hngopher.com

       [HN Gopher] Facebook faces mass legal action over data leak
       ___________________________________________________________________
        
       Facebook faces mass legal action over data leak
        
       Author : LinuxBender
       Score  : 91 points
       Date   : 2021-04-16 20:52 UTC (1 hours ago)
        
 (HTM) web link (www.bbc.com)
 (TXT) w3m dump (www.bbc.com)
        
       | nmeofthestate wrote:
       | Facebook is saying the info was scraped, but I don't see my phone
       | number publicly visible anywhere on Facebook, yet it's found by
       | HIBP - any idea what they're referring to?
        
         | [deleted]
        
         | lolinder wrote:
         | I believe the data was scraped from the API endpoint that
         | allowed looking users up by their phone number--the bot just
         | ran every possible phone number and got back everyone who had
         | that feature enabled. They've locked that endpoint down, but
         | this is the fallout from that initial failure to rate limit.
        
           | jarenmf wrote:
           | One must be really dump to allow a bot to make hundreds of
           | millions of API requests and not noticing.
        
         | dkersten wrote:
         | I've always double checked that my phone number was listed as
         | private and yet they leaked that, so I don't buy their argument
         | that it was scraped.
         | 
         | I just double checked and its set to "only me", which is what
         | its always been. (I think I only added it because the app
         | wanted it, but its been years since I've used the app, so don't
         | remember)
        
       | joe_the_user wrote:
       | As I recall, the leak was essentially bots scraping data that FB
       | calls "public" but which it's terms of use say not to scrape.
       | 
       | The thing is, FB's protections are kind a fantasy to start with.
       | The idea you know your friend's information but your
       | friend's-friend's-friend's might work in real life but not on the
       | Internet. At the same time, this fantasy is what Facebook has
       | sold it's users (and I'd note that a look of FB user got online
       | first with FB and so take their real life beliefs to it).
       | 
       | One outcome of the suit might be for FB to say "you couldn't
       | expect real privacy from this anyway, how can we be liable" and
       | then the judge force to FB to label it's policy "privacy
       | protection _entertainment_ " in the way we got World Wrestling
       | Entertainment. And another option is for FB to pay off the suit
       | just to avoid that happening.
       | 
       | -- I remember FB saying "this wasn't a hack", which is
       | technically true. It's a manifestation of the porousness of FB's
       | model, which is worse, at least if you expect privacy from FB.
       | 
       | -- Finally, lots of people say "I hate FB for not giving us
       | privacy" where they mean the sort of pseudo-privacy around "only
       | friends know". Here, if you accept this concept of privacy, only
       | an entity like FB could give it to you, so cleaving to that
       | privacy policy strengthens FB even when it's hated. It's the
       | regulating social networks. If FB was a regulated monopoly,
       | they'd be absolutely "too big to fail".
        
       | pmarreck wrote:
       | Serves 'em right for building in PHP ;)
        
       | cortesoft wrote:
       | I wonder if anyone ever sued the phone companies for printing
       | phone books... they had the name and phone number for everyone!
        
         | [deleted]
        
         | mhh__ wrote:
         | Did they have my phone number?
         | 
         | Literally one click and I had a list of every UK Facebook users
         | public phone number, that's not a phone book.
        
         | CrazyCatDog wrote:
         | I'm fairly confident that we could all request not to be
         | listed. Perhaps a closer parallel is to ask if the phone
         | directories could be sued for publishing a number following an
         | opt-out request...
        
           | RHSeeger wrote:
           | You need to pay extra to not be listed.
        
           | xico wrote:
           | Only became free in 2003 in France, and the main telecom
           | company then was not happy, refused to tell how much money it
           | was gaining from selling the data previously, and asked for a
           | subscription increase in exchange.
        
       | CrazyCatDog wrote:
       | Ironically, Ireland might be the most capable nation of reigning
       | in big-tech given their preferred tax status and their subsequent
       | mind-blowing profits residing there beyond the reach of the US
       | feds--for now at least!
        
       | de6u99er wrote:
       | Well deserved.
        
         | akudha wrote:
         | It depends on the outcome. Companies get sued, sue each other
         | all the time. A company like FB probably has the best lawyers
         | money can buy, it is probably just business as usual for them
         | at this point.
         | 
         | I do hope something good (for users, not FB) comes out of it.
        
       | rmccue wrote:
       | If anyone else is looking for the link to said action, it appears
       | to be https://www.digitalrights.ie/facebook/
        
         | Rygian wrote:
         | Interestingly enough, this site is asking for my personal data
         | but not providing any sort of privacy policy to explain what
         | will be done with my personal data...
        
           | tyingq wrote:
           | https://www.digitalrights.ie/privacy-policy/
        
       ___________________________________________________________________
       (page generated 2021-04-16 22:00 UTC)