32 comments

[ 4.0 ms ] story [ 68.3 ms ] thread
I wonder if anyone ever sued the phone companies for printing phone books... they had the name and phone number for everyone!
I’m fairly confident that we could all request not to be listed. Perhaps a closer parallel is to ask if the phone directories could be sued for publishing a number following an opt-out request...
You need to pay extra to not be listed.
Some countries might allow this but not all. I can set my number as secret (not shown when calling someone and not included in any lists) at my telco userpage and I can (also for free) set everything, incl. name and my address as secret too on a national webportal. Doing so hides the info from domainname look up etc. and in most governmental systems as it is made to help protect privacy and stop sstalkers This is in Denmark btw.
Only became free in 2003 in France, and the main telecom company then was not happy, refused to tell how much money it was gaining from selling the data previously, and asked for a subscription increase in exchange.
When I was growing up, you had to pay the phone company to not list your number.
(comment deleted)
Did they have my phone number?

Literally one click and I had a list of every UK Facebook users public phone number, that's not a phone book.

Libraries had phone books for other areas. You could find the phone number for anyone.

There as no easy way to do a reverse lookup, but I think people are more afraid of someone finding their number from their name, not their name from their number.

Ironically, Ireland might be the most capable nation of reigning in big-tech given their preferred tax status and their subsequent mind-blowing profits residing there beyond the reach of the US feds—for now at least!
Well deserved.
It depends on the outcome. Companies get sued, sue each other all the time. A company like FB probably has the best lawyers money can buy, it is probably just business as usual for them at this point.

I do hope something good (for users, not FB) comes out of it.

Facebook is saying the info was scraped, but I don't see my phone number publicly visible anywhere on Facebook, yet it's found by HIBP - any idea what they're referring to?
(comment deleted)
I believe the data was scraped from the API endpoint that allowed looking users up by their phone number--the bot just ran every possible phone number and got back everyone who had that feature enabled. They've locked that endpoint down, but this is the fallout from that initial failure to rate limit.
One must be really dumb to allow a bot to make hundreds of millions of API requests and not noticing.
That's not that many API requests at Facebook's scale. Would be curious as to the rate that the requests were made; as well as how many IPs they were distributed over.
The Fappening was Find My iPhone API rate unlimited......
I've always double checked that my phone number was listed as private and yet they leaked that, so I don't buy their argument that it was scraped.

I just double checked and its set to "only me", which is what its always been. (I think I only added it because the app wanted it, but its been years since I've used the app, so don't remember)

The data is definitely not publicly scraped. I downloaded the data set. Phone number, location, date of birth etc were always private. It's possible that they have a private API that shares the data to advertisers and that might have been scraped. I created https://fbleak.com to show masked data to users to show the extent of the data leak.
Australia (+61), is not in the phone dropdown?
Actually Australia was not part of the breach.
If you find discrepancies between those tools, you can go through the dataset by yourself since they are all over the internet now... I checked the set and didn't find myself in it but most if not all of my close-kin are in it.
As I recall, the leak was essentially bots scraping data that FB calls "public" but which it's terms of use say not to scrape.

The thing is, FB's protections are kind a fantasy to start with. The idea you know your friend's information but your friend's-friend's-friend's might work in real life but not on the Internet. At the same time, this fantasy is what Facebook has sold it's users (and I'd note that a look of FB user got online first with FB and so take their real life beliefs to it).

One outcome of the suit might be for FB to say "you couldn't expect real privacy from this anyway, how can we be liable" and then the judge force to FB to label it's policy "privacy protection entertainment" in the way we got World Wrestling Entertainment. And another option is for FB to pay off the suit just to avoid that happening.

-- I remember FB saying "this wasn't a hack", which is technically true. It's a manifestation of the porousness of FB's model, which is worse, at least if you expect privacy from FB.

-- Finally, lots of people say "I hate FB for not giving us privacy" where they mean the sort of pseudo-privacy around "only friends know". Here, if you accept this concept of privacy, only an entity like FB could give it to you, so cleaving to that privacy policy strengthens FB even when it's hated. It's the regulating social networks. If FB was a regulated monopoly, they'd be absolutely "too big to fail".

Serves 'em right for building in PHP ;)
They can get hit with almost any lawsuit, and get out completely unscathed. These big tech companies (Facebook, Google, Apple, etc.) are at the point that they are - too big for our planet. It is really - simple as that.