Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook Launches Bug Bounty Program To Report Data Thieves (cnet.com)

Posted by msmash on from the a-day-late-and-a-dollar-short dept.

Facebook on Tuesday launched a data abuse bug bounty program, just hours ahead of CEO Mark Zuckerberg's testimony to the Senate judiciary and commerce committees in Washington, DC. The bug bounty program is asking for people to report any apps that abuse data on Facebook, and it offers a reward based on how severe the abuse is. From a report: "While there is no maximum, high impact bug reports have garnered as much as $40,000 for people who bring them to our attention," Collin Greene, Facebook's head of product security, said in a post. The new program comes almost a month after the New York Times and the UK's Observer and Guardian papers revealed that Cambridge Analytica, a voter profiling firm, took advantage of a Facebook app to siphon off personal information on 87 million people. The scandal has fanned the flames of a backlash against Facebook by lawmakers and users.

35 of 66 comments (clear)

  1. Better idea by 110010001000 · · Score: 4, Insightful

    Here is a better idea: do it yourself. You know, actually monitor your website and stuff. It is a radical idea.

    1. Re:Better idea by Anonymous Coward · · Score: 1

      Just like we expect the Republican adults in Congress to investigate a very-well-known criminal enterprise replete with bullshit ponzi-style "university" no less....

      Oh, grow up, sprout a brain, and fucking drop it already.

      The biggest, most corrupt crook in the last election was the one who fucking lost.

    2. Re:Better idea by skovnymfe · · Score: 1

      But having an operations team costs money. It's so much easier to just hire more developers who have no clue about operations. DevOps!

  2. Obama campaign? Redirect to /dev/null by Anonymous Coward · · Score: 1

    Where was all this outrage four years ago?

  3. Obligatory Pogo by Stormwatch · · Score: 1

    "We have met the enemy and he is us." - Walt Kelly

    --
    Circumcision is child abuse.
  4. Report Der Zuck by Oswald+McWeany · · Score: 4, Funny

    Facebook Launches Bug Bounty Program To Report Data Thieves (cnet.com)

    Hello, I would like to report Mark Zuckerburg please!

    --
    "That's the way to do it" - Punch
    1. Re:Report Der Zuck by Rosco+P.+Coltrane · · Score: 3, Insightful

      You can't report Zuck: he ain't a thieve, he's a con artist: he managed to convince his users that giving away their data is a negligible price to pay in exchange for a great service. People are slowly discovering it's the other way around, but it's too late now.

      --
      "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
    2. Re:Report Der Zuck by Errol+backfiring · · Score: 1

      If he would only gather your personal information from your account on facepalm, you were right. If he collects data about me from other facepalm accounts, web beacons and other software or services that turn out to be facepalm-owned, the he is a thief.

      --
      Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
    3. Re:Report Der Zuck by Rosco+P.+Coltrane · · Score: 1

      I doubt it. I bet you anything that deep down in the TOS that all Facebook users have agreed to - after reading it carefully from beginning to end, no doubt - there is a provision saying the users lets FB use and abuse their data any which way it wants.

      --
      "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
    4. Re:Report Der Zuck by Anonymous Coward · · Score: 1

      well put.

      if that information your giving to him is so innocuos how come he's worth *billions* from selling it?

  5. Re:DUMP TRUMP by DigiShaman · · Score: 1

    Nah. The Russians will probably nuke it.

    I know, I know! You're so very conflicted over the outcome.

    --
    Life is not for the lazy.
  6. Dear Product^h^h^h^h^h^h^hCustomers by nospam007 · · Score: 1

    We have so much data about you, your kids, your family, your friends, your vices, your drugs, your vacations and we leak them like a sieve.

    Please tell us who captures your data, so that we can send them a bill.

    Thanks a lot suckers^h^h^h^h^h^h^h

  7. Re:Obama campaign? Redirect to /dev/null by jellomizer · · Score: 1

    There is a difference between using data that was openly available with links to apps that were open to what they were doing with your data to see that you may fit the demographic that would vote for Obama, and have ads that pop up and say go out and vote for me. Vs. Having apps to trick you into figuring out what political persuasion you are and give you a custom message showing how evil opposition is, not just official running, but how all of their supporters are sub-human monsters. Scheduling rallies for the rightest of the right, and protests for the leftest of the left in the same location just to spur up anger and perhaps get some violence.

    Facebook is still selling your personal data. The problem was the wrong people got a hold of it.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  8. lol sure by o_ferguson · · Score: 4, Interesting

    I reported a bug under their last bounty program and they said "while this is a bug, and we will fix it, it's not a 'security bug' so we won't be paying you for reporting it." I hope they die in a fire.

    --
    - In Soviet Korea, only old people loose all their bases to Natalie Portman's petrified hot grits overlords.
    1. Re:lol sure by HornWumpus · · Score: 1

      He's nothing but a low-down, double-dealing, backstabbing, larcenous perverted worm! Hanging's too good for him. Burning's too good for him! He should be torn into little bitsy pieces and buried alive!

      Hanover Fiste

      --
      John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
    2. Re:lol sure by TwoUtes · · Score: 1

      Awesome Heavy Metal reference!

    3. Re:lol sure by stephanruby · · Score: 1

      Do you think it was a security-related bug?

    4. Re:lol sure by o_ferguson · · Score: 1

      Other than the fact that all bugs are security bugs, yes: it allowed you to post content direct to other users' walls, who were not your friends but in the same group as you, and to do so with no attribution, so the other users could see that you posted it to their wall, but not why you had access to their wall. It was a way to clearly violate their user compartmentalization organization, but they argued that since users had joined groups willingly, their rights hadn't been violated and so it wasn't really "security" related. But they still fixed it right away.

      --
      - In Soviet Korea, only old people loose all their bases to Natalie Portman's petrified hot grits overlords.
    5. Re:lol sure by ViXiV · · Score: 1

      Did this EXACT same shit to me for a CSRF bug where I was able to wipe and brick certain residental routers over their messaging system. They said it needed to be fixed in all the routers in the entire world by the manufacturers instead of incorporating appropriate CSRF filters in messages..... LMFAO, do not trust any bounty program from FB for any reason whatsoever!

    6. Re:lol sure by o_ferguson · · Score: 1

      lawsuit time

      --
      - In Soviet Korea, only old people loose all their bases to Natalie Portman's petrified hot grits overlords.
    7. Re:lol sure by ViXiV · · Score: 1

      Apparently they are notorious for worming out of paying for legitimate bug bounty reports. They will refuse to pay you if at all possible and they have gotten really good at scamming security researchers and hackers into free work. IMO a lawsuit would be frivolous as they would likely spend more on their attorneys then paying the actual bounty just to make an example of the researcher and deter others from following suit. Stop reporting bugs to FB and just sell them for what they're actually worth instead of working for nothing.

    8. Re:lol sure by o_ferguson · · Score: 1

      So we should kill them?

      --
      - In Soviet Korea, only old people loose all their bases to Natalie Portman's petrified hot grits overlords.
  9. Re:DUMP TRUMP by Anonymous Coward · · Score: 2, Informative

    Moron? Is he dumber than you?
    Can you do what he did then?
    Left rage never stops being amusing because you could not give a fuck about what Obama and Hillary did because identity politics is noble.
    Obama was worse than Bush and did a lot more damage and all you fucks care about is he wasn't white so he gets a pass.

  10. Needs more commas by WillAffleckUW · · Score: 1

    40,000?

    Look, FB, you're facing probable fines with four commas in the US and similar ones in the EU.

    Try adding more commas. I'd go for at least two.

    --
    -- Tigger warning: This post may contain tiggers! --
  11. Hello Facebook? by forkfail · · Score: 2

    Yes, I'd like to report Facebook, Inc. It seems that they have provided APIs through which they sell private data to anyone with a bank account and a keyboard.

    Where can I pick up my check?

    --
    Check your premises.
  12. Facebook Launches Confession ... by CaptainDork · · Score: 1

    ... That They Won't Own Up To A Fucking Thing.

    discuss

    --
    It little behooves the best of us to comment on the rest of us.
  13. Proper vs Improper Abuse by Tominva1045 · · Score: 2

    So improper abuse is when you skim data off Facebook and market to those people elsewhere. Proper abuse is when you do a Google search on a product and two minutes later it's in your Facebook feed. Got it-

    --
    Cogito Ergo Sum
    1. Re:Proper vs Improper Abuse by bobbied · · Score: 1

      Actually, pretty sure it was improper because FB weren't paid enough for the data gathered. If they had been paid, it would have been ok.

      The Obama campaign in 2012 didn't pay a cent to Facebook. Download their app and you got your friends information sucked into the DNC's database.. https://www.nationalreview.com...

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
  14. Re:Obama campaign? Redirect to /dev/null by gnick · · Score: 1

    I posted this in another thread the other day. Some similarities & differences between what the Obama campaign did and what Cambridge Analytica did.

    The Obama campaign and Cambridge Analytica both gained access to huge amounts of information about Facebook users and their friends, and in neither case did the friends of app users consent.

    But in Obama’s case, direct users knew they were handing over their data to a political campaign. In the Cambridge Analytica case, users only knew were taking a personality quiz for academic purposes.

    The Obama campaign used the data to have their supporters contact their most persuadable friends. Cambridge Analytica targeted users and their friends directly with digital ads.

    --
    He's getting rather old, but he's a good mouse.
  15. Re:Obama campaign? Redirect to /dev/null by jellomizer · · Score: 1

    Not the agenda. The Tea Party also used social media to push their agenda and brought in a lot of Republicans into the congress to followed their ideals.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  16. Re:Obama campaign? Redirect to /dev/null by jellomizer · · Score: 1

    Greetings comrade. How is the weather in Russia?

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  17. Re:Obama campaign? Redirect to /dev/null by ckatko · · Score: 1

    Seriously. It's hilarious to watch the mental gymnastics of Google's CEO openly tauting that he's DIRECTLY working with a presidential candidate to "use our data" to help the candidate.

      - Facebook sold some ads. Who the fuck reads Facebook ads?
      - Google literally used their entire platform (read: tracking your information) + "muh algorithms" to assist a candidate.

    And IN RETURN, the CEO got, and I quote, "a virtual open door to access the White House at will"

    https://www.googletransparency...

    https://theintercept.com/2016/...

    https://mashable.com/2009/04/2...

    https://www.wired.com/2008/11/...

    https://www.politico.com/story...

    https://www.theguardian.com/te...

    "Eric Schmitt, 'CEO of America' "

    And these are LIBERAL WEBSITES running these articles. So you can't even play the whole "alt-right / foxnews / fakenews / Russia-wrote-it" Red Herring bullshit.

    Of course, I don't know why we're restricting to Obama either. Under Hillary, they did the same thing (for likely the same quid-pro-quo arrangement):

    https://www.washingtonpost.com...

    http://www.googletransparencyp...

    https://qz.com/823922/eric-sch...

    https://www.politico.com/magaz...

    https://qz.com/520652/groundwo...

    So with literally DOZENS upon dozens of professional articles dedicated to the subject from dozens of separate news organizations, anyone who ignores this well-established fact is throwing their head in the sand and humming, and not worthy of a debate response and should be downvoted accordingly for low signal-to-noise ratio.

      -> Google did everything Facebook did, and far more.

  18. "Thieves" is the operative word... by SeaFox · · Score: 1

    They want to make sure the only people taking data are the ones paying for it.

  19. How about this one? by argStyopa · · Score: 1

    "Bug: you business model is based on selling data gathered without permission from users; effectively, this is like the Mafia asking people to help guard their loot. I can't imagine the cognitive dissonance needed to sustain that sort of hypocrisy, so it must be a bug?"

    Do you think they'd pay me?

    --
    -Styopa
  20. Facebook Bug Bounties have Stolen Millions by ViXiV · · Score: 1

    Another Bug Bounty system from Facebook? Except they have been stealing from security researchers since the first bounty program was started by finding loop holes allowing them to not pay those bounties. They neglected to pay at least 2 legitimate bounties for bugs provided by myself stating that the bugs needed to be fixed in every router in the entire world instead of providing filters for it in their own messaging system which they eventually enabled without the bounty being issued. So essentially, they can make up a reason to not pay you and then fix it in the background and most people are none the wiser.