31 comments

[ 3.4 ms ] story [ 53.7 ms ] thread
(comment deleted)
> to my surprise, the dataset included each user’s unique Facebook ID number.

Come on Facebook, you should be hiding your internal identifiers from third parties. Ideally each consumer of Facebook data should have its own mapping of identifiers to make it more difficult to combine datasets later on.

considering that for a long time facebook didn't have "usernames" and everyone was identified by a number this doesn't seem strange (especially as my faulty memory might mean that they created usernames post 2005)
I know they exposed identifiers in friends lists as well, long into 2013 as I recall. I remember hanging out with friends and grabbing the Inspect Source HTML from their little "Friends tile" that had a ranked list of Identifiers that were based off of how much their algorithm thought we were friends. It would display a random selection from the top 50 or so but all 50 were in there and were fairly accurate as to who I interacted with most on Facebook. My friends and I would log them all then compare notes.

I never had any illusions that Facebook wasn't spying on me: I just had illusions that they wouldn't be so stupid as to sell the only thing that makes them valuable in a raw format to customers.

Google at least just sells you targets.

One can still find the id, even when a person has chosen a username that masks it. Right click the block option of a user you are not friends with, copy the link and voila, you've got the user id now.

I mostly use that to see public but normally inaccessible pictures of people I am not friends with (i.e. pictures they've been tagged in).

Try it yourself (for some reason this only works on desktop mode): https://www.facebook.com/search/{$PUT_THAT_ID_HERE}/photos-o...

Facebook has restricted apps to only receiving app-scoped IDs since 2014.
That deserves a serious wat. How could you be so dumb as to release internal non-opaque IDs.
I believe we called that, "2003 engineering decisions."
It was 2005. The web was a different place back then. Although it's a bit earlier, ICQ used monotonically increasing user IDs as its addressing mechanism.
Site is down, but the link that fits the title better is [1] anyway,because that is where the dataset originated. This page also has the timeline of the release. Very short timeline, that is, because you can imagine how quickly they had to take it down.

[1] http://masonporter.blogspot.de/2011/02/facebook100-data-set....

I'm trying to see which is a bigger problem at hand. The Equifax breach a couple months back or the FB fiasco.

Equifax breached over 143 million users with social security #, credit card #, and personal data.

For FB, can someone explain to me what was the actual damage, was it just personal information about you?

Best way I can think of explaining it: The Equifax breach was more of how you're identified, whereas with Facebook it's more of who you are.
> For FB, can someone explain to me what was the actual damage, was it just personal information about you?

FB allowed apps to access data about the user (who authorized the app) and their friends (who did not need to authorize the app).

The kind the data FB has can be used to reveal a lot of information about you (e.g. age, where you live, etc.) and this information can then also be used to derive things you haven't told FB -- such as estimating your income or predicting your SSN [1].

[1] http://www.pnas.org/content/106/27/10975

and you cannot remove easily facebook apps from your android phone ... same for apple phone??
That is not true. Only Android phones from the absolutely shittiest manufacturers have malware pre-installed.
Samsung?
Yes, the shit they ship on their phone is horrible. I would never use or recommend one of their horrible phones.
Unfortunately the pre-installed cancer apps are pretty evil; the worst was the B&N Nook HD, which went online after every reboot and reinstalled any uninstalled apps.

My first step for any new Android device is to root it to kill the garbage pre-installed 'system' apps or better yet, if there is an option, install LineageOS. Newer devices are slowly making this more and more difficult with a few exceptions so I now stick to older devices.

iOS definitely doesn't come with Facebook pre-installed.
I think you are asking about removing the apps you have authorized through facebook and not the actual facebook apps themselves?

If so it should be in settings on mobile (is on iPhone at least and it's just a webview). It takes a lot of steps, but definitely there.

Further reading:

"Anonymised" data on internet users obtained for "research"

Relationships between industry and academia

https://www.theguardian.com/news/2018/mar/22/facebook-gave-d...

Self-regulation

Patents on protecting communications (see FN 18)

https://gking.harvard.edu/files/LazPenAda09.pdf

http://www.nytimes.com/2006/08/09/technology/09aol.html

Data from 12 million Facebook users

"There are legal obstacles to making the data available" (see Acknowledgments)

https://www.misrc.umn.edu/wise/papers/1b-3.pdf