The privacy war rages on with Facebook. More and more is coming out about Facebook and its lack of privacy and security controls. Personal details from 170 million Facebook users were pulled from the website and collated into a downloadable torrent file last week. Yes, this data is public to everyone but it is still personal and the fact that someone has this capability is pretty scary.
A security researcher named Ron Bowes of Skull Security wrote a software program that was able to scan Facebook's database in its public directory of people's profiles. If a Facebook username and URL is available, Ron is able to view a variety of details such as their profile page, friends names, and other details. He claims that he is not able to obtain passwords this way or breach privacy settings; the information that he gathered is publicly available due to the settings the user chose. Bowes amazingly managed to pull 2.8 gigs of data from 171 million users out of the available 500 million users. He then created a torrent and made it available through other sites that include Pirate Bay ("the world's largest bittorrent tracker"). He even did his own analysis of this data and found the most common Facebook username is jsmith.
Users can completely opt out of this directory option but most tend to leave their name and other details as searchable. Bowes himself said the fact that he had this ability was scary but Facebook doesn't look at it that way. Facebook claims that this same information he pulled is available through search engines and acts the same as a white pages site so people are able to find each other. They reiterate the fact that users have the choice to control these settings so they don't appear when searched. But what Bowes did violated the terms of service in that data cannot be collected through "automated means." A good sign is that Facebook has been recently cracking down on users and applications that violate these terms but that isn't stopping Bowes from testing his limits and he may look into collecting users' photos (which wasn't possible this time around). Although Bowe doesn't seem to have a malicious use of this information and just appears to be testing the waters, someone may use these Facebook users' information in a bad way which would really violate their security. Anyone with programming and hacking knowledge may be able to take this a step further and gather more personal and sensitive information, sharing it with the world.
No comments:
Post a Comment