Wednesday, July 28, 2010

Details of 100m Facebook users collected and published

By Daniel Emery | Technology reporter | BBC News

Personal details of 100 million Facebook users have been harvested and published on the net by a security consultant.

Ron Bowles used a piece of code to scan Facebook profiles, collecting data not hidden by the user's privacy settings.

The list, which has been shared as a downloadable file, contains the URL of every searchable Facebook user's profile, their name and unique ID.

Mr Bowles said he published the data to highlight privacy issues, but Facebook said it was already public information.

The file has spread rapidly across the net.



On the Pirate Bay, the world's biggest file-sharing website, the list was being distributed and downloaded by more than 1,000 users.

One user, going by the name of  lusifer69, described the list as "awesome and a little terrifying".

In a statement to BBC News, Facebook said that the information in the list was already freely available online.

"People who use Facebook own their information and have the right to share only what they want, with whom they want, and when they want," the statement read.

"In this case, information that people have agreed to make public was collected by a single researcher and already exists in Google, Bing, other search engines, as well as on Facebook.

"No private data is available or has been compromised," the statement added.

'Privacy confusion'
But Simon Davies from the watchdog Privacy International told BBC News that Facebook had been given ample warning that something like this would happen.

"Facebook should have anticipated this attack and put measures in place to prevent it," he said

"It is inconceivable that a firm with hundreds of engineers couldn't have imagined a trawl of this magnitude and there's an argument to be heard that Facebook have acted with negligence, he added.

Mr Davies said that the trawl of data fed into "the confusion of the privacy settings".

"People did not understand the privacy settings and this is the result," he said.


Facebook hit its 500m user in mid June 2010

Earlier this year there was a storm of protest from users of the site over the complexity of Facebook's privacy settings. As a result, the site rolled out simplified privacy controls.

Facebook has a default setting for privacy that makes some user information publicly available. People have to make a conscious choice to opt-out of the defaults.

"It is similar to the white pages of the phone book, this is the information available to enable people to find each other, which is the reason people join Facebook," said a spokesman for the firm.

"If someone does not want to be found, we also offer a number of controls to enable people not to appear in search on Facebook, in search engines, or share any information with applications."

But Mr Davies disagreed, saying the default settings should be changed.

"This highlights the argument for a higher level of privacy and proves the case for default nondisclosure," he said.

"There are going to be a lot of angry and concerned people right now who be wondering who has their data and what they should do."

However, Mr Davies pointed out that this was something of an "ethical attack" and that more personal information, such as email addresses, phone numbers and postal addresses had not been included in the trawl.

No comments:

Post a Comment