexual orientation on Facebook, someone else did, without their permission.
Palm trees and 8
I do not have a Facebook account, therefore your assertion that everyone has a Facebook account is false. I do not have an account because I cannot be bothered to jump through privacy setting hoops to keep control of information that is mine in the first place. Nothing you put on the Internet is private; put nothing there that you would not announce to a room of friends, family, and coworkers, and future employers. I can never think of anything that I would want to say to all these people at once, so I don't use Facebook.
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
There is a privacy setting so you can't be added to groups without your permission which undercuts the claim that they were 'sophisticated users'. To be fair I think Facebook set this to false by default when they added the feature.
This is half a social problem, there are no 'robust privacy controls' for that. The girl was exposed by her friend essentially tagging her as gay. A similar thing could happen if one of her friend's mispoke while at her house in hearing of her father. Perhaps then we could blame the lock on the loungeroom door?
Read The Fucking Article - she didn't put the information on there, someone else did (and Facebook's extremely poor privacy controls allowed it). That was kind of the point:
Do you understand what this is about? Facebook allows other people to add you to groups - in other words, your 'friends' can basically edit an aspect of your profile. It's bizarrely stupid, and has been a common complaint for a long time, and this wouldn't have happened if Facebook didn't do this, but Facebook defends this practice.
Not using FB doesn't fix the problem, because anyone can post anything to Facebook about anyone. Better you DO have a FB account, as at least there is some chance you'll get notified when someone chooses to post something undesirable (to you) about you. If you don't have a FB account, you won't even know that there's a doctored photo of you having sex with a donkey posted with your name on it.
And the fourth one has more friends than the other three combined, right?
Correction: only friends can add you to groups but you cannot stop them, only leave when you receive the notification. I thought I saw this setting somewhere but it's either gone or more likely I confused it with another setting.
I guess this system does a lot to encourage group membership. In the same way people wouldn't bother joining they won't bother leaving. Hence Facebook gains a valuable/insidious source of user data typing.
.
Choose your Facebook friends wisely.
I do not have a Facebook account
Do you have any friends that use Facebook on their smartphone? Uploaded photos and tagged you? Mentioned you in a wall post? If so, then Facebook already has an account for you, you just haven't set a password on it yet.
IOW, Facebook has enough users that they can identify gaps in the social graph corresponding to people who don't use Facebook. It's naive to think they don't do anything with this information.
If your employer types your name in a search engine, is he only going to find the account for colleagues? I'm not on Facebook so I have no idea, but I'm wondering, aren't you required to use your real identity?
Also, is it not annoying to log in four times every day?
That doesn't sound simple. Sounds like a PITA. Also a violation of the TOS.
When someone adds you to a group, Facebook automatically notifies all your friends, with no way to turn that off. He received the automatic notification--he didn't need to check anyone's profile to find it.
There is a privacy setting so you can't be added to groups without your permission which undercuts the claim that they were 'sophisticated users'. To be fair I think Facebook set this to false by default when they added the feature.
And you have to be a Facebook user to apply that setting. And then you must repeatedly find and re-apply it when Facebook rearranges its privacy settings and resets them to default (usually undesirable) values. Even a brief period with the setting the wrong way could be disastrous, if the tagging (and consequent promulgation of the tagging) occur during that time.
Those of us who are not Facebook users can apparently be added/tagged/whatever entirely without permission. For all I know, I've been named and tagged in all sorts of photos/groups in malicious ways. That's a nasty problem for some folks, which will likely remain unresolved until it is regulated in some way. By avoiding and actively denying decent self-regulation, Facebook is almost demanding that its actions be limited by legislation. I have no idea what happens to tags or suchlike applied to Facebook users who subsequently renounce/cancel their Facebook accounts. Potentially yet another divisive issue.
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
If you are hiding it, you SHOULDN'T have joined such a group.
Of course I haven't RTFA, but from the summary:
...a privacy loophole on Facebook—the fact that anyone can be added to a group by a friend without their approval.
So they didn't join the group; a 'friend' added them
I think he was meaning that they should not have joined the real-world group, an action that resulted in them being added by one of their contacts to the facebook group about the real world group.
...) like they do when you are tagged in an image - though that may be clunky for many users so they'd just turn it off and still be exposed to the problem.
The problem is people can associate you with things on fb and other people will believe it without question. In this case it was something true that people did not want announced at this time, in other cases it could be something fictitious but potentially damaging if people who see it do not see it for the lie/joke/what-ever that it is ("asdf is a member of I Fucking Love Rape Porn"). In the case of true information that people are being careful about distributing, like in this case, fb privacy issues are potentially affecting their real life choices not just online behaviour.
"If you don't want it know, don't post it" doesn't work when others can effectively post "it" to all your contacts for you. The obvious technical solution is for fb to verify all/em> links to you (in comments and responses, additions to groups,
Simple solution : don't have friend either . :-P
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
I do not have a Facebook account, therefore your assertion that everyone has a Facebook account is false. I do not have an account because I cannot be bothered to jump through privacy setting hoops to keep control of information that is mine in the first place.
An alternative is to have multiple accounts for different interest groups. Set them all so only friends can view information and the only way that they can know it belongs to you is if you accept a request. If someone requests the "wrong" one reject it with an "I don't know you" and they will probably mention it in email. I have not done this but I think it would be feasible.
I do not have a Facebook account, therefore your assertion that everyone has a Facebook account is false.
Do you browse the net and see those facebook like buttons now and then? Whenever you see such a button, facebook registers your IP-address and knows what website you were viewing. Only if you use addons like Ghostery you can avoid this, but many people don't know that.
You may not have a facebook account, but facebook is certainly trying to monitor what you do online. If you ever do register, they will soon enough be able to link you to that older data.
The simple answer I would have thought is a simple master switch which says "for new features I want the default behaviour to be" - default / private / disabled. It shouldn't be hard to implement but unless someone like the EU were to force such a thing (and likely it would only cover the EU), I don't see Facebook ever volunteering to do it.
No, better you don't.
People can post compromising pics to any website, not just FB. Having an account there just leaves you open to crap like this, now and in the future, not having an account means you can safely ignore the doctored donkey pics, and if someone asks you about them, tell them you have no idea what they are talking about, and that they're probably someone's crude idea of a joke.
Being on FB just exposes you more, not less.
It's Facebook. What else are they going to say? "We're terribly sorry, but our business model depends upon selling third parties your personal information, so we have no intention of actually respecting anyone's privacy, and our privacy settings are fraudulent"?
If you have a setting that not allow search for your account, google won't show your account in the search. Also, facebook won't show your account in the list either unless you are a friend of the person who is doing the search.
@GP, even though multiple-account may help solving the issue, it is breaking the TOS of facebook. Right now they are not enforcing it, but it doesn't mean it is the right thing to do. If one wants to be on the Internet, the one should accept and prepare for any consequence. Internet has no privacy.
Given that this 'loophole' has existed for years - hell someone once added Zuckerberg to the NAMBLA group linky - and hasn't been fixed I'd say it's pretty much a feature at this point.
People in cars cause accidents....accidents in cars cause people
Facebook breaks my terms of service too, so we're even!
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz