Slashdot Mirror
How Facebook Can Out Your Most Personal Secrets
McGruber writes "The Wall Street Journal is reporting that Facebook revealed the sexual preferences of users despite those users have chosen 'privacy lock-down' settings on Facebook. The article describes two students who were casualties of a privacy loophole on Facebook—the fact that anyone can be added to a group by a friend without their approval. As a result, the two lost control over their secrets, even though both students were sophisticated users who had attempted to use Facebook's privacy settings to shield some of their activities from their parents. Facebook spokesman Andrew Noyes responded with a statement blaming the users: 'Our hearts go out to these young people. Their unfortunate experience reminds us that we must continue our work to empower and educate users about our robust privacy controls.'"
this is a tragedy... I'm truly sorry for the students who were violated. No snark from me today...
let's have a conversation! let me know what you think.
Privacy concerns part of it.
Requiring that I provide a legitimate phone number for each of my farmville bot accounts was most of it. But farmville was the main reason I was logging on in the first place. I would have never given them any legitimate information after the first half dozen privacy dumps.
Plus- it just sucked the way they kept colliding and smashing up different groups of friends and different groups of relatives and causing me grief in my personal life.
So I cut them loose. And haven't missed them since.
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
That they like to be f*cked by corporate champions?
Well I could've told you that.
Forward! -- Emperor Norton, 2012
I preferred the title given to the Facebook spokesman in the summary originally written by the submitter:
Facebook spokesprick Andrew Noyes responded with a statement blaming the users ...
I wonder how fast they'll fix this issue after major political figures start getting added to "Gay Studs" and "Scouting for Sex" groups?
Stop learning! Only you can prevent esoterrorism.
It's not that one of them "handed it over" it's that she got added to a group (Queer Chorus, a choir group she had recently joined) whose name alone exposed what she was hiding from her father (among others).
Maybe I'm missing something, but if the loophole here is that you can be added to a group without your involvement or active consent, then surely that gives you an out when your ignorant homophobe of a father sees that you're associated with a queer choir group - say it was a case of mistaken identity or a prank or a troll or anything else you like.
That said, I don't think it's a non-issue when group membership can leak actual or apparent private information; ought to be a simple fix to make it ask before you're added to any group and then the whole problem goes away without anyone getting interrogated about groups they're attached to. The existence of potential deniability doesn't remove the issue, just provides at least some way of coping with problems casued until it's actually fixed.
'Our hearts go out to these young people. Their unfortunate experience reminds us that we must continue our work to empower and educate users about our robust privacy controls.'"
How about instead of giving them some false sympathies deep fried and battered in guilt, served with a side of buzzwords, you put your money where your mouth is? You people don't have a heart to speak of, so it's not going out anywhere -- so why not send them something you actually value, like the cash you earned in extra publicity and selling of their personal data after you outed them?
Your entire business model is built on invasive marketing, selling people's personal data to the highest bidder, and despite numerous high-profile security and privacy failings, including pictures that don't get deleted off servers and remain publicly accessible for years after they've been pulled from user profiles and indefinate storage of all data ever submitted to facebook, even after it has been deleted and the profile removed, you people still have the gumption to say you have "robust" privacy controls? Screw you. Give the kids some money, then maybe I'll believe you actually give a damn.
#fuckbeta #iamslashdot #dicemustdie
The person didn't reveal the information themselves. Facebook allowed someone else to do so. That's the whole point of the article.
The determined Real Programmer can write Fortran programs in any language.
At first I thought it was "Interest in" becoming public information. If that was the case the easy solution is to leave it empty, but it wasn't.
The "loophole" allowed someone to add them to "Queer Chorus" discussion group.
I laugh at the talking head that talked about "robust privacy controls". I locked up my account so that no one except friends can see anything. Or so I thought. Sometime recently (changeover to timeline?) all new posts started becoming public, and I had to re-lock it down. As I notice searching people on Facebook, it seems there's lots of people who previously intended to keep their profile private now have public timelines. These sure are robust controls!
My heart goes out to these students and their intolerant environment.
To this statement I say: Rubbish!
It's just standard boilerplate rhetoric. It's sad, sad indeed. But can one please remind me of what I am losing by intentionally refusing to join Facebook?
I should add that even without Facebook, I am doing pretty good so far. What am I missing?
you're missing the point if you believe sexual orientation is the core of this story
I am getting tired of people seemingly surprised when facebook does something not in their best interest - especially privacy wise...
That's what they are in business for. To get and aggregate as much info about you as possible. Security, loopholes, and privacy are secondary. In fact privacy is a dirty word in facebook land. If you give you secrets and info on face book and think only the people you want to know - know, Your nuts. You have told the world. If you want privacy, then don't join the facebook privacy abomination. It's funny that people (like my aunt) think face book is doing this out of the goodness of their hearts, bringing people together,.. Nothing is further from the truth..
Don't try to un-friend me since i'm not there.. ever..
If one user gets it wrong - sure, that's a dumb user.
Ten? Yeah.
100? Probably still that, considering how many users FaceBook has.
But they should really take a clue from Coursera - in Daphne Koller's TED talk on Coursera she touches on something very similar, namely students having misconceptions on a subject, and how they instead sort of blame the course material, and help correct the students' misconceptions.
This, by the way, is something we see entirely too little of in many types of development.
Not just software - the Stockholm Metro system has automatic gates that open and close to let you through, if you have a valid electronic ticket. And people get hit by those gates and in some cases hurt or stuck.
The company's response? Educate the users on how to use a fucking automatic door!
Honestly, when I read that, I felt like hitting the spokes person in the face and telling him that he obviously needs to be educated in the use of my fist.
It's too bad this happened, but perhaps it will convince some people to simply not use Facebook. Facebook's habit of raping users' privacy shouldn't be a surprise to anyone who uses a computer - they've done it many times, and it's been big news.
Users don't pay Facebook any money, so they have no reasonable expectation of ANY standard of privacy, service, or redress, and Facebook has no 'duty of care' obligations. So it's really quite simple - don't use Facebook, and if you DO insist on using it, then A), don't post anything from which your secrets might even be deduced, and B), prepare to suffer the consequences when, (not if), your secrets are revealed.
It's been said before, and it bears repeating: when you aren't paying for a service, then YOU ARE THE PRODUCT. If you don't want to be treated as a product, don't use the service.
'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
Sexual orientation is becoming less important, especially to the younger generation.
Try telling that to someone who lives in a country where being gay can still get you killed, such as present-day Iraq, Pakistan or Jamaica.
As far as I'm concerned, it's far preferable (and I'd argue, desirable) that people like this girl get their fingers prominently burned so that people realise the dangers of organising one's life (and secrets) via Facebook.
While it could be argued that this wasn't directly Facebook's fault, and that social networking will never be risk-free when it comes to information sharing, it's a fact that Facebook have always paid lip service to privacy, while clearly holding it in contempt.
If they really cared, they could have made the privacy settings far simpler and more manageable, and would not have changed their behaviour without notice (as they've done in the past) to expose previously private information.
They make play of "helping" users manage the privacy complexities that are an (intentional) result of their policies. Most of us know how insincere this is, but I'm quite sure a lot of people out there *do* believe this.
So, as I said, better- and indeed a good thing- that people like this girl prominently suffer unpleasant- but not fatal- consequences and serve as an example to others. Particularly those to who a similar mistake *could* be fatal.
The best defense against your parents finding out about your sexual orientation from someone else will always be to tell them yourself, from whatever distance is safe.
That's not always practical if the "safe" distance is in another country.
"Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
Those "robust security policies" are nothing but paper walls, that can be slid back or removed entirely at the whim of your host, whose house you're visiting.
And your esteemed and generous host is a businessman who's stated quite clearly that your privacy is for sale for his own profit, and that you are a complete fool for trusting him.
Maybe at some point in the future, people will wise up and stop visiting.
Corporation, n. An ingenious device for obtaining individual profit without individual responsibility. - Ambrose Bierce
They are robust for facebook's purpose. They are robust against your attempts to use them to secure your privacy!
Can you be Even More Awesome?!
I have to wonder about parents who haven't figured out their child is gay. I guess maybe some don't want to believe it so choose to be blind. My daughter dated, well...went out with a guy that I pretty much figured was harmless, at least to her, off the mark. I told her he was sweet and she just looked at me and I knew she knew and they were just friends. His parents however went bonkers when upon going off to college he came out of the closet in a big, big way. I still don't get how they missed it.
"you should never post". Get a clue - it may not be you doing the posting.
Here's the problem. They didn't post. They, in fact, used what little privacy controls they had to shield off any posts and activities that would let on their sexual orientation to friends and the public at large.
Who did post, was the then-president of a choir group called Queer Chorus. He added these two individuals to their facebook group. He did so while the group was set public (an 'open' group).
facebook, in turn, notified all the 'friends' of these two individuals that they had joined the group, because that's just how facebook - in all its "privacy? what privacy?" ways - works.
The only time these two individuals ever did anything related to the chain of events was when they friended, or accepted a friend request, from this choir group in the first place. If you're saying that they shouldn't have done that unless they were 'ready and willing' to own, that's fine.
I suppose if they had never befriended the choir on facebook only dealt with them in person, and the then-president had merely mentioned them in passing in a wall post and somebody who knew them had stumbled on that, and posted about it publicly, then they should simply not have dealt with the choir in person.
Maybe you believe that if they weren't 'ready and willing' to own to being gay, they should just have kept up appearances of being straight through all aspects of life.
Rather dangerously close to an "if you have nothing to hide"-argument, I'd say.
Personally, while I agree that anything you post online should be considered a matter of public record, just like picking your nose from the sanctity of your home doesn't mean people won't talk about it the next day if they happened to look through your windows. But then, I have curtains, and I feel that I can reasonably expect that nobody is going to peer through a small slit in those curtains - just as I feel that I should be able to reasonably expect that if I set facebook settings to hide practically everything about me, that they then don't betray that effort by opening up another vector to third parties that is public by design. Naive in both cases, perhaps, but I certainly wouldn't say that it boils down to blaming the users. It's just not that simple.
If you tell Facebook your secret, it's not a secret anymore and you're a moron for thinking it would be.
The problem isn't what they told to Facebook. The problems is that the girls got added to some queer-themed group. group-adding on facebook doesn't require user confirmation nor anything.
A 3rd party just clicked on a group button while the girls were online, and their homophobic parents saw "Girl1 and Girl2 joined group 'lesbian chorus singers' " and freaked out. Without the girls ever needing to do anything, they didn't even need to write their preferences into their profile, and in fact their account could even have been dormant.
The biggest problem is not only that clueless users could mess their own privacy online, but morons can mess other people's privacy as well (and in a few cases including privacy of people who aren't even on facebook themselves).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Surely you recognise the word "becoming"
Yes, I do. Iraq has "become" a significantly more dangerous place for homosexuals in the past few years. It's grossly blinkered to assume that the rest of the world has all followed the United States and Europe, and it's also dangerously naive to assume that the direction of public opinion couldn't change.
If a defense is impossible, you have to fall back on the next best defense. That doesn't change the best defense. The best defense against your parents finding out about your sexual orientation from someone else will always be to tell them yourself, from whatever distance is safe.
That's an idiotic comeback. If you live in a country where people are prepared to kill members of their own family over "honour" (translation; face-saving murder) and such things, then telling one's parents about such things isn't the "best defense".
Yeah, it'd be nice if everyone could tell their parents about such things, and it'd be nice if we all had a pony. Meanwhile, some people have to live in shitholes where a mentally-backward Christian girl in her early teens is threatened with her life because she allegedly burned a koran- though it's just as likely a witchhunt incited by religious leaders- or another teenage girl is shot for speaking up in favour of education for her peers.
Facebook is social networking, and people have to realize that their socializations will be revealed.
The risk will always exist. Facebook's behaviour is comptemptible because they pay lip service to mitigating it while (as you agree) intentionally undermining privacy and making things worse than they need be for their own self-interest.
Facebook's position is the only sane one in this case, since people do need to be educated about this sort of thing.
I'm not sure what you're trying to say here. Is it that- given that Facebook are intentionally undermining privacy, because their business model depends on it- they should educate people about the privacy controls anyway.
While this might technically make logical sense at some level, it's absolutely fucked up. Nor does it take into account the fact that Facebook aren't being open- that is, they try to give the impression they care about privacy and giving people the tools to manage it, when they're not open about the fact they're really doing the complete opposite.
And soon it won't matter. Not soon enough, but tolerance is growing in general.
Indeed, and (for example) Jamaican society tolerates the burning and killing of gay men, so we should all encourage people there to come out to their parents.
When they're dead, it'll comfort them to know that tolerance is growing in general.
Maybe in 50 years time, things will be better there, but it takes a peculiarly tolerance-spoiled type of insensitivity to assume that this makes it okay for everyone around the world to have their secrets revealed today.
Frankly, I don't think we'll ever live in a world where we won't have the need- and shouldn't have the right- to some level of privacy. If Facebook wants to undermine our privacy while weasel-ishly pretending to do the opposite, I'm quite happy for people's attention to be drawn to this.
"Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
The pressure can be overwhelming.
Simple solution: Keep more than one Facebook account. I have one for friends, another for family, another for work, and a fourth for people I don't like very much, which I also use for testing plugins and FB apps.
Internet 101: anything you post will eventually become public; if you you want to keep it a secret, don't post it in the first place. The fact that these two individuals thought that they could mantain two different public personas and keep one of them a secret is simply a testement to their ignorance.
Sexual orientation is becoming less important, especially to the younger generation
You are hanging out with too many hipsters. Try hanging out with some working class youth before making these sorts of comments. Fear and hatred of homosexuals is still very much alive, even among the younger generation.
Those people are the problem, not Facebook. Facebook is just one more avenue for a person's orientation to be revealed.
Meanwhile, in reality, there are people whose homosexuality is a closely guarded secret that only their closest friends know about, because they fear being harassed or even disowned by their families.
Palm trees and 8
But their joining that choir wasn't online.. it wasn't posted by them. The only thing they did wrong was either pursueing their interests by joining the choir or being like everybody else by having a Facebook account. Since science has taught us that everyone who doesn't use Facebook is a horrible murderer-to-be, the latter can't be ruled out-... so they weren't supposed to join that choir?
I have to wonder about parents who haven't figured out their child is gay.
Here is some insight: a large number of people believe that homosexuality is something that a person chooses, and that like all "sinful behaviors," that choice is motivated by a lack of Christianity in a person's life. For many people, the concept of their children -- who come to church every week, who do not watch television, who threw away the condoms their school gave them, and so forth -- being gay is beyond the scope of possibility. They firmly believe that their children are no more likely to be gay than to rob an elderly woman to get money for heroin.
Palm trees and 8
This is not just about what you do online, it is about what you and all the people you associate with do online. I am not on Facebook, yet Facebook still manages to collect information about me (and spread it around): people "tag" me in photos, sometimes people invite me to join Facebook, and people might mention me in messages they send to each other on Facebook (including public messages). So despite the fact that I have no Facebook account, at least part of my personal life is being collected by that system.
That is the point of TFA. These people did not announce their sexual orientation on Facebook, someone else did, without their permission.
Palm trees and 8
I do not have a Facebook account, therefore your assertion that everyone has a Facebook account is false. I do not have an account because I cannot be bothered to jump through privacy setting hoops to keep control of information that is mine in the first place. Nothing you put on the Internet is private; put nothing there that you would not announce to a room of friends, family, and coworkers, and future employers. I can never think of anything that I would want to say to all these people at once, so I don't use Facebook.
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
Read The Fucking Article - she didn't put the information on there, someone else did (and Facebook's extremely poor privacy controls allowed it). That was kind of the point:
Do you understand what this is about? Facebook allows other people to add you to groups - in other words, your 'friends' can basically edit an aspect of your profile. It's bizarrely stupid, and has been a common complaint for a long time, and this wouldn't have happened if Facebook didn't do this, but Facebook defends this practice.
Not using FB doesn't fix the problem, because anyone can post anything to Facebook about anyone. Better you DO have a FB account, as at least there is some chance you'll get notified when someone chooses to post something undesirable (to you) about you. If you don't have a FB account, you won't even know that there's a doctored photo of you having sex with a donkey posted with your name on it.
And the fourth one has more friends than the other three combined, right?
Correction: only friends can add you to groups but you cannot stop them, only leave when you receive the notification. I thought I saw this setting somewhere but it's either gone or more likely I confused it with another setting.
I guess this system does a lot to encourage group membership. In the same way people wouldn't bother joining they won't bother leaving. Hence Facebook gains a valuable/insidious source of user data typing.
.
Choose your Facebook friends wisely.
I do not have a Facebook account
Do you have any friends that use Facebook on their smartphone? Uploaded photos and tagged you? Mentioned you in a wall post? If so, then Facebook already has an account for you, you just haven't set a password on it yet.
IOW, Facebook has enough users that they can identify gaps in the social graph corresponding to people who don't use Facebook. It's naive to think they don't do anything with this information.
If your employer types your name in a search engine, is he only going to find the account for colleagues? I'm not on Facebook so I have no idea, but I'm wondering, aren't you required to use your real identity?
Also, is it not annoying to log in four times every day?
That doesn't sound simple. Sounds like a PITA. Also a violation of the TOS.
When someone adds you to a group, Facebook automatically notifies all your friends, with no way to turn that off. He received the automatic notification--he didn't need to check anyone's profile to find it.
There is a privacy setting so you can't be added to groups without your permission which undercuts the claim that they were 'sophisticated users'. To be fair I think Facebook set this to false by default when they added the feature.
And you have to be a Facebook user to apply that setting. And then you must repeatedly find and re-apply it when Facebook rearranges its privacy settings and resets them to default (usually undesirable) values. Even a brief period with the setting the wrong way could be disastrous, if the tagging (and consequent promulgation of the tagging) occur during that time.
Those of us who are not Facebook users can apparently be added/tagged/whatever entirely without permission. For all I know, I've been named and tagged in all sorts of photos/groups in malicious ways. That's a nasty problem for some folks, which will likely remain unresolved until it is regulated in some way. By avoiding and actively denying decent self-regulation, Facebook is almost demanding that its actions be limited by legislation. I have no idea what happens to tags or suchlike applied to Facebook users who subsequently renounce/cancel their Facebook accounts. Potentially yet another divisive issue.
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
If you are hiding it, you SHOULDN'T have joined such a group.
Of course I haven't RTFA, but from the summary:
...a privacy loophole on Facebook—the fact that anyone can be added to a group by a friend without their approval.
So they didn't join the group; a 'friend' added them
Simple solution : don't have friend either . :-P
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
I do not have a Facebook account, therefore your assertion that everyone has a Facebook account is false.
Do you browse the net and see those facebook like buttons now and then? Whenever you see such a button, facebook registers your IP-address and knows what website you were viewing. Only if you use addons like Ghostery you can avoid this, but many people don't know that.
You may not have a facebook account, but facebook is certainly trying to monitor what you do online. If you ever do register, they will soon enough be able to link you to that older data.
Given that this 'loophole' has existed for years - hell someone once added Zuckerberg to the NAMBLA group linky - and hasn't been fixed I'd say it's pretty much a feature at this point.
People in cars cause accidents....accidents in cars cause people
Facebook breaks my terms of service too, so we're even!
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz