Facebook Derangement Syndrome: Don't Blame Facebook For Company Scraping Public Info
from the it's-public-info dept
Earlier this month I talked a little bit about “Facebook Derangement Syndrome” in which the company, which has real and serious issues, is getting blamed for other stuff. It’s fun to take potshots at Facebook, and we can talk all we want about the actual problems Facebook has (specifically its half-hearted attempts at transparency and user control), but accusing the company of all sorts of things that are not actually a problem doesn’t help. It actually makes it that much harder to fix things.
The latest case in point. Zack Whittaker, who is one of the absolute best cybersecurity reporters out there, had a story up recently on ZDNet about a data mining firm called Localblox, that was pulling all sorts of info to create profiles on people… leaking 48 million profiles by failing to secure an Amazon S3 instance (like so many such Amazon AWS leaks, this one was spotted by Chris Vickery at Upgard, who seems to spot leaks from open S3 instances on weekly basis).
There is a story here and Whittaker’s coverage of it is good and thorough. But the story is in Localblox’s crap security (though the company has tried to claim that most of those profiles were fake and just for testing). However, many people are using the story… to attack Facebook. Digital Trends claims that this story is “the latest nightmare for Facebook.” Twitter users were out in force blaming Facebook.
But, if you look at the details, this is just Facebook Derangement Syndrome all over again. Localblox built up its data via a variety of means, but the Facebook data was apparently scraped. That is, it used its computers to scrape public information from Facebook accounts (and Twitter, LinkedIn, Zillow, elsewhere) and then combined that with other data, including voter rolls (public!) and other data brokers, to build more complete profiles. Now, it’s perfectly reasonable to point out that combining all of this data can raise some privacy issues — but, again, that’s a Localblox issue if there’s a real issue there, rather than a Facebook one.
And, this is clearly the kind of thing that Facebook actively tries to prevent. Remember, as we’ve covered, the company went on a legal crusade against another scraper company, Power.com, using the CFAA to effectively kill that company’s useful service.
Here’s why this kind of thing matters: if you blame Facebook for this kind of thing, then you actively encourage Facebook to go out of its way to block scraping or other efforts to free up user data. That means, it ends up giving Facebook more control over user data. Allowing scrapers of public info (again, the fact that this is public info is important) could actually limit Facebook’s powers, and enable other companies to pop up and make use of the data inside Facebook to build other (competing) services. The ability to scrape Facebook would allow third parties to build tools to give users more control over their Facebook accounts.
But when we look on scraping of public info as somehow a “breach” of Facebook (which, again, is separate from the messed up nature of Localblox leaking data itself), we’re pushing everyone towards a world where Facebook has more control, more dominance and less competition. And that should be the last thing that anyone (outside of Facebook) wants.
Filed Under: chris vickery, data collectors, facebook derangement syndrome, public info, scraping
Companies: facebook, localblox, upgard
Comments on “Facebook Derangement Syndrome: Don't Blame Facebook For Company Scraping Public Info”
While I agree with most of the post, if you look at the default privacy settings and FB account comes with you’ll notice that privacy is mostly opt in. It’s defaults are basically “show everything and share everything”. So while Facebook isn’t responsible for stuff you post publicly it could do a much better job to be clearer with its configurations. Ie: run the user through a configuration wizard explaining and asking input for each setting and making new stuff opt in.
Re: Re:
Part of the problem is that services like Facebook ask for more infomation that is really needed, and people favor convenience over privacy. Also they tend to fill in everything without thinking about risks and benefits.
Also,being all in one, Facebook makes it hard to keep public postings and stuff that should be limited to friends or family separate.
Re: Re:
“Facebook isn’t responsible for stuff you post publicly”
The problem with that argument is that Facebook has a history of widening their view of what is considered private. Data that was marked as private got automatically moved to public without any user interaction or consent. Or when they mechanically converted natural-language profile descriptions to advertiser friendly page likes. Through deception and psychological manipulation and UI/UX dark patterns, Facebook has made a mockery of informed consent, which is what user control depends on. With the personal information of over 2 billion Facebook’s responsibility can’t be written off so easily.
Re: Re: Re:
The corollary is, I am not responsible for stuff Facebook makes public.
Facebook DEFENSE Syndrome! -- It already has TOTAL control!
How could ANY measures that it takes against
scraping result in MORE?
And since FOR SCRAPING, then tell me how MORE companies having your info is good?
By the way, NO, I won’t be surprised if all this flap does is actually give Facebook and Google MORE control! Like the Snowden revelations, it’s just getting people accustomed to HOW MUCH these supra-national surveillance corporation ALREADY HAVE.
Re: Facebook DEFENSE Syndrome! -- It already has TOTAL control!
And, umm… FOSTA! Russians! Trump! Cable
monopolies! MPAA! RIAA! Copyright! Patents!
Just to give you kids more reasons to censor my comments. Have at it! — You’re welcome!
Re: Re: Facebook DEFENSE Syndrome! -- It already has TOTAL control!
(No one needs any more reasons for you)
Re: Re: Re: Facebook DEFENSE Syndrome! -- It already has TOTAL control!
^ This
Re: Re: Facebook DEFENSE Syndrome! -- It already has TOTAL control!
If you insist.
Re: Facebook DEFENSE Syndrome! -- It already has TOTAL control!
Calm down, there’s a much more complicated point here.
There’s a real horse and barn problem: once the data is public, it’s forever public, and there’s no real in-between. Once it goes on the internet for my “friends” to read, well, can I really expect them all not to go blabbing about my latest whatever??? Can I honestly expect any company not to be hacked?
Can I really expect my employer not to search those public records with my mortgage and all my traffic tickets and even more lurid details like my credit reports?
It’s not the way my current friends or employer operate, but now it easily could be.
Secrets are getting very hard to keep secret!
Scraping public data is, well, google and every search engine I can think of, and I just can’t see banning search engines! And once Facebook has the data, yes, I’d rather let Switter or something I have more trust in pull it off so I can easily go down the street.
Re: Re: Facebook DEFENSE Syndrome! -- It already has TOTAL control!
Protip:
Wanna keep a secret?
Do not put it on the web
Re: Re: Re: Facebook DEFENSE Syndrome! -- It already has TOTAL control!
^This. Always assume that thing you wanted kept secret among friends will be blabbed to the world and his dog.
a critic turned apologist
Every bad actor out there ends up getting blamed for additional things that are not their fault, and that includes most of the people, companies, government agencies, and monopolies that frequently have critical articles written about them, including right here on this site. Yet it’s rare to see any of Techdirt’s writers going out of their way to come to the defense of one of these ‘bad-guy’ entities, except when it’s Facebook and Zuckerberg.
Probably the only time I’ve ever gotten a rebuke from Mike Masnick in the comment section was when I criticised Zuckerberg (and I’ve said much worse things about most everyone else under the sun) so it’s always made me wonder why Mike Masnick has such a soft spot for Zuckerberg that practically no one else in his position ever gets blessed with.
— just an impression, and I hope I’m wrong.
Re: a critic turned apologist
If you could, point to the part of the article that’s defending FB beyond ‘this is something some other party is doing, so blaming FB is going after the wrong party’.
It’s not defending FB to argue that there are plenty of things they do engage in that are worthy of blame, so blaming them for things that they aren’t doing is a waste of time and even has the potential to give them even more power if they respond a certain way.
Re: a critic turned apologist
Wait … hold on.
All this time I was lead to believe that Mike liked Google, and now I find out it is actually Facebook???????
Always outta tha loop
“if you blame Facebook for this kind of thing, then you actively encourage Facebook to go out of its way to block scraping or other efforts to free up user data. “
That is some seriously tortured logic. Making user data publicly available without explicit authorization is not a feature, it’s a data breach.
Re: Re:
I guess that depends.
If you consider that a facebook customer might be a corporation HR dept looking for dirt on employees then maybe making everything available for a fee is actually a feature of their product – no?
And guess what … you have a FB account filled with data even if you did not create one.
Re: Re:
But that’s not what the quoted sentence is saying.
You’re talking about making private data public, which is obviously and unquestionably bad.
Mike is talking about scraping public data, in other words, stuff that people have already allowed the world to see (or have been tricked by FB into allowing, but that’s a different discussion). This can be argued as both bad and good, depending on where on the USA-Europe scale of privacy you stand on, but it is not a data breach.
Why is Facebook soliciting information on voting behavior and running voter turnout experiments?
Wouldn’t their risk department have flagged that this data can be used for election rigging years ago – and yet they are still running the program.
Facebook is an intolerable threat and needs to be hobbled ASAP. The “deranged” attacks are hardly suprising.
https://www.theguardian.com/technology/2018/apr/15/facebook-says-it-voter-button-is-good-for-turn-but-should-the-tech-giant-be-nudging-us-at-all
Everyone should be taught or remembered that pretty much everything they write/put on the Internet is available to anyone worldwide, even when they don’t want to share information/content with strangers, including (illegal) spies, criminals, etc.
Never had FB, Twit, Snap, insta or whatever. If you give up your data to them don’t biatch when it ends up in someones hand.
BTW I find it amusing to note that on a thread about data and facebook there are 4 Google scripts that are blocked by No Script.
Re: Re:
“If you give up your data to them don’t biatch when it ends up in someones hand.”
Well, that would be fine and dandy if they did not scrap together a profile for you even though you have not created an account.
Can’t blame someone for things they did not actually do … but many still try.