back to article Facebook admits: Apps were given users' permission to go into their inboxes

Facebook has admitted that some apps had access to users’ private messages, thanks to a policy that allowed devs to request mailbox permissions. The revelation came as current Facebook users found out whether they or their friends had used the "This Is Your Digital Life" app that allowed academic Aleksandr Kogan to collect …

  1. macjules

    Zuck gets another chance ..

    Pressed repeatedly by Democratic Senator Ed Markey to endorse a proposed law that would require companies to get people’s permission before sharing personal information, Zuckerberg agreed to further talks.

    Thank God they have GDPR legislation then. Oh wait ...

  2. Hans Neeson-Bumpsadese Silver badge

    What baffles me about the current Facebook news stories is the fact that people have been so oblivious to the fact that Facebook has been offering a service but never asked for a penny in return for using it.

    On offer is a website that allows you to connect with people and share information, and you can use it for free....and you never question how the service provider is covering their costs

    While you're using it, adverts appear which are quite closely matched to your personal interests....and you never suspect that your personal data might be being exploited for the advertisers' benefit.

    And now it's suddenly "Shock! Horror! Sensation! OMGWTFBBQ! Facebook has been reading my personal data?!?!"

    Are there really so many people so stupid not to question the business model behind this before sharing their data?

    (for the record, I do use FB myself (a small amount of personal use, but mostly for business). However, I have always been very careful about the level of detail I share and regularly review privacy settings on my account. When I requested my personal data history from FB last week, it was reassuringly light)

    1. fnusnu

      The outrage here is that people expected their messages to be secure (I know, I know, email isn't).

      Peronsally, I'm fine with anything I make public being shared.

      1. Tromos

        @fnusnu

        You might be fine with making your contacts list public and it being shared, but how about all the people listed on it? Or photographs - do you ask permission from everybody included in the picture before sharing? I have never used facebook, but I know from friends who do use it that my phone number, email address and several photographs that include me are there. When you add in the likes of Apple, Google and all the rest, I suspect that the number of people who have my contact details is mainly made up of people I don't know.

      2. TheMeerkat

        If you send a letter to someone (before computer existed), you could never guarantee that the other side was not going to share it contents.

        1. Anonymous Coward
          Anonymous Coward

          but there is now legislation protecting people from unauthorized digital data being shared without their consent - far more than previously existed before the Digital Age

      3. Kepler
        Boffin

        @fnusnu: “anything I make PUBLIC”

        Peronsally, I'm fine with anything I make public being shared.

        But of course, Facebook Messages are NOT made public!

        While one assumes they may be available to Facebook itself, and to law enforcement agencies that obtain a suitable warrant first, they are otherwise supposed to be between sender and recipient.

        They are not like posts or comments made on a friend’s Timeline!

      4. Anonymous Coward
        Anonymous Coward

        So how thick are you, on a scale from 1 to 5, with 5 being exceptionally?

    2. Aristotles slow and dimwitted horse

      RE: Are there really so many people so stupid...

      "Are there really so many people so stupid not to question the business model behind this before sharing their data?"

      Ummm, yes - I agree there maybe some (ok, a lot of) stupid people, and a lot of people who just don't care as long as they can get their fix of whatever Facebook is shilling to them. But I also don't think it's fair to blanket everyone as "stupid" when you consider that I've not used Facebook since 2010 or so, and have never used Twitter, Instagram or any other of these services but still reckon FB has a lot of data about me that it has harvested through other means. There is not a lot anyone can do about that I don't think - other than refuse to use the internet full stop.

      I also think it's fair to say that most people who read and comment on publications such as El Reg are a lot more savvy about this sort of stuff, and I'd also like to think that most of us also cogniscent about our privacy and how to take control of it.

      I've spoken to intelligent friends and colleagues who find it odd and a bit weird that I don't use FB or any of these apps due to personal privacy concerns. It makes me feel that I'm the one with something to hide (which I don't). Again... so I conclude that the majority of people just don't care.

      1. Anonymous Coward
        Anonymous Coward

        Expectations

        I'm a cynical curmudgeon. I fully expected that my "private" chat messages would be screenshotted by my "friends" in the conversation, overseen by Facebook employees and hackers, and archived by my buddies at the NSA.

        Never, not in my wildest dystopian nightmares, did I ever dream that 3rd-party "apps" used by my dumbass "friends" could download all my chat conversations with them.

        1. tom dial Silver badge

          Re: Expectations

          If you assume that so-called "friends" would be able to spread your Facebook messages, what earthly reason justifies an assumption that third party apps those friends use would not have access to them as well?

          I always assumed that anything I put on Facebook was beyond my control and immediately and widely available. Accordingly, I put very little there.

      2. doublelayer Silver badge

        Re: RE: Are there really so many people so stupid...

        There are many people that are so stupid. Those people may never be won back. However, there are people who are less stupid--they still used facebook and gave it information with the knowledge that facebook would be reading it to give them ads. They assumed this data would be stored, perhaps against their will, in order to allow facebook to tailor ads and other data to them. Those people were operating under the assumption, now known to be incorrect, that their data wasn't on offer to just about anybody. The news is not that facebook reads a ton of information about people; that's been known for years. The news is how they have chosen to give that data to anyone who asks, without having any controls giving their users any privacy from third parties or making sure said third parties are not evil. I choose to avoid this by never having anything to do with facebook, but it is relatively reasonable of their users to assume that facebook wasn't willingly leaking data to people just so long as those people said "please may I have all that data".

        1. Missing Semicolon Silver badge
          WTF?

          Re: RE: Are there really so many people so stupid...

          I keep on coming up against "but I don't mind! There's nothing important there".

          Even though their accounts are stuffed with pictures, messages, and their browser is busy profiling them for FB.

          People look at me strange for not installing WhatsApp.

      3. Tikimon
        Facepalm

        Re: RE: Are there really so many people so stupid...

        NONE of them are stupid. Business models of not directly charging for the service has been used for decades for many different products. None of them spied on you and sold your personal life to strangers for profit. Television (in the US) was a good example of such an ad-supported product. Note that many people were happy to pay for cable service to get rid of the ads.

        It is NOT obvious that "free"" equals "spying and privacy violation". That's a fairly new trick to play on consumers and carefully not talked about in sales pitches. It's also NOT the only way to pay for free services. That's the line repeated by the snoopers to justify themselves but it's a total lie.

        1. Ole Juul

          Re: RE: Are there really so many people so stupid...

          "It is NOT obvious that "free"" equals "spying and privacy violation". "

          I agree it's not "obvious" but it has been common knowledge for a long time because there have been very many prominent and knowledgeable people and organisations who have been warning us about it. Anyone who has any interest in how the internet affects them would have heard the warnings. It has been their choice to ignore this information.

        2. fortinbras

          Re: RE: Are there really so many people so stupid...

          Agreed. unfortunately it's a sad fact of life that once a database of 'useful' information exists, people will use and abuse it either for money or to look good in their jobs e.g. a police database.

      4. The Dogs Meevonks Silver badge

        Re: RE: Are there really so many people so stupid...

        I wouldn't call any of those people who ignored anything to do with their privacy 'stupid' as others have done. But when those same people who have been warned and made fully aware about the dangers... ignore it all and carry on blindly... they're not stupid... they are simply wilfully ignorant.

      5. Mark 85

        Re: RE: Are there really so many people so stupid...

        I've spoken to intelligent friends and colleagues who find it odd and a bit weird that I don't use FB or any of these apps due to personal privacy concerns.

        They might be intelligent but they are prey to "herd thinking". The old "if everyone is doing it, it's ok." thing. Funny that many of us in IT don't use it and personally, I don't know of anyone who works outside of the IT who doesn't use it.

      6. anonymous boring coward Silver badge

        Re: RE: Are there really so many people so stupid...

        "I've spoken to intelligent friends and colleagues who find it odd and a bit weird that I don't use FB"

        They aren't as intelligent as they think, or you think they are, then.

        Slightly thick, or "dumb fucks", as The Great Zucker would have put it, in fact.

    3. The Nazz

      re are people so stupid?

      http://www.bbc.co.uk/news/business-43697133

      The woman in this article isn't stupid. She has a leading role in IT matters and appears intelligent enough.

      Yet she now worries about what access to her personal data her 600 Apps have had?

      And who, may i ask, installed the vast majority of them, bar those supplied with the phone? Wtf does anyone actually want 600 apps for? Why does anyone need more than a handful in any event?

      1. Mark 85

        Re: re are people so stupid?

        And who, may i ask, installed the vast majority of them, bar those supplied with the phone? Wtf does anyone actually want 600 apps for?

        There must be some weird setting somewhere... my wife keeps getting apps without ever using her phone. She'll set it down for a few days and suddenly finds apps installed. WTF???? I'm trying to talk her into a "dumb" phone or (god-forbid) and Apple phone as her friends with Apples never get hit with this or maybe they just don't notice it.

    4. Paul 195

      > What baffles me about the current Facebook news stories is the fact that people have been so oblivious to the fact that Facebook has been offering a service but never asked for a penny in return for using it.

      I dunno. People probably thought something along the lines of "ITV, ABC, C4 etc have run huge TV organisations for years by selling a few adverts, so Facebook are selling adverts, so what?"

      And indeed, most people wouldn't have had a problem with that, or even with some targeting based on their profiles. What people are belatedly angry about is that their data was treated in such cavalier fashion and handed over to more or less anyone who asked for it.

      GDPR can't come soon enough; a fine of 4% of global revenue for such wilful GDPR breaches would be enough to make even Facebook reconsider the way it does things. It's a shame that the UK will be leaving such protections behind in a year's time.

      1. Nathan11

        Irrespective of whether we leave the EU, the UK will still adopt the GDPR, so those protections will not be lost.

        1. Kepler
          Headmaster

          @Nathan11

          Irrespective of whether we leave the EU, the UK will still adopt the GDPR, so those protections will not be lost.

          God bless you, Nathan!

          I up-voted you just now just for using “irrespective” correctly, and not writing “irregardless”. That’s how low my expectations have fallen in recent years.

          (Not that I’ve ever heard or seen anyone use “irrespective” incorrectly. But you know what I mean!)

      2. Skyeman

        @ Paul 195

        We are not leaving behind the protection that GDPR affords. GDPR is embedded in the Data Protection Bill which will become the Data Protection Act 2018 next month and is independent of Brexit. It has some other unpleasant stuff in there but it does at least adopt GDPR. Post-Brexit, the UK still needs to be a trusted place to share and process data, unlike the paper-thin self-assessed so-called "Privacy Shield" in the US. Facebook state compliance with the Privacy Shield, which helps us to understand how robust it is.

    5. BillG
      Facepalm

      RE: Are there really so many people so stupid..

      Are there really so many people so stupid not to question the business model behind this before sharing their data?

      Yes.

      I lurk on Twitter for a hashtag for a popular sci-fi show M-F. Fairly active conversation. There is one dodgy Twitter account, with about 1000 (purchased?) followers but only following 30 people, posts using emotionally manipulative language. Let's understand something right off - if you tweet directly to this account, your account gets suspended. Except if you have a verified account (dumb enough to give your phone number) if you tweet directly to this person you get shadowbanned or locked out of your account. This is consistent and predictable.This is open and obvious and everyone admits it's happening.

      So what happens? People tweet directly to this person! And get suspended/shadowbanned/locked-out! Then complain later, then when their account gets restored THEY TWEET THEM AGAIN!!!! AND THEY GET SUSPENDED/SHADOWBANNED AGAIN!

      When their account gets restored THEY TWEET THEM AGAIN!!!! AND THEY GET SUSPENDED/SHADOWBANNED AGAIN!

      When you confront them they reply oh, this is such a nice elderly woman ('cause their profile says so?) and I'm going to tweet them. AND THEY GET SUSPENDED/SHADOWBANNED AGAIN! So they create a new account and the same thing happens. Again and again and again. They admit it happens, then they do it again.

      The kicker is they are surprised each and every time they are suspended/shadowbanned/locked-out. This stupidity just blows me away.

      The conclusion I've drawn is that the majority of people on social media are dysfunctional when it comes to cause/effect.

      Yes, there are so many people that are this stupid.

      Reminds me of an old saying, "You can fool some of the people all of the time, and all of the people some of the time, and from that you can make a pretty good living".

      1. TheMeerkat

        Re: RE: Are there really so many people so stupid..

        The question here - why people are banned based on who they tweet to?

    6. Clunking Fist

      But Trump!

      The outrage only exists because the story originally went along the lines of: CamAn "stole" your personal data and used it to trick folks into voting for that nasty Trump over that lovely Hillary.

      Now that it's becoming clear that the problem is much, much wider than CamAn, then it feels like a lot of people have cooled off and gone back to BAU. I.e. uploading tons of personal stuff to the interwebs.

      1. doublelayer Silver badge

        Re: But Trump!

        >The outrage only exists because the story originally went along the lines of: CamAn "stole" your personal data and used it to trick folks into voting for that nasty Trump over that lovely Hillary.

        No. I'll admit that many people do have that opinion, and they may be less happy about it given that Trump was the beneficiary, but my opinion on the justice of facebook's actions is not dependent on which politician used the methods I consider unfair to get into office. Had the roles been reversed, I would have disliked facebook equally as much. You may doubt this statement from me, but you need look no further than the countries whose elections were purportedly unaffected. Many users of facebook and governments are worried there as well, and it's not because of history. It is because of future possibilities and concerns about user privacy, both of which are important issues regardless of the occupant of the oval office.

    7. CrazyOldCatMan Silver badge

      Are there really so many people so stupid not to question the business model behind this before sharing their data?

      Yes. Just like there are lots of people that don't understand how much data Google can snarf from your Android phone.

    8. ibchristian

      ... in a word, yes.

    9. ibchristian
      WTF?

      Are there really so many people so stupid...

      ... in a word, yes.

      Didn't some of us see this coming 15-20 some-odd years ago? I seem to remember back in the days of 33.6kb modems and early iterations of Alexa that this was a hot topic of discussion... just sayin'

  3. Anonymous Coward
    Anonymous Coward

    And here comes another blatant lie...

    "Amid increased scrutiny, Facebook is trying to sell the idea that it’s sorry, that it has learned from its mistakes and that it is putting users first."

    Sounds very noble and self-reflecting indeed. There's just one small problem with that statement: Facebook is listed on the stock exchange. Ergo they have an obligation towards their stockholders, and those generally care about one thing: revenue, aka money. So how are you going to put non-paying users first if the companies obligation is to secure its revenue?

    It's the one aspect which I believe everyone fully glosses over.

    Heck: this even dates back to the moment they went onto the stock market. I'm a small player on said market, but my first question nonetheless was: how do they plan to justify their market value? Sure they were well known, but that doesn't mean jack shit when it comes to revenue nor your business strategy.

    And we all know how that fairytale ended...

    1. Anonymous Coward
      Anonymous Coward

      Re: And here comes another blatant lie...

      Fiduciary duty doesn't include breaking the law.

      We need a GDPR law.

      1. ecofeco Silver badge

        Re: And here comes another blatant lie...

        Fiduciary duty doesn't include breaking the law?

        Since when?

  4. Anonymous Coward
    Anonymous Coward

    Facebook account closed! So what happens in 2 weeks?

    Or whenever Facebook promises to delete the account permanently. Are all copies of sent PM's deleted from all of your friends accounts? Or do sent messages remain indefinitely, accessible to your friends forever... If anyone closed their account long ago and knows this please share....

    1. Aristotles slow and dimwitted horse

      Re: Facebook account closed, so what happens in 2 weeks?

      Ahhh, you've fallen for the old "yes, we'll delete your account permanently" ruse eh? How are they going to assure you that they have is a more pertinent question.

      They'll delete NOTHING.

    2. Andy Nugent

      Re: Facebook account closed! So what happens in 2 weeks?

      why should *you* deleting your account delete messages from *my* inbox?

      Would you expect the same with email, SMS, any other IM service?

      1. Anonymous Coward
        Anonymous Coward

        'Would you expect the same with email, SMS, any other IM service?'

        Had hoped for a feature like this. If the 'Facebook elite' can do it, why not the rest of us:

        https://www.androidpolice.com/2018/04/07/facebook-will-soon-allow-users-permanently-delete-messages-executives-caught/

        Once a user leaves Facebook permanently (whatever that means), do their old messages in their Friends Inboxes get archived / have a different appearance etc... Anyone know?

  5. Anonymous Coward
    Anonymous Coward

    'They'll delete NOTHING.'

    Don't disagree... However I'll settle for intent for now. As long as copies of messages are no longer accessible to friends etc. Afterwards we all must hope GDPR fines / US audits will compel Zuk to convert PM's to metadata.

  6. Anonymous Coward
    Anonymous Coward

    I'm more terrified of Facebook's 'own' profiling of PM's

    Internal Facebook staff comments about the practice here are scary:

    https://www.theverge.com/2016/5/19/11712804/facebook-private-message-scanning-privacy-lawsuit

  7. Anonymous Coward
    Anonymous Coward

    Zuck gets another chance to convince lawmakers and the public this afternoon

    No, lawmakers get a 2nd chance. They didn't push hard enough when Zuk claimed he didn't know how pervasive Facebook tracking really is. What a farce: Facebook boasts here about its cross-device and offline tracking:

    https://www.facebook.com/business/a/performance-marketing-strategies

    ---

    "Several critical questions for which you don't have answers: Whether Facebook can track users browsing activity even after the user has logged off of Facebook... Whether Facebook can track your activity across devices even when you aren't logged into Facebook..."

    https://www.youtube.com/watch?v=qAZiDRonYZI&t=2h42m0s

  8. Zog_but_not_the_first
    Boffin

    From this...

    And the slew of other articles on security breaches today I conclude that the Internet is well and truly fucked. It is, isn't it.

  9. Anonymous Coward
    Anonymous Coward

    I think were all being a bit hard on Zuckerberg, clearly the reason he wants all this data is to try and become human.

    1. Korev Silver badge
      Joke

      I don't think he'll be Turing human any time soon...

  10. Anonymous Coward
    Anonymous Coward

    Listening?

    I wonder if Zuck will correct the record re: accusations that the FB app listens to microphone 24/7. I'd never heard that one until some senator asked him yesterday, and he dismissed it as a conspiracy theory. So I looked into it. There are videos demonstrating it. You should be able to see for yourself if you know someone with the app on their phone and auto-updates off. Fun prank if it works.

    If it's true, I assume FB pushed out an update overnight to disable it. Or disabled it on the backend if they're smarter than I give them credit for.

    1. Anonymous Coward
      Anonymous Coward

      Re: Listening?

      "I wonder if Zuck will correct the record re: accusations that the FB app listens to microphone 24/7."

      It's true. Facebook/Messenger App uses non-public APIs of Android and iOS to access the microphone and is always listening. Use Google search to find reports from all over the world from the last about two years, even media outlets. And no, it's not as Zuckerberg tried to downplaying it, it's not that people search on Google those words. No it's words that are captured from audio (microphone) that Facebook apps slurps and analysis. And uses it to serve targeted ads and share that slurped data with three letter fingers and who ever we don't know.

  11. Anonymous Coward
    Anonymous Coward

    Ask and ye shall find (or not)

    Who's this Pallone chap, around 14:30 GMT:

    Pallone: "OK Zuck, my time is nearly up, a few simple yes or no questions...

    [some omitted for brevity]

    can you commit here to ensuring that Facebook's default settings

    will be changed to settings which maximise a users privacy" (ie opt in to sharing vs opt out of sharing)

    Zuck: "No".

    Chairman: "the representative for AnywhereButPallone will now adress the committee, before Zuck's share price goes through the floor".

    (not quite verbatim but...)

  12. Anonymous Coward
    Anonymous Coward

    Not actually a new idea..

    Google has been doing the whole inbox scanning for years too, without gaining explicit permission from the senders. That's why using Google for EU business was effectively a breach of privacy law - and thus probably why Google stopped doing this a while back (at least publicly, it's not like we have any way to verify this).

    1. JohnFen

      Re: Not actually a new idea..

      "Google has been doing the whole inbox scanning for years too, without gaining explicit permission from the senders."

      True, which is why I avoid sending email to gmail accounts if at all possible. But, to the best of my knowledge, even Google doesn't share the contents of the gmail accounts with other entities.

      1. Anonymous Coward
        Anonymous Coward

        Re: Not actually a new idea..

        to the best of my knowledge, even Google doesn't share the contents of the gmail accounts with other entities.

        Let's be real, Google is hardly likely to make that publicly known..

  13. JohnFen
    WTF?

    How does that make it better??

    "Facebook tried to downplay the significance of the eyebrow-raising revelation, saying it was at a time when mailboxes were “more of an inbox”"

    What the hell is Facebook thinking? In what world does being "more of an inbox" make it in any way better at all? I really don't understand why FB would think of this statement as a defense.

  14. Anonymous Coward
    Anonymous Coward

    Any developers in the house?

    I have a question that maybe an app developer may be able to answer...

    Given the vast number of apps that I've seen that contain the Graph API on dodgy third party app hosting sites know for modifying "legit" apps and repackaging them...

    Is it possible to bypass user approval to accept permissions automatically by altering either Facebook's API or another part of the mobiles system or within the modified app that contains Facebooks API?

    I have read several breakdowns on various malicious apps that abuse the Android Accessibilty functions to overlay on to other apps to trick users into accepting permissions they thought they were declining or more recently where malicious apps were using permissions from other apps installed and a plethora of other nefarious means to access users data.

    I also have a question about whether the Facebook Graph software stores user data locally to where a malicious app could access and export the Facebook data collected by a legitimate app.

    (I suppose I could look this stuff up myself on the Facebook Developer site but I would have to remove all the rules I set on my router that block all social media connections and spin up a VM that has a default HOSTS file that also allows access to Facebook's servers.)

    1. JohnFen

      Re: Any developers in the house?

      I'll take a stab at this as an Android developer.

      First, the answer to any such question that begins with "is it possible" is most likely yes. The real question is how hard is it to subvert the security measures.

      The way that Android permissions works is that it should not be possible to bypass the permissions the user sets. However, there are sometime multiple paths to get to the same data (your example of the Accessibility permissions is a good one), so users can be in a situation where they've denied permissions for one thing, but allowed a different permission that unknowingly allows access to the same data they intended to deny.

      The Android permissions system is a bit of a mess in multiple ways. Carefully used, it is effective, but there are some gotchas in there that are easily stepped into by ordinary users. Also, the permissions are still too coarse -- you may want to allow an app a specific sort of access, but the app must be granted much broader permissions than just that in order to allow it the narrow access you want.

      My general recommendation (this is what I do on my own devices) is to use a firewall to prevent apps from talking to the network at all by default, then whitelist the specific ones that you really need to be able to communicate. That way, errors in permissions-granting are less problematic. It doesn't matter if an app gets access to, say, your address book if that app can't transmit that data out of your phone.

      1. DropBear

        Re: Any developers in the house?

        Unfortunately in today's Network-Based Everything there is an alarming number of genuinely useful apps that are legitimately useless if you don't allow them network access. What then? And no offense, but which "firewalled" app is prevented from launching the system browser at the URL "http://www.shadysite.com/?ScrewNetworkPermissions=true&UsersPhoneNumber=123456"...?

        1. JohnFen

          Re: Any developers in the house?

          " there is an alarming number of genuinely useful apps that are legitimately useless if you don't allow them network access. What then?"

          If it's an app the requires network access to perform its intended function, then you have to decide for yourself if the utility you get from it is worth the security risk.

          If it requires network access just because, then either find a different app that doesn't (it probably exists), don't use it at all, or decide it's worth the security risk. Although in that case, you have an advantage in that you know for certain that it's an app that spies on you.

          Plus, you always have the option of just not using an app, no matter how useful it may be. Personally, an app the spies on my is useless to me no matter what it does.

          "which "firewalled" app is prevented from launching the system browser at the URL "http://www.shadysite.com/?ScrewNetworkPermissions=true&UsersPhoneNumber=123456"...?"

          None, of course, but there are ways of handling that, too. For instance, you can firewall your browsers off and only whitelist them temporarily when you actually intend to use them.

          In the end, this is the same old security tradeoff -- security and convenience. How much of each is right for you is a call only you can make. But you can't really have both.

  15. Anonymous Coward
    Anonymous Coward

    Who is protecting us from Facebook?

    Also Facebook hidden pixel tracking and shadow profiles - how can we get Facebook to delete that data? Who protects us from propaganda served by Facebook, and semi-random censorship of general public to manipulate public votings?

    When will Mark Zuckerberg gets his well deserved jail time for constantly lying for 15 years, is dozen apologies albeit doing nothing, his salami-tactics doing two steps forward and backing off a little bit to silence any backslash, and repeat 1000 times - all starting with his FaceMash site and TheFacebook in 2003/2004.

    Mark Zuckerberg is abusing the freedom and smaller companies will have it very hard to create new websites because now regulations will have to put in place because of Zuckerbergs ill-fated illegal wrong-doings. It will hurt the whole tech sector. The whole concept of social media is considered "burned" nowadays, "thanks to" Facebook. Facebook needs to be broken up into individual companies (WhatsApp, Instagram, Messenger, Facebook, ...) and Zuck should face legal concerns and proper jail time.

  16. J.G.Harston Silver badge

    This sounds too much like "if we allow people to remove a file's 'not deletable' attribute, people may delete the file!!!11!!!!"

  17. Anonymous Coward
    Anonymous Coward

    It is much worse than people think

    A long time ago I managed a Facebook app for one of my businesses. The app let FB users send adult novelty product pictures in a private message card with a message written by the sender. The idea was simple: let people flirt using catalogue images and include a product link with each image. Similar to the way the greeting card apps work. Where do you think those flirtatious messages were stored?

    I purchased the app framework, fixed bugs in it and customized it to my needs. The app software was stored on my web server and the app tracked usage and logged user messages in a database on my web server. I should have realised the messages would be stored in the database along with other data but I didn't fully realise this until I checked the database after the app had been live for year or so.

    People are worried that Facebook shares data with 3rd parties. How many realise that 3rd party apps store data sent through their apps on web servers controlled by those 3rd parties?

    It is one thing that Facebook stores Facebook user data and shares that data with 3rd parties. But that 3rd party app developers collect, control & store data from their apps from the get-go is an entirely different concern; a much bigger privacy issue.

    When I discovered all those enlightening messages I was surprised and immediately understood the privacy implications so deleted the app software from my server and deleted the database. I wouldn't bet on all app developers doing likewise.

    I didn't actually read the messages in my database; though they might be stored somewhere in my subconscious and might be responsible for a few of my more exotic dreams.

    My app used a now deprecated Facebook API. Maybe the situation has changed a little since then.

  18. Anonymous Coward
    Anonymous Coward

    What a bucket of turds!!

    I haven't laughed so much in years.

    Thanks Zuck.

  19. Kepler
    Facepalm

    “Was this information helpful?”

    Here is what Facebook told me:

    .

    “Based on our investigation, you don't appear to have logged into ‘This Is Your Digital Life’ with Facebook before we removed it from our platform in 2015.

    However, a friend of yours did log in.

    As a result, the following information was likely shared with ‘This Is Your Digital Life’:

    Your public profile, Page likes, birthday and current city . . . .”

    .

    (All emphasis added, bold and italic.)

    Then came the paragraph already quoted in the article, innocuously mentioning the breathtaking range of additional information of mine that may have been shared by one or more of my Facebook friends.

    As the article mentions, this Facebook page/tool tells users what categories of information might have been shared, but does not identify which specific items of information actually were.

    Nor does it identify who among my several-hundred Facebook friends actually gave “This Is Your Digital Life” permission to access my information.

    And then came the question in my subject line, “Was this information helpful?

    After checking “No”, being further asked “What went wrong?”, and then checking “Other”, I filled in the optional comment box as follows:

    .

    It’s not nearly enough. It doesn’t tell me precisely WHAT information of mine was shared without MY permission, and neither does it tell me WHICH (jackass) friend(s) of mine gave permission on my behalf to Cambridge Analytica and ‘This Is Your Digital Life’ to help themselves to MY personal information. I would like to know which thoughtful soul(s) to thank.

    And after what he/she/they did, I certainly don’t think you can claim that identifying him/her/them to me could in any way violate his/her/their privacy!

    So I would like to be told considerably more, and I think you owe it to me.

    1. Kepler
      Pint

      Re: “Was this information helpful?”

      Am I wrong to hold my unidentified Facebook friend(s) partly responsible as well, in addition to Facebook and Cambridge Analytica? For giving “This Is Your Digital Life” permission to access my information? (And that of all their other Facebook friends!)

      And to expect Facebook to identify the culprit(s) to me? Shouldn’t I at least be allowed to tease him/her/them just a bit for falling for this nonsense?

      If anyone thinks I am, on either count, please explain. I remain happy to consider any additional points I may have overlooked.

      (Such as how difficult Facebook and “This Is Your Digital Life” may have made it for prospective users of the latter to realize they were giving access to others’ information as well as their own.

      I presently view that as a potential reason not to be mad at my unnamed friends, but not as a sufficient excuse for Facebook to withhold their identities from me.)

      .

      P.S. At least it wasn’t FarmVille.

  20. anonymous boring coward Silver badge

    Facebook tried to downplay the significance of the eyebrow-raising revelation, saying it was at a time when mailboxes were “more of an inbox”

    Oh, that's alright then...

    Because an inbox doesn't contain all incoming email, including replies from your own emails. Hang on..

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like