100 million Facebook user’s data has been slapped up on BitTorrent, a total of 2.8GB of names, URLs and contact details. But all of it was publicly available, through user accounts that do not restrict search engine access in Facebook’s settings.
Canadian security researcher Ron Bowes created a crawler script to access the Facebook open access directory, and came up with contact details, friend lists, and account names. Bowes aimed to raise awareness of the privacy issues surrounding Facebook’s use of information, but could this have backfired, given that the information is now readily available on two of the largest torrent sites, BitTorrent and The Pirate Bay?
Bowes said in a blog post: “I can find the name of pretty much every person on Facebook. Facebook helpfully informs you that “anyone can opt out of appearing here by changing their Search privacy settings” — but that doesn’t help much anymore considering I already have them all (and you will too, when you download the torrent). Suckers!
“Once I have the name and URL of a user, I can view, by default, their picture, friends, information about them, and some other details. If the user has set their privacy higher, at the very least I can view their name and picture…if any searchable user has friends that are non-searchable, those friends just opted into being searched, like it or not! Oops.”
Facebook responded, saying: “In this case, information that people have agreed to make public was collected by a single researcher and already exists in Google, Bing, other search engines, as well as on Facebook…this is the information available to enable people to find each other, which is the reason people join Facebook.”
But this seems to be the point Bowes is trying to make: most of us have no idea how much of our Facebook information is available to search engines, and with Zuckerberg’s unpredictable flip flopping on privacy settings, plus his belief that Facebook now creates social norms, it’s crucial that we’re aware.
