Over the Easter weekend, it was reported that the data from around 533 million Facebook accounts had been posted on a forum used by hackers and cybercriminals and was available for purchase.
This publication published a column in which (amongst other aspects) it was pointed out that Facebook released a statement regarding this event, which many FB users could probably take issue with. Here it is again:
“This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019.”
A couple of days after the article was published, a PR firm representing Facebook reached out to Stuff and provided a link to a post on the social media company’s Newsroom that purported to explain the situation. It was titled “The Facts on News Reports About Facebook Data”.
Stuff duly updated our story and provided our readers with a link to the post.
And then we read it.
‘Scraping’ from Facebook
The piece points out that the parties who obtained the data, which is now for sale, didn’t do so by hacking into Facebook’s systems. They did it through a process described as ‘scraping’, using a feature – the contact importer – designed to help users connect on the platform that doesn’t violate any of FB’s terms and conditions.
“Scraping is a common tactic that often relies on automated software to lift public information from the internet that can end up being distributed in online forums like this. The methods used to obtain this data set were previously reported in 2019,” the post reads.
“This is another example of the ongoing, adversarial relationship technology companies have with fraudsters who intentionally break platform policies to scrape internet services.”
In other words we’re back to the days of Cambridge Analytica, where a FB user (or users) can use Facebook’s functionality to scrape data from myriad users without raising a red flag. Facebook says that the “specific issue that allowed [the parties that did so] to scrape this data in 2019 no longer exists”, and that the feature on the site that allowed them to do so – the contact importer – has been updated to prevent this in the future.
Facebook goes on to say:
“While we addressed the issue identified in 2019, it’s always good for everyone to make sure that their settings align with what they want to be sharing publicly. In this case, updating the “How People Find and Contact You” control could be helpful. We also recommend people do regular privacy checkups to make sure that their settings are in the right place, including who can see certain information on their profile and enabling two-factor authentication.”
In other words, if you don’t want something like this to happen again, the onus is on you, the users.
This is pretty cheeky, especially for a Silicon Valley behemoth. Think about it; in order to sign up to and use the platform, users have to agree to a phone directory’s worth of T&C’s that essentially gift Facebook access to a boatload of user data. Now, the company is essentially implying, at least to a degree, that safeguarding that data is the responsibility of its users.
Maybe Facebook has a point
This isn’t a first for social media. Major functionality (such as moderation) has always been left up to users. But the amount of data Facebook et al collect from their users has turned them into multi-billion dollar enterprises. Shouldn’t they take a bit more responsibility when it’s been proven in the past that their platforms can be gamed for nefarious purposes?
Maybe not. Maybe the onus does rest on us. Perhaps because social media is such a part of everyday life – running its tendrils through social, governmental, commercial and corporate communications – we’ve forgotten that the bargain we struck, was something we agreed to. It’s a very old saying, but it’s worth repeating: when the product is free, the product is you.
At best we should all take stock about what we share, how we share it and who is making money off it. At worst, we shouldn’t expect corporate entities to have our back.