Category Archives: Facebook

Facebook Banned “Dangerous Individuals and Organizations”



Several websites have reported that Facebook has banned a group of people who have broken the company’s Community Standards. More specifically, those recently banned have broken the “Dangerous Individuals and Organizations” portion of Facebook’s and Instagram’s Community Standards.

The “Dangerous Individuals and Organizations” policy states: “In an effort to prevent and disrupt real-world harm, we do not allow any organizations or individuals that proclaim a violent mission or are engaged in violence, from having a presence on Facebook. This includes organizations or individuals involved in the following: terrorist activity, organized hate, mass or serial murder, human trafficking, organized violence or criminal activity.

The policy also says: “We also remove content that expresses support or praise for groups, leaders, or individuals involved in these activities.”

Buzzfeed News got a statement from a Facebook spokesperson who said: “We’ve always banned individuals or organizations that promote or engage in violence and hate, regardless of ideology. The process for evaluating potential violators is extensive and it is what led us to our decision to remove these accounts today.”

BuzzFeed News reported that the ban will affect both Facebook and Instagram.

Here is a list of those who have been banned: Milo Yiannopoulos, Alex Jones (and his Infowars site), Laura Loomer, Louis Farrakhan, Paul Joseph Watson, and Paul Nehlen. Some of the people who were banned from Facebook and Instagram have been previously banned from other platforms. I’ll leave you to read the BuzzFeed News article if you would like more details.

The First Amendment of the U.S. Constitution says: “Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.”

Facebook (and Instagram) are not part of Congress. They are private companies.


Facebook Says “The Future is Private”



At F8 2019, Mark Zuckerberg and other Facebook executives repeated a version of the phrase “the future is private”. Personally, that particular phrase is not one I would expect to hear from Facebook, given their multitude of privacy issues that somehow seem to keep happening.

Facebook Newsroom has information about some upcoming “privacy-focused” changes to Facebook’s products.

Mark Zuckerberg opened the two-day event with a keynote on how we’re building a more privacy-focused social platform – giving people spaces where they can express themselves freely and feel connected to the people and communities that matter most. He shared how this is a fundamental shift in how we build products and run our company.

Here are some key points:

Messenger will have a “dedicated space where you can discover Stories and messages with your closest friends and family.” Users will be able to choose exactly who sees what they post. This sounds good!

Messenger will also have something that makes “it even easier for businesses to connect with potential customers by adding lead generation templates to Ad Manager.” It will allow business to make ads with a “simple Q&A” that allows the business to learn more about their customers. This does not sound like it is privacy-focused.

WhatsApp is getting a Business Catalog that allows users to chat with businesses and for businesses to showcase their goods. This doesn’t sound privacy-focused.

Facebook is putting Groups first by making it easier for people to find Groups and participate in them. Some of the other changes sound to me like Facebook wants to make Groups more like what Discord already offers. If I remember correctly, there were some politically motivated shenanigans happening in Groups before the 2016 election. I expect the updated Groups will be manipulated the same way.

Facebook Dating is going to have a feature called “Secret Crush”. Users can add up to nine friends that they want to express interest in. Those friends will get a notification saying someone has a crush on them. If a user’s crush adds them to their Secret Crush list – they make a match and it appears both will be notified of that. Is this really privacy-focused if Facebook still has all the data? What if that leaks?

Instagram is getting features that appear to be primarily designed to make it easier for creators to sell products to other Instagram users. Not sure why this is considered privacy-focused by Facebook. To me, this sounds like its more about sales than privacy.

Fancy new features can make Facebook’s products more interesting (at least, for a little while). But, it’s one thing to say that the company will be privacy-focused, and quite another to actually take actions that truly do improve the privacy of users – and their data. Will Facebook make significant, meaningful, changes? Or is this just a bunch of hype?


Regulators are Investigating Facebook’s Privacy Practices



Regulators, from several countries, are investigating Facebook’s privacy practices. This comes after Facebook has done numerous sketchy things with user’s personal information, passwords, and data. It seems to me that at least one of these investigations will result in meaningful consequences and/or penalties for Facebook.

In the United States, New York Attorney General Letitia James announced an investigation into Facebook’s unauthorized collection of 1.5 million Facebook users’ email contact databases.

“It is time Facebook is held accountable for how it handles consumers’ personal information,” said Attorney General Letitia James. “Facebook has repeatedly demonstrated a lack of respect for consumers’ information while at the same time profiting from mining that data. Facebook’s announcement that it harvested 1.5 million users’ email address books, potentially gaining access to contact information for hundreds of millions of individual consumers without their knowledge, is the latest demonstration that Facebook does not take seriously its role in protecting personal information.”

Ireland’s Data Protection Commission has commenced a statutory inquiry in relation to Facebook’s storing of the passwords of hundreds of millions of Facebook, Facebook Lite and Instagram users in plain text on Facebook’s internal servers. The inquiry will determine whether Facebook has complied with its obligations under relevant provisions of the GDPR.

The Office of the Privacy Commissioner of Canada did a joint investigation of Facebook with the Information and Privacy Commissioner for British Columbia. It focused on the TYDL App. (“thisisyourdigitallife). A summary of the investigation found:

  • Facebook failed to obtain valid and meaningful consent of installing users.
  • Facebook also failed to obtain meaningful consent from friends of installing users.
  • Facebook had inadequate safeguards to protect user information.
  • Facebook failed to be accountable for user information under its control.

In February of 2019, Germany’s Bundeskartellmant prohibited Facebook from combining user data from different sources. Also in February, the House of Commons Digital, Media, and Sport Committee in the UK released a report in which it called Facebook “digital gangsters”. The Committee concluded that Facebook broke privacy and competition law and should be subject to statutory regulation.


Facebook Stored Millions of Unencrypted Instagram Passwords



In March of this year, as you may recall, Facebook announced that it stored hundreds of millions of user passwords in plain text. At the time, Facebook said it would notify “hundreds of millions of Facebook lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users” about this.

On April 18, 2019, Facebook made an update to their original Facebook Newsroom post titled “Keeping Passwords Secure” (which was originally posted on March 21, 2019).

Here is what was added:

Since this post was published, we discovered additional logs of Instagram passwords being stored in readable format. We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others. Our investigation determined that these stored passwords were not internally abused or improperly accessed.

Personally, I’m wondering just what is going on at Facebook (and Instagram) that is causing it to collect and store user’s passwords in plain text. That’s an obvious safety concern. The number of unencrypted Instagram passwords has jumped from tens of thousands to millions. It is disturbing that Facebook misreported that number.

Not all passwords were stored unencrypted, but millions of passwords were. Why is that happening? To me, it sounds like passwords are not automatically being stored in plain text. If that were the case, then all user’s passwords would have been stored unencrypted. Something, or someone, appears to be selecting certain passwords to store improperly.

Ironically, the original blog post (before Facebook added an update) recommends that users affected by this security issue change their passwords, and to pick strong and complex passwords. That is good advice in general, but I don’t think doing so will protect users from having their unencrypted passwords stored on Facebook’s and Instagram’s servers.


Facebook Uploaded 1.5 Million People’s Email Contacts Without Consent



It feels like we are hearing about Facebook doing nefarious things with people’s data at least once a week. The latest news comes from Business Insider which reported that Facebook harvested the email contacts of 1.5 million users without their knowledge or consent when they opened their accounts.

Business Insider has learned that since May 2016, the social networking company has collected the contact lists of 1.5 million users new to the social network. The Silicon Valley company says they were “unintentionally uploaded to Facebook,” and is now deleting them.

A security researcher noticed that Facebook was asking some users to enter their email passwords when they signed up for new accounts. This was supposedly to verify their identity. To be clear, Facebook wasn’t content with having a new user’s email address – it also wanted the password to that user’s email address.

Business Insider checked this out, and found that if you did enter an email password, a message popped up saying it was “importing” your contacts. Facebook did not ask user’s for permission to do that – it just went ahead and grabbed that information.

A Facebook spokesperson gave a statement to Business Insider. In it, Facebook claims that the contacts were not shared with anyone and that Facebook is now deleting them and notifying people whose contacts were imported. The statement does not say that Facebook is deleting the email passwords that it required new users to give them.

Personally, I find this disgusting. It seems like Facebook feels entitled to grab as much data as it can not only from its users – but also from people who are in the process of signing up for a Facebook account. When it gets caught doing this, it claims this was done “unintentionally.”

I find it hard to believe that someone unintentionally created something that would suck up people’s email contacts. I find it even harder to believe that the thing that sucks up contacts was unintentionally implemented as part of Facebook’s sign up process.


Facebook’s Watch Party is Popular with Pirates



Facebook created Watch Party as a way for people to watch videos on Facebook together in real time. It was intended to turn watching videos into a social activity. According to Business Insider, Watch Party is popular with pirates, who use it to run illegal movie marathons.

The intended purpose of Watch Party was to allow Facebook users to host a video-watching party with friends. Everyone involved can watch the video simultaneously and comment or react in real time to what they are watching together. People could use Watch Time to watch funny videos together, or to watch a video of a family member’s graduation together.

Business Insider found that pirates are using Watch Party in a way does not appear to be legal. Instead of hosting content that they own, or that is legally free to view, they are watching copyrighted content like movies and TV shows.

We found that illicit watch parties were a frequent occurrence on the social network, broadcasting a range of media, from relatively recent hits like “Her” to cinematic classics like “Mean Girls” and vintage TV shows like the original “Twilight Zone”.

Business Insider noted that this type of copyright infringement has, in the past, been a solitary activity. Someone illegally downloads a movie and watches it by themselves. Watch Party enables pirates to gather together to watch an illegally downloaded movie.

Personally, I don’t think Facebook takes the time to really consider how a new feature could be used by nefarious people. They just launch something, assuming that everyone on Facebook will, of course, use the feature the way Facebook intended it to be used. This leaves Facebook scrambling to stop people from doing things like using Watch Party to watch pirated movies together.


Facebook Stored Hundreds of Millions of User Passwords in Plain Text



It seems that Facebook cannot prevent itself from causing security and privacy problems. According to KrebsOnSecurity, hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees.

A anonymous Facebook insider talked with Brian Krebs. The insider said Facebook is still trying to determine how many passwords were exposed, and for how long. So far, the investigation has uncovered archives with plain text user passwords dating back to 2012.

KrebsOnSecurity also spoke with Facebook software engineer Scott Renfro. He said that the issue first came to light in January of 2019 when security engineers reviewing some new code noticed passwords were being inadvertently logged in plain text.

Facebook sent a written statement to KrebsOnSecurity, in which Facebook said it intends to notify “hundreds of millions of Facebook lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users.”

Facebook posted information on Facebook Newsroom titled: “Keeping Passwords Secure”. In it, Facebook acknowledges that, during a routine security review in January, they found some user passwords were being stored in a readable format within their internal data storage systems. Facebook says these passwords were never visible to anyone outside of Facebook.

The information from Facebook describes how they protect people’s passwords, and provides some suggestions for securing your Facebook and Instagram accounts. Personally, considering all the security and privacy issues that Facebook has faced, the most secure thing to do would be to delete your Facebook account.