Facebook admits that its tools were miused on a massive global scale

From The Washington Post:

Facebook said Wednesday that “malicious actors” took advantage of search tools on its platform, making it possible for them to discover the identities and collect information on most of its 2 billion users worldwide.

The revelation came amid rising acknowledgement by Facebook about its struggles to control the data it gathers on users. Among the announcements Wednesday was that Cambridge Analytica, a political consultancy hired by President Trump and other Republicans, had improperly gathered detailed Facebook information on 87 million people, of whom 71 million were Americans.

But the abuse of Facebook’s search tools -- now disabled -- happened far more broadly and over the course of several years, with few Facebook users likely escaping the scam, company officials acknowledged.

The scam started when malicious hackers harvested email addresses and phone numbers on the so-called “Dark Web,” where criminals post information stolen from data breaches over the years. Then the hackers used automated computer programs to feed the numbers and addresses into Facebook’s “search” box, allowing them to discover the full names of people affiliated with the phone numbers or addresses, along with whatever Facebook profile information they chose to make public, often including their profile photos and hometown.

[...]

Facebook said in a blog post Wednesday, “Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped.”

Yes... they're talking about doxxing and identity theft on a massive scale.

This "very useful" search functionality was, naturally, enabled by default and deliberately difficult to disable -- after all, how else were you going to find people on Facebook to expand your network of data nodes? Facebook would also have been aware of the body of research which "has consistently shown that users of online platforms rarely adjust default privacy settings and often fail to understand what information they are sharing," facts which expect to feature prominently in several of the fourteen (and counting) class action lawsuits that have already been filed here.

Still, there's really no way around the simple realities here: 1) Facebook cannot and will not effectively police themselves; and 2) Facebook are unlikely to face new regulations in the U.S. anytime soon, unless Democrats manage to win veto-proof majorities in both the House and the Senate. That makes the question of whether Facebook will broadly implement privacy protections like those found in the GDPR, into an even more pressing one. It also means that meaningful change will have to come from outside the U.S.

Thankfully, that second thing seems to be happening.

Also from WaPo:

In Australia, a government watchdog organization, the Office of the Australian Information Commissioner, opened an investigation into Facebook’s practices, writing in a statement that it “will consider whether Facebook has breached the Privacy Act 1988 (Privacy Act).” [...] Meanwhile, in India, where more than a half-million users are estimated to be affected, the allegations have resulted in a governmental request to Facebook and Cambridge Analytica for more detailed information, with a Saturday deadline.

[...]

But Facebook’s acknowledgments in recent weeks have triggered particularly furious reactions in a privacy-conscious Europe that has long sought ways to rein in U.S. social media and tech giants. European Union regulators have always been much tougher on the tech companies than their U.S. counterparts, for instance forcing them to give users more control, imposing fines for noncompliance and requiring platforms to spot and delete illegal content. The latest revelations could serve as a pretext to toughen existing rules further and force social media companies to implement broader changes worldwide.

That’s why two countries included in Facebook's acknowledgment on Wednesday are likely to cause the social media company a particular headache: Britain and Germany.

German justice minister Katarina Barley already called for an E.U.-wide investigation into the misuse of Facebook's data by Cambridge Analytica and other companies on Thursday.

“Facebook has gambled away people's trust,” Barley said. “There have to be clear rules for social networks.”

One can only hope.


#DeleteFacebook
#FacebookIsTheProblem

The two linked WaPo passages above are from different articles, BTW, and both are worth reading, so please do click through to them.