Facebook employee reports widespread privacy abuses

By

Employees accessed user accounts with master password.

An anonymous Facebook employee has revealed that all user activity on the site is recorded and stored with as many as six copies of each photo retained.

In an interview on the therumpus.net, the employee answered a question about if everything is saved, whether or not it has been deleted or untagged. He said that was essentially correct, and it was only changing that for performance reasons.

The employee said: “How do you think we know who your best friends are? But that's public knowledge; we've explicitly stated that we record that. If you look in your type-ahead search, and you press ‘A', or just one letter, a list of your best friends shows up. It's no longer organised alphabetically, but by the person you interact with most, your ‘best friends', or at least those whom we have concluded you are best friends with.”

The employee admitted that the change was made "sometime in the last three months", but it stores snapshots, which is basically a picture of all the data on all of the Facebook servers. The employee said that this is done every hour, of every day of every week of every month.

When asked if this is every viewable screen, the employee said: “It is way more than that: it's every viewable screen, with all the data behind every screen. So when we store your photos, we have six versions of your photos. We don't store the original: we make six different versions on the photo uploader and upload those six versions.”

These are stored in four data centres around the world - in Santa Clara, San Francisco, New York and London. The employee said that in each of those, there are approximately five to eight thousand servers.

When asked about changing the policy of keeping all user information, the employee denied this, stating that they are never changing the policy as it still keeps all user information.

They said: “What I was referring to, is that if anything, we're going to start deleting more photos for performance reasons. We are the largest photo distributor in the world.”

The employee also revealed that there is a master password, that has now been removed, that did allow access to any user's profile. They said that it was a combination of "upper and lower case, symbols, numbers, all of the above, it spelled out ‘Chuck Norris', more or less".

They confirmed that this was ‘technically' accessible by any Facebook employee, but was limited to the original engineers who were the only people who knew about it and only available internally using the Facebook ISP.

Rumpus asked if Facebook employees ever abused the privilege of having universal access? The employee said: “I know it has happened in the past, because at least two people have been fired for it that I know of.”

When asked what they did, the employee said: “I know one of them went in and manipulated some other person's data, changed their religious views or something like that. I don't remember exactly what it was, but he got reported, got found out, got fired.”

The employee admitted to logging into user accounts for engineering reasons, but did use "it to view other people's profiles which I didn't have permission to visit. I never manipulated their data in any way; however, I did abuse the profile viewing permission at several initial points when I started at Facebook."

They also denied ever reading a user's messages, but said that as user messages are stored in a database, whether deleted or not, they can be looked at without ever logging into their account.

See original article on scmagazineus.com

Facebook employee reports widespread privacy abuses
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?