142 comments

[ 3.1 ms ] story [ 419 ms ] thread
Oooh! Well played. I really want the candy, but I know they're going to do something bad with the information they take from me... I'm still tempted.

Ok, so I did it and now I'm never sleeping again.

Care to explain for those without Facebook accounts?
Indeed. So basically someone made a very high quality video of a creepy dude in a dark room creeping on Facebook and getting really mad. Then (with some special effects they used) they make it look like (almost perfectly) the guy is viewing your profile page, looking through your photos, and creeping on your friends. Then he maps your last known location on Google Maps, looks right at you, and drives over to your house.

It's eerily realistic.

Disclaimer: not my project, found it on the web.

(comment deleted)
not to mention that, in the car, he has a print out of your profile picture, and a screwdriver (or is it a box cutter) in his hand as he exits the car.
I'm betting its a lollipop in his hand. The video doesn't make it clear but the ending title screen shows a lollipop taped to something so I feel like that was a hint.
" ... Just upload lots of pictures of cats, then it's LOL funny." -Jason Zada
It's an example of how much personal data you actually leak through Facebook illustrated through a movie of a crazy serial killer browsing Facebook, with nicely done overlays of your actual personal data that the app pulled from you.
no, not really, considering you have to explicitly allow the app to access all that data...
Yes but I'm sure many people did... And it wasn't hard to do.
Exactly, and you did allow it to do that on nothing more than an image of a lollipop and endorsement from this community.
Except I didn't. The confirmation page was enough for me to drive home the point.
that seems reasonable to me. if something gets to the top spot on HN, I'd think its worth a try. some other random app? much different story.

  movie of a crazy serial killer browsing Facebook
Serial killer? That's just your assumption, based on video editing. Remember the scene in Men in Black, where Will Smith is asked to shoot cardboard aliens and shoots a little girl instead?

HN Against Prejudice! :-)

(showed TakeThisLollipop to my gf, who freaked out and immediately deleted all fb apps... so prejudiced!)

Since when does "leak" equate to "explicitly grant permission to access"?

It is not like the app is getting information that some random hacker can access, at least if you have any privacy controls set on your Facebook profile.

Right, because Facebook would never change their privacy policies on a whim without giving users warning ahead of time. At least they probably won't. Anymore. Well, only if they really need to.
No, it's getting information some random website can access by offering you a picture of a lollipop. Stranger danger?
That was very, very well done.

How did they do video compositing on top of an embedded browser window in Flash?

Perhaps they pre-rendered the webpages server-side using WebKit or some such and sent a screenshot to Flash....

This is a pretty disruptive use of the Facebook API. Personalized entertainment content, I love it!
This could be exactly what I need to finally get my wife off Facebook....
The production value is very high. FB Open Graph Protocol meta tag found in source:

  <meta property="og:type" content="tv_show"/>
Perhaps it's a viral media stunt to promo a new TV show.
I'm not sure that it is, but now that you mention it I feel like this could actually be a REALLY effective viral media stunt for a new TV Show/Movie...
Amazingly well done... Now, I'm going to cry myself to sleep.
(comment deleted)
In the same position. Had the new Walking Dead season playing on the TV in the background. Great, great combination.
Doesn't work for me? Do I not have enough info?
What exactly happens after the one hour on the end? Can't afford to wait right now
he knocks on your door
Yeah, good luck to him finding "X5, Cardiff".

There isn't an "X5" postcode here, nor is it anywhere near where I was last time I did a location based update. The inaccurate google map thing is what made me lul.

I /do/ share location with Facebook, but I sent the guy off looking for " , (null)". I doubt he'll get there soon.
yeah, according to him, I study and work at undefined, undefined.
Yeap, they should limit themselves to a higher zoom level. I'm guessing they used geoip, and it barely close.
nothing, the clock simply runs out...

will report back tomorrow with a follow up comment ;)

That is impressively creepy. Wow. Anyone know the background?
He is seriously pissed off that you are advocating the use of Emacs over vim in some Facebook group.
It killed the mood when he searched for ,(null) in Google Maps, but otherwise pretty freaky.
It's nice that you can disallow the permissions granularly, for example, I didn't mind it accessing all my data, but posting AS me on facebook? No. Disabled. Happy days.
Keeps cutting out part way through, but VERY well done.
This actually just freezes for me/nothing happens after I click "Connect with Facebook". Chromium 12.0.742.112 (90304) Ubuntu 10.10.
(comment deleted)
I had the same. I looked at it in chrome inspector and it turned out the reason was that I didn't allow the 2nd set of access rights, because it said it was optitional.
I didn't allow them and it still worked for me.
Flashblock?
I use both Adblock Plus and Better Popup Blocker. But both disabled/site allowed. :-/
Linux end-user issue #988823422
Same for me on Chrome + MacOS. I opened it in incognito mode and it worked.
Revoked access to tons of applications.
Likewise, found about 30 that I had allowed access to - no idea when I did half of them! All gone now!
Same here. And when I was at it I looked at Twitter.
If you don't want sites like this to view your stuff, please also set the privacy setting for applications your friends use to a better one. Or else you would be next.

P.S. Since you connect to that application by yourself, that is pretty clear that they can read your friends list, your feed and post as you.

I gave the guy all those details and pics while authorizing the app!

There's no way too see those things without being my friend.

There's at least one other way... make a creepy viral lollipop site, get it on the front page of hacker news, et al.
Well, how many other seemingly innocent (or not) apps did you give the same permissions to ?
This. It's very well done and all, but what is the point? That if you explicitly allow access to one specific application, that application will have access? Or is the creepy guy supposed to be the app developer?

A better idea (maybe not possible, I dunno) might have been to have different things happen based on your privacy settings. That would actually call people's attention to something they should care about, instead of just fear-mongering to everyone regardless.

If you care about your privacy settings and lock them down. you are (probably) not the target audience. And part of a minority anyway.

Speaking of which, how many of your FB friends would grant ~impersonation~ rights to an app without lots of thoughts? And - could that app then, using your _friend_ as proxy, play this particular game of fear with you?

Looks like it's connected with the ad agency Evolution Bureau ("EVB") (clients: [1]), the same people who did the Office Depot-braded "Elf Yourself" sensation [2].

Why do I think it's EVB? This is the only other site on the same IP as manipulation.com, and manipulation.com is registered clearly to EVB. The agency's creative work is consistent with this project too.

[1] http://evb.com/work/ [2] http://elf.evb-archive.com/

any idea who the client is? i searched for "evb google" but didn't come up with anything...
Quality is fantastic, I too am curious as to how they are generating the pages into the movie.
What happens when the countdown gets to zero?
I tested this out for you. It just stops at 00:00:00 and nothing happens at all!
Good luck finding me in the middle of the Indian Ocean dork