Faceoff. Lessons from the Facebook Data Harvest

Facebook is hitting the news again in quite a few places for it’s supposed ‘hack’.   In case you haven’t heard, security consultant and long time programmer Ron Bowes effectively trolled Facebook, then cataloged and published the data of over keyboard 100 million Facebook users.  The data included names, addresses, and phone numbers.  While some are calling this a hack, it really is not.  Mr. Bowes merely gathered data that the users had already made public.  It was out there, he just gathered it, cataloged it, and distributed it.  We can debate about how ethical this was, but it really amounts to redistributing the white pages that are sitting in your desk drawer, only in this case the white pages weren’t for a small geographic region, it was Facebook users worldwide.  Only users that had allowed their addresses and phone numbers to be seen publicly were listed.   Names of course are essential to finding people on Facebook, so that’s kind of a given.  The point of this article is to make clear that you really have to consider everything you publish on the Internet to be public domain.  If you wouldn’t want to put it on a billboard on a busy interstate, then don’t put it on the Internet.  Sure, you can go into Facebook’s privacy settings and limit who gets your address or phone number, but you are only one mis-configured server away from having all of that information collected in a real hack.  The same goes for those very personal emails you thought were secure.  A poorly configured server, a server that was not properly patched, or an employee with an axe to grind can expose it all.  This is not an indictment of Facebook.  This goes for anywhere you store your data.  This includes your credit card numbers that are still stored by some online merchants, this includes your social security number that some websites require.  This includes everything.

No problem.  You’ll just go and delete those potentially embarrassing posts right?  Wrong.  Search engines cache pages.  That means they make a copy of that data that Facebook for instance, publishes and they keep a copy of it on their servers.   You may well delete the post from Facebook, but Google keeps it’s own copy, and you don’t own it.  In addition, you don’t know how many backups of that post Facebook has made or where they are kept.  The things a 16 year old says on Facebook now could well come back to haunt them down the road.  It’s all out there, and it’s all out there forever.  You need to be careful.

Photo by orangeacid/Flickr

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s