35 comments

[ 2.9 ms ] story [ 83.6 ms ] thread
Before people get too bent out of shape/excited, the data within the files is just people's names and counts as well as the URL to their profile. All of these profiles were already public.
Still means there'll be more "data entry" job request in outsourcing forums requiring indians to enter friend requesting captchas all day. Oh and more friend requests from people that will send you spam every week.
But if you went and got it from Facebook, I could alter my settings and make it go away. The torrent is forever.

However, to believe what I just said is completely naive. If you screw up and make something public, the likelihood that it is already forever somewhere is close enough to 100% that you should just expect it.

The URL to your profile and your name are always public information on Facebook, regardless of what settings you tweak. All this torrent supplies is your name and your URL.
(comment deleted)
Facebook won't allow this link to be posted in the feed. Its considered abusive.
I believe Facebook doesn't allow any links from The Pirate Bay.
Did you try a link shortening service? Maybe one without 301 redirect
(comment deleted)
This is basically the business model of RapLeaf.
You can also get Google profile URLs for 16,256,271 users from the top post in this thread: http://news.ycombinator.com/item?id=1537968
I don't know if you've ever tried, but Google generally won't actually let you look through millions of results. It also eventually presents you with a CAPTCHA to solve if it detects that you're scraping its SERPs.
If this included friend information it would be much more interesting.

As it stands, it's just a proof of concept.

You could gather friend information easily. The info is there, this guy just didn't collect it.
Facebook's fuckup is not to have some sort of anti-scraping system running. If they'd limited the number of public-facing profile views to 100 a day per IP address then this would have taken 41,666 days for one IP address (obviously you'd use more, but it illustrates the point).
And many college students would be blocked from Facebook... even if you increased the number to 1000 :)
Fb could up the limit for an ip based on the number of users logging in from that location. Plus I'm only thinking the public facing non-friend profile views.
It wouldn't solve the entire problem, but resolving the IP address to its assigned DNS name could also help. Anything coming from .edu could be exempt, but 100 full hits an hour from *-dhcp.mylocalisp.com could be flagged for abuse.
Do many colleges use NAT? Every college whose network I've been on gives external IPs to each network device.
The University of Alabama in Huntsville uses NAT for the folks who use its wireless network, or the network in the dorms; everyone on those networks gets a 10/8 address. Additionally, UAH is connected to I2, but doesn't provide any IPV6 connectivity for those who use its I1 connection. :/
I guet a malware warning when visiting the site.
While this is cool, I'd be truly impressed if it was expanded to all 500 million Facebook users, and included all the friend graphs. Basically a fully scraped copy of Facebook's data, kept up to date, and available for free via Bit Torrent. I suppose the best shot at doing that would be using a bot-net.
This is supposedly everyone with publicly searchable profiles so I'd be truly impressed if 329 million people adjusted their settings, and not at all surprised if the 500 million figure did something cute like classify visitors as users, eg: digg and their "40 million users" of which 0.0047% liked the current most popular story.
How do you "visit" facebook? You get a login page.
Lots of pages and even apps don't require you to login.
What is this useful for?
I guess it's useful for tracking people who might have deleted their facebook account.
Now for someone that scrapes the friend graph and turns it into a torrent. That might be more useful.
I would like to offer a bounty to the first capable script author who can take this 'proof of concept' and correlate names with email addresses and/or telephone numbers.