Thursday, July 29, 2010

100m Facebook users' data listed

The news this week that “personal” information of 100m people, 20% of Facebook’s users, has been made available in a downloadable file on the Internet is interesting, but not surprising.
  1. Facebook is correct in responding that all of the information (Name, Username and URL) is already visible to Google and other search engines, as well as other Facebook users; and users have some degree of control over their privacy to make that information no longer public.
  2. However, the media hype and scare-mongering is part of a growing privacy concern with web-based applications as fears of data mining activities becomes more widespread.

What could go wrong? User names and profile page URLs are available in the download, so by following them personal information (address, birth date, phone numbers, etc.) can be viewed. Along with a list of their online friends. And their picture. What's more, friends of all those users that have opted to keep their information private - can now be found by clicking through the profiles on the list. And, statistically, it is likely that up to 10% (10k users) have an insecure password that is some variant of their name and/or date of birth etc so this list gives opportunity for great damage.

Social networking really took off in the public domain and now is being used by forward-thinking companies, but still lagging the leadership of the private sector. Once again the private sectore leads: expect privacy calls and an anti-web reaction to increase.

For more on this see this blog post. It's one reason why I recently committed Facebook suicide!