- Tools & Templates
- Security Jobs
- Data Protection
- Identity & Access
- Business Continuity
- Physical Security
- Security Leadership
Facebook privacy unraveled, Part 666
We've written many times about how our privacy has been eroded online. We've mentioned more than once that it's usually the user's fault for flaunting everything and lacking self control. Now Callum Haywood is out to further illustrate those points with a truly amusing site called "We know what you're doing."
Haywood says on the site's "about" page that the endeavor was enabled by a tool he built that queries Facebook Graph API and outputs the results.
He's focused his attention on four flavors of Facebook status update stupidity:
- Who wants to get fired? Haywood's tool populates this category by searching status updates for phrases such as "hate my boss."
- Who's hungover? Searches for "hungover" in updates.
- Who's taking drugs? Searches for words such as "cannabis."
- Who's got a new phone number? Searches for phone numbers.
A few choice status updates:
Take this rant from Jimmy, who hates his boss:
"I hate my boss. He cut off my pay cauz I slept in for one day, and now I'll not have enough to go out for tha 12th :@"
about 13 hours ago, 1 people like this, posted from web
Or this one from Anastasia R, who has homicidal thoughts about her boss:
"Im getting so mad right now I hate my boss Jay I hope he dies better yet I feel like killin him if you in a bad mood don't take it out on everyone at the job like wtf its way to hot to take your (expletive)-_- #(expletive) off"
about 5 days ago, no people like this, posted from Mobile
A lot of people captured on this site like to brag about their hangovers, and as annoying as that can be, I think it's better than trashing your boss. But really, Lukey D, I think you might have a deeper problem going on:
"(expletive) it, im hungover again so im going to buy some shoes. and probably drink a lot more."
about 12 minutes ago, no people like this, posted from web
More from the "about" page:
These people probably wouldn't want this info publishing, would they?
Probably not to be fair, but it was their choice, or lack of, with regards to their account privacy settings. People have lost their jobs in the past due to some of the posts they put on Facebook, so maybe this demonstrates why. Efforts have been made to remove any personal data from the results, such as the actual phone numbers, surnames, etc. The data is still easily accessible from the API, the filters have been put in place to protect the site from legal issues.
What is the lesson to be learned?
Just make sure your Facebook privacy settings are sufficient, for example don't publish status updates containing potentially risky material as 'Public' because then they have a good chance of showing up in the public Graph API. You don't even need an access token to get this info, but the problem is not with Facebook themselves, when used correctly, their privacy controls are very good. The problem is how people simply don't understand the risks of sharing everything.
How do I make sure that I don't end up on here?
Just go to https://www.facebook.com/settings/?tab=privacy and make sure Control Your Default Privacy is not set to "Public". You can set it to "Friends" but for the best privacy it is recommended you choose "Custom" and go through each option to choose who can see what.
Where did the idea come from?
The idea came from Tom Scott's I Know What You Did Five Minutes Ago video. It demonstrates some very important points that consider the future of social networking and it's impacts on a connected society. As Tom stated in the video, Twitter's privacy control is binary however with Facebook it is a different story, their privacy controls are very effective when used correctly.
I hope a few people learn the intended lesson from this experiment. But they probably won't.
Thanks to cloud computing, your business data is everywhere and being accessed by everyone. Making the wrong decision to protect your data can result in high costs, increased risk and executive exposure. View this live webinar on cloud security and the evolving data center, and learn why a data-centric approach to security is the best bet for today's virtual environment.