The Facts on News Reports About Facebook Data

This is like your bank saying it&#x27;s not their fault your money was stolen because someone took it away without permission. The point is that Facebook has a responsibility to keep the data you provide them secure. But the purpose of this press release is to make this responsibility seem either trivial or nonexistent.<p>You can show them that this responsibility is paramount. Stop giving them your data.

In the OP press release they say:<p>&gt; It is important to understand that malicious actors obtained this data not through hacking our systems but by scraping it from our platform prior to September 2019.<p>But if you click on the &quot;related post&quot; at the bottom of the page, &quot;Taking Legal Action Against Data Scraping&quot; (Oct 2020) [0], you&#x27;ll see this sentence:<p>&gt; Scraping is a form of data collection that relies on unauthorized automation for the purpose of extracting data from a website or app.<p>It would be interesting to hear Facebook PR team describe the difference between &quot;Hacking&quot; and &quot;Unauthorized Automation&quot;, and why apparently the latter is nothing to worry about now, but was sufficient to generate lawsuits in October.<p>[0] <a href="https:&#x2F;&#x2F;about.fb.com&#x2F;news&#x2F;2020&#x2F;10&#x2F;taking-legal-action-against-data-scraping&#x2F;" rel="nofollow">https:&#x2F;&#x2F;about.fb.com&#x2F;news&#x2F;2020&#x2F;10&#x2F;taking-legal-action-agains...</a>

Facebook is using doublespeak here.<p>&gt; It is important to understand that malicious actors obtained this data not through hacking our systems but by scraping it from our platform prior to September 2019.<p>.. a couple paragraphs later ::<p>&gt; We believe the data in question was scraped from people’s Facebook profiles by malicious actors using our contact importer prior to September 2019.<p>Gee, that sounds a lot like someone abused your contact importer tool to do something you didn&#x27;t intend for it to do. Which is also the definition of other &quot;hacks&quot;, like SQL injection

Don&#x27;t really want to defend Facebook, but the amount of cynicism and bad faith here is too much. This article should be welcome, it gives us more information on what happened. It clarifies that this was not some sort of database leak (which is much more damaging), but a API abuse that allowed bad actors to figure out people&#x27;s phone numbers. Overall article brings transparency to the situation, which is good.

I&#x27;m curious if the repeated negative press Facebook has received has impacted their hiring. Boots on ground perspectives appreciated, but I can share a data point of one: I&#x27;m a very average developer, and I get at least quarterly reach outs from Facebook-- a higher frequency than I&#x27;ve ever heard from any FANG (or any company in general). I used to get ads on the platform for FB Engineering jobs. After I deleted the app, I started getting ads in my LinkedIn feed for FB engineering. They might have a hefty recruiting budget, or there could be challenges. On the other hand, all the negative press might attract some candidates that disagree with the media.

&quot;Scraping data using features meant to help people violates our terms. We have teams across the company working to detect and stop these behaviors.&quot;<p>Hmm, that&#x27;s interesting. I read about a court case recently that seemed to say scraping was okay and also that companies shouldn&#x27;t work to prohibit scraping.<p><a href="https:&#x2F;&#x2F;parsers.me&#x2F;us-court-fully-legalized-website-scraping-and-technically-prohibited-it&#x2F;" rel="nofollow">https:&#x2F;&#x2F;parsers.me&#x2F;us-court-fully-legalized-website-scraping...</a>

Like when they used to show your name &amp; profile picture after a failed login with just an email and empty password. Aside from being another inadvertant information leak, it would have been tragic if that was part of an attempt to decrease the (deliberate) login failure rates.

The attitude that this company (and many others) has towards the data they collect from billions of people is stunning. They claim that there was nothing they could do, even when one of their tools was misused to gather phone numbers. They don&#x27;t take accountability for the fact that this likely already has and will continue to enable spammers and scammers to much more easily target their users. They refuse to send out notifications to affected users (which they should have done 2 years ago). We need legislation punishing companies for being negligent with the sensitive user data they collect or this shit is never going to end.

&gt; The information did not include financial information, health information or passwords.<p>As someone who has an account (begrudgingly for Messenger since you can&#x27;t solely use a phone number anymore) but doesn&#x27;t use it, can I just say:<p>Wait, what?! Since when does Facebook have health information!<p>I don&#x27;t know conceptually what portion of Facebook they&#x27;re referring to but that&#x27;s news to me.

&gt; &quot;We’re focused on protecting people’s data by working to get this data set taken down&quot;.<p>I am sorry but that ship has sailed. I have already received several spam messages at the unique email address I used only for Facebook login, so the data has been spread very wide at this point.

Somehow I couldn&#x27;t find one word I was looking for in this whole carefully-worded PR statement:<p>&quot;Sorry&quot;.

My phone number was removed and my account deleted when they say this hack happened. My phone number is in the leak. Doesn that mean that my phone number was in it because other people&#x27;s contacts were imported, or because they didn&#x27;t actually delete my info?

Deleting my Facebook account has been one of the most mentally liberating and satisfying decision I have made in the last year. I used a Chrome addon to totally delete every post and clear everything out too--why let them have anything even when I&#x27;m gone.

Why is the headline blaming the news reporting? That is idiotic and evil.

Facebook is amazing to me, no matter what the issue, the company responds in a weird PR speak dialect that evokes circa 1990 Phillip Morris. They have a weird voice.

I remember the pop ups to please add your phone number, you know, just for security! They promise to never show this to anyone... and then this happens.<p>It’s like a comedy.

I thought US Court of Appeals established that web scraping is legal?

&gt; The information did not include financial information, health information or passwords.<p>Cool, should we assume everything else Facebook has <i>was</i> included?

If you want your jaw to drop in regards to facebook disingenuousness regarding truth telling and the media, listen to the recent Lawfare podcast here:<p><a href="https:&#x2F;&#x2F;www.lawfareblog.com&#x2F;lawfare-podcast-tech-ceos-head-hill-again" rel="nofollow">https:&#x2F;&#x2F;www.lawfareblog.com&#x2F;lawfare-podcast-tech-ceos-head-h...</a><p>Go to 41:18 in and listen to the story regarding Facebook and NYU&#x27;s AdObserver project.<p>Facebook has no credibility.