Mixed Feelings After My Conversation With Facebook.(updated)

Warning: According to Facebook you are not allowed to read this post, so beware.

Perhaps you know that a few days ago I bought information about 1 million FB users from a website for the meager amount of 5 US dollars.

Anyway, I received a strange message that FB wanted to talk to me – someone from a deprtment called “Policy” which in my opinion was an euphemism for “Police” and unfortuntely it turned out to be so.

Our conversation began exatly on the agreed minute and with the warning that it “is being recorded”. The part where they usually say that it is for the purpose of “improving the service” was spared.

They thanked me for what I have done but they also asked me that I did not share the information about our talk in my profile (?!?) and my blog.

“Now we would like you to send us this file, delete it, tell us if you have given a copy of it to someone, give us the website from which you bought it including all transactions with it and the payment system and remove a couple of things from your blog. Oh and by the way, you are not allowed to disclose any part of this conversation; it is a secret that we are even having this conversation”.

I agreed to send them the data and the website of course, for that was my purpose. I tried to ask what they would do next but they said it would be an internal legal investigation.

I asked if it was possible to tell what the problem was, after they finished the investigation, so that the users could protect themselves, but they they emphasized that it would be an internal investigation and they would not share any information with third parties. And they mentioned again that I must not tell about it to nobody, because…

The overall tone of the conversation was very imperative, it is Facebook after all.
Warning: According to Facebook you are not allowed to read this post, so beware.

(Update): No, Facebook, I don’t want my 5$ back, but I want something from (for) you.

141 thoughts on “Mixed Feelings After My Conversation With Facebook.(updated)

  1. Facebook needs to find the culprit application that leaked this information and punish them, not try to cover up this leak. The fact that they are investigating would be a positive but their apparent attempt to try to make this event disappear is a negative. Mixed feelings for sure.

    1. No… once you put all of your personal info on facebook, a social network, along with pics of you puking in your friends bathtub with your pants down, you’ve already forfeited your rights to privacy. Get over it.

    2. You’re kidding right? Facebook is practically a massive data mining corporation, they don’t care about your personal information or privacy AT ALL! Get serious, never post anything even remotely important on facebook. They won’t ever delete your info from their data bases and who knows who they give the info to. The government, obviously, but who else?

    3. I think it should go beyond finding the culprit app; revise protocols, terms, restrictions and information application developers have access to.

      But yeah, I agree with you. having mixed feelings about this too. :|

  2. I agree … when sombody is in fail they should … must … take some measures … but come on – to delete your post because of your own fail is FAIL! big time

  3. You’ll be okay. That’s now how nondisclosure agreements work.

    You can’t just call someone up and tell them that they’re now legally bound by an NDA to keep the fact that you called them secret. They’re trying to scare you.

    By the way, now that you’ve read this comment, you are legally bound to keep it a secret.

    See how weird things would get if that’s how it worked?

  4. You would think they would be a little wiser about the laws of recording phone calls, and that you don’t need their permission to print the conversation. Good for you for being smarter than them, even if they are setting the bar low.

    1. They are being wise about the law: some states are “one party consent” where others are “two-party consent”. In a two party consent state, both (all) parties must agree to the recording otherwise it qualifies as the crime of wiretapping (this usually applies to in-person conversations where there is an “expectation of privacy”, often with exceptions for recording of public figures). The warning makes sure that the other party has the chance to consent to the recording (not hanging up).

  5. And irony is FF is doing fb integration within..got reasonable explanation of as it works like “uninstalled addon” and its done within to make it “one click” process…Still not sure why its still like this….

      1. Did you actually verify the server it was sent from? Email isn’t exactly the most trustworthy medium unless you’re using some kind of signing layer.

  6. Well, you include facebook.net here. Everyone who visits this site and does not block this request reveals his/her visit here to facebook.

  7. It’s not a leak. This information is in the public. Accounts that don’t set appropriate privacy settings are ripe for the picking. It’s a trivial task to have a bot scrape through these publicly accessible profiles and compile all the info into a handy spreadsheet.

    I have my doubts that the message was really from Facebook, it looks like it was written by 15 year old.

  8. How dare you do something such as share personal information without facebook’s express permission to do so! Have you no ethics?

  9. Had this been a Federal investigation, you might have cause for concern as a whistleblower. The real motivation behind contacting you might be to merely silence a leak about a normal data exchange procedure between FB and agencies investigating the transitory nature of potential enemies of state.

  10. I am over facebook. I have just deleted my account, and set up a fake account which i can use for sights which require me to have facebook.

  11. I wanted to post a link to this article on my Facebook wall to let others know about this. I didn’t do it because I’m afraid Facebook will delete my account if I do.

  12. I would like to see validation that the phone call and email you got was actually from Facebook (for example, did you verify the email headers hadn’t been spoofed?). Because lets face it, their initial correspondence message stinks of scam!

  13. Where they say, “it is a secret that we are even having this conversation,” reminds me of when I was a kid and I would hear a schoolyard secret. “Hey, Crow, Alex peed his pants today! But don’t tell anyone, it’s a secret that we’re even talking… Now go!”

    Fuck Facebook, this is hilarious and their threats are laughable.

  14. Lol! Very funny exchange with fb. I wonder what their reaction would be if you had told them you had all 1 billion users details that tou had purchased for £10 ? I really think they would have sent around a hitman with a blue shirt (and no like button).
    If you did have thatany details what mischief could you get up to? Pictures of your backside emailed to everyone subject: zuckerberg drunk photos

  15. I’ll give you $3.50 for the list. It’ll still have been a better investment than if you had bought $5 worth of Facebook stock at its IPO.

  16. I don’t know why everyone freaked so much on this. You can find any username – full name and email address of most users in Facebook. Depending on the profile’s privacy..

  17. Why are you even dealing with these losers? Just delete your account already. I haven’t had an account in over 2 years and guess what, i’m pretty fucking content.

  18. Sometimes it’s imperative to keep investigations under cover for it to be effective at all. And it’s usual to take any external parties as untrusted until proven, so that may be why they couldn’t get you too involved as well.

  19. That’s rich.. I’m pretty sure you sent that entire list to someone else entirely who doesn’t even work at Facebook.

    You’re saying the person’s domain e-mail was ‘@fb.com’?

  20. Disturbing, not only that you were able to buy that amount of info for just 5 bucks (makes me question how good the info actually is, or how creepy the source), but more so that Facebook, instead of publicly taking action, is trying to hide yet another privacy snafu from the public.

    As one commenter so cleverly remarked, the app leaking the info is called Facebook! The only way to keep your information safe is not to put it on FB in the first place, and I deal with privacy issues and data security professionally…

  21. Facebook makes money because they have your information. If they’re not selling it or access to it they would make nothing. I’m not sure why this is surprising or why anyone thinks this will stop. Your information changing hands is the business model.

  22. Ahahaha! So you sent them the data you paid five dollars for? You don’t even know if it was Facebook? @fb.com sounds very fishy to me.
    I think someone just played you somehow. Maybe a reader read your post and wanted the data, then pretended to be Facebook and you gave it to them for free?

    This sounds likely and very silly.

  23. Could you please do the same to Linkedin? I feel like they’re even worse offenders. They scrape your entire Google contacts in the blink of an eye. I know several people (including myself) who’ve asked Linkedin to delete the contacts that were stolen from them – and Linkedin just deactivates or deletes their accounts (they don’t delete their personal data). Linkedin is a data-miner of everyone’s e-mail contacts; they create pop-ups and emails until you accidentally authorize them to take hard-earned contacts and then they make a profit and require you to pay monthly for an account to continue effective networking.

  24. The first rule of FarceBoook is, you will not talk about FarceBoook.

    /also, this comment has not been posted.
    //you will not read this comment.

  25. I think they’re overstepping their bounds on this one by being enforcement-oriented against you. It’s clear you bought the data to blog about it. You also took pains to conceal it and hide the method of its distribution. It is unfortunate they took this heavy-handed tack, since that’s how corporations usually get this wrong.

    The focus, of course, should be on finding the hole used to retrieve this data.

  26. Did they have any reason to receive the file meaning did you have any legal obligation to hand it in ? why not sell it to a newspaper as a story with proof.

  27. Do you know how old this data? The first thing that came to my mind when I read this article was everyones Facebook profile information that was leaked a few years ago…

  28. “Facebook Attorney X, this conversation is the private exchange between the parties and is not subject to monitoring by any third party.”
    yak yak yak
    “Interesting. I conditionally accept your offer to (answer your questions/obey your demands) on proof of claim that I have consented to subject my person to your jurisdiction in this matter. You may submit said proof for my inspection via private registered mail. Pleasant day.”
    Click.

  29. Just posted a link about this on my profile. We’ll see how long it and my profile stay up and active, but I was thinking of removing my profile recently anyway so if it happens to come to that, no biggie.

  30. After seeing your story on Reddit I read in the comments that you can disable the app platform to prevent all apps from accessing information about you.

    Apparently sometime after that comment was posted, opting out no longer works and the AJAX request returns a 404. It’s impossible to opt-out.

    Privacy Settings > Ads, Apps, and Websites > Turn off

    Posts to https://www.facebook.com/ajax/privacy/platform_optout/.

  31. At least now the people you bought the file of are aware that Facebook is after them. If they built that database through legal means, and sold it to a lot suck^H^H^H^Hcustomers, good for them, they have no reason to be afraid. If they used voodoo, I guess they may have to hide for a while.

  32. you sure the email actually came from facebook? It’s not hard to spoof a from address in an email. You’d best look at the email headers and determine the source IP address of the email, then do an ARIN lookup of that IP to see if it does indeed belong to facebook.

  33. Does not appear to be a scrape. The emails are not public and not a former data scrape from former leaks. This might be a real leak.

  34. You should have sold it to them for a $1,000,000 fee. Why on earth would you give it to them or put up with their strongarm attempts. Who the hell do they think they are? They’re just a stupid website…

  35. You’ve just become a snitch for a criminal organization, and behave like an citizen of oppressive police state (replace with oppressive police corporation). You must be so proud of yourself.

    And how brave you for being open up about it. I will nominate you for the Nobel Peace Prize 2013!

  36. Everyone that thinks his data on facebook are only visible for his friends are naive. Maybe FB should replace their “privacy policy” by this:

    “We try to protect your Facebook data, but it’s highly likely that we will fail some day.
    Do you agree that all data on Facebook possibly can be viewed and copied to companies and individuals on anywhere on the world?”

    [ ] YES I agree that unwanted can possibly view my data
    [ ] NO sorry dude you don’t have Facebook so you are not cool

  37. You should’ve charged them quite a lot of money for that conversation and that data file. After all you’re doing their security work for them. Wait, did I just suggest that Facebook does security work? Who am I kidding, they simply do brute work!

  38. Regardless of your intent you will most likely be charged. This is no joke. I wouldn’t get too comfy if I was you. Not on the bad side trying to scare you but on the good side trying to help you brother.

  39. Fuck Facebook and the KIKE roach Schmuckerberg.

    KIKES control the USA and want to control the world.

    Biggest mistake in history. shutting down Auschwitz

  40. Even if you delete you account on FB it still has your information in there. It just set not to show your record. I am 100% they do no delete any user info.
    So the only thing I can think of is to change your info let it sit for sometime and only then delete profile.

  41. Fuck the scumbag roach Daruka Malone (see 3rd comment above).
    He thinks he controls the USA and wants to control the world.
    Biggest mistake in history, his mom choosing to have him.

  42. “The overall tone of the conversation was very imperative”

    Facebook’s attitude and behavior is quite despicable. I’m glad still that there are people like you who help us stay informed. Keep up the good work!

  43. Good stuff, don’t be intimidated by the bs and do the right thing. I hope Facebook can’t silence you, and that the spirit, rather than the letter, of the law is applied with regard to any charges brought against you.

    Good luck.

  44. I dont think there’s anything wrong in here, cuz mark stole the data too during initial days of FB, how can they claim this to be wrong?

  45. Ha! I love that whole response by FB! “We would like…:” – as if they’re asking you to do them a favor – “you to jump through all these hoops, give us all this information, and you are not allowed to tell anyone!” What are they going to do? Destroy your Farmville farm? Un-Like your profile?

    You did a good thing, the right thing by notifying them in the first place. It’s a shame you had to deal with some twit with delusions of authority. Methinks he should go back to writing stern memos about the proper positioning of paper clips in desk drawers.

    You should ask them to reimburse your $5, pay you a reasonable fee for all the time involved in complying with their dema…er, ‘requests’, and require them to put their blog-editing and secrecy demands in writing so you can make some First Amendment lawyer (and yourself, of course) wealthy.

    Doncha just hate it when you try to do good and some schmuck tries to play Man in Black on you? He needs to be reminded he works for FB, not FBI.

  46. Ah, those FB bastards, instead of being humble and polite, they opted for the brute force approach of the matter that, as a matter of fact, is about their incapacity to provide a safe environment for their pricy piece of crap called faceshart. What did they thought when they tried pedal to the metal approach? Did they truly believe that Bogu would shit his pants and…beg for forgiveness? Silly assholes, I sometimes wonder why and how it happened that faceshart has so many suckers then, I realize that we are living in a depersonalized world and we crave for friendship and attention while the sharks are munching on our despaired weakness.

  47. >>”I asked if it was possible to tell what the problem was”

    it seems clear to me from your blog post, that the seller obtained the email address via Facebook applications that they have developed.

    When you add a Facebook application to your account, some applications ask you for permission to obtain your email address, though the way facebook has designed the permission request dialog box, its easy to miss the part where it says you are going to let the application have your email address.

    It seems obvious to me, that the person you bought the user details from, had apps that were collecting user details including their email addresses, and thought they could make extra money by selling those details on to third parties.

    In the past i have added a facebook application without reading the permissions request page, and after i added it i realised i had accidentally given permission to the app to access my email address. Not long after that, the email spam started arriving from the application.

    I think facebook should make it much harder if not impossible for apps to access user’s email addresses, and the permission request page should highlight very clearly when the app is requesting permission to access that users email address.

    I have recently found a browser extension called “FB Purity” that will actually do this, it also adds a “Block application” button to facebook application permission request pages, so if you dont like the look of the app, and dont want the app to get any of your user information, you can block the application then and there. It also highlights any permissions such as requesting email addresses, or the ability to post to the users wall. It works quite well, you can get it here, if you are interested: http://fbpurity.com

  48. fuck facebook…the addictive social network….disables us…spy on us…and then what….wen should suck their cock too…mother fuckers

  49. Man, you just got yourself on US Defence Department’s list as a potencial terrorist. Do you even realize who those people are? It’s like messing up with mafia. Should anything happen, you will be one of the first they will deal with. Is your personal integrity and the opinion of anonymous Internet users really more important than your and your family’s life? Pick only those battles you can win. If I were you, I would delete those posts, contact them again and send them all the information they require together with apologizing for your rebellious and irrational attitude. And I suggest this as a bystander, with best intentions. Good luck.

  50. This next chart just shows the gun ownership per capita rate for the “developed” countries, or the members of the Organization for Economic Cooperation and Development (OECD). That basically means the world’s rich countries. Some of them, such as Switzerland and Finland, are actually among the highest-ranking countries in the world by gun ownership rates. But the U.S. is still way, way ahead. Keep this chart in mind the next time someone compares U.S. gun ownership to Switzerland or to Israel.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.