This entire issue comes off as one of those escalating affairs to me. First, it was the long drawn open letter by Mark Zuckerberg promising us that the privacy controls would be simpler lauded by most. However, in a few days’ time people realized that the apple had fallen quite far from the tree. Not only was your profile picture available to everyone around you, but the most private people found that searching for their profiles were open to friends of friends and could not be changed to only friends (this has been changed recently).
In response, Zuckerberg said in an interview that people have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people. A lot of long-time users were quite agitated about this issue and while some control was given back to the users, most were still prescribing to the be friendly to every Tom, Dick and Harry on Facebook! Make it viral! Spread the color of your bra to everyone!norm. (The last part, not really!)
So when a Facebook employee tells us that there is a master password that can be used to log in to any account and that in the past it has been misused, it comes off as disastrous.
The Rumpus interviewed the aforementioned unnamed Facebook employee who pointed out quite a few things that are stored on Facebook’s servers from the number of likesto the number and content of messages (the privateones) are all stored in the servers and are completely accessible to the engineers who drive the website:
Employee: We track everything. Every photo you view, every person you’re tagged with, every wall-post you make, and so forth.
More alarming is the fact that there was a master password (which, thankfully could only be accessed from the Facebook office’s computers, using their ISP). Here is the snippet of the conversation (emphasis added for effect):
Rumpus: You’ve previously mentioned a master password, which you no longer use.
Employee: I’m not sure when exactly it was deprecated, but we did have a master password at one point where you could type in any user’s user ID, and then the password. I’m not going to give you the exact password, but with upper and lower case, symbols, numbers, all of the above, it spelled out Chuck Norris,’ more or less. It was pretty fantastic.
Rumpus: This was accessible by any Facebook employee?
Employee: Technically, yes. But it was pretty much limited to the original engineers, who were basically the only people who knew about it. It wasn’t as if random people in Human Resources were using this password to log into profiles. It was made and designed for engineering reasons. But it was there, and any employee could find it if they knew where to look.
In fact, the cases of employees logging in to other peoples’ account became so frequent that the position of Chief Privacy Officer was invented, so to speak, to deal with the problem.
Rumpus: Are your managers really on your ass about it every time you log in as someone else?
Employee: No, but if it comes up, you’d better be able to justify it. Or you will be fired.
Rumpus: I would imagine they take thisâ€”
Employee: Pretty seriously. I don’t really f*** around, at all.
Rumpus: They invented a Chief Officer position for it, Chris Kelly, right?
Employee: Chief Privacy Officer Chris Kelly, correct. Running for Attorney General of California.
The rest of the interview is inherently fascinating as the employee talks about the massive amount of photos stored in the servers, easily calling Facebook the largest photo distributor in the worldand goes on about the engineers in employ as well as the bizarre and weird cases they had to field. Interesting indeed, but worrying too. If Facebook has an officer in chair to curb the amount of privacy abuse in their own offices, how much can we trust them when they change their ToS and privacy controls with misleading blog posts to account for?
This morning when I wanted to change my privacy settings with regard to search, I found this waiting for me:
My information is safe indeed. I think it is time I switched to a seriously privacy centric platform. Problem is, with its market penetration, slew of features and the inertia of existing users, I know I’ll be alone in the new socializing engine, if at all I do switch.