Mixed Feelings After My Conversation With Facebook.(updated)

Warning: According to Facebook you are not allowed to read this post, so beware.

Perhaps you know that a few days ago I bought information about 1 million FB users from a website for the meager amount of 5 US dollars.

Anyway, I received a strange message that FB wanted to talk to me – someone from a deprtment called “Policy” which in my opinion was an euphemism for “Police” and unfortuntely it turned out to be so.

Our conversation began exatly on the agreed minute and with the warning that it “is being recorded”. The part where they usually say that it is for the purpose of “improving the service” was spared.

They thanked me for what I have done but they also asked me that I did not share the information about our talk in my profile (?!?) and my blog.

“Now we would like you to send us this file, delete it, tell us if you have given a copy of it to someone, give us the website from which you bought it including all transactions with it and the payment system and remove a couple of things from your blog. Oh and by the way, you are not allowed to disclose any part of this conversation; it is a secret that we are even having this conversation”.

I agreed to send them the data and the website of course, for that was my purpose. I tried to ask what they would do next but they said it would be an internal legal investigation.

I asked if it was possible to tell what the problem was, after they finished the investigation, so that the users could protect themselves, but they they emphasized that it would be an internal investigation and they would not share any information with third parties. And they mentioned again that I must not tell about it to nobody, because…

The overall tone of the conversation was very imperative, it is Facebook after all.
Warning: According to Facebook you are not allowed to read this post, so beware.

(Update): No, Facebook, I don’t want my 5$ back, but I want something from (for) you.

141 responses to “Mixed Feelings After My Conversation With Facebook.(updated)”

  1. Facebook needs to find the culprit application that leaked this information and punish them, not try to cover up this leak. The fact that they are investigating would be a positive but their apparent attempt to try to make this event disappear is a negative. Mixed feelings for sure.

  2. Caspy7 says:

    You naughty boy.

  3. nagisa says:

    Now I’m too interested in that data.

  4. bearnik says:

    I agree … when sombody is in fail they should … must … take some measures … but come on – to delete your post because of your own fail is FAIL! big time

  5. HaHa says:

    Shhhh They said it was a secret so you can’t share… cause they said SO! lol

  6. howdoilaw says:

    You’ll be okay. That’s now how nondisclosure agreements work.

    You can’t just call someone up and tell them that they’re now legally bound by an NDA to keep the fact that you called them secret. They’re trying to scare you.

    By the way, now that you’ve read this comment, you are legally bound to keep it a secret.

    See how weird things would get if that’s how it worked?

  7. Godfodder says:

    You would think they would be a little wiser about the laws of recording phone calls, and that you don’t need their permission to print the conversation. Good for you for being smarter than them, even if they are setting the bar low.

    • Anon says:

      They are being wise about the law: some states are “one party consent” where others are “two-party consent”. In a two party consent state, both (all) parties must agree to the recording otherwise it qualifies as the crime of wiretapping (this usually applies to in-person conversations where there is an “expectation of privacy”, often with exceptions for recording of public figures). The warning makes sure that the other party has the chance to consent to the recording (not hanging up).

  8. Jigar Shah says:

    And irony is FF is doing fb integration within..got reasonable explanation of as it works like “uninstalled addon” and its done within to make it “one click” process…Still not sure why its still like this….

  9. RNiK says:

    All your base belongs to Facebook. :D

  10. R says:

    How did you verify that the caller was actually from Facebook?

  11. Tamil Kaz says:

    Will you make this information publicly available?

  12. fool says:

    Well, you include facebook.net here. Everyone who visits this site and does not block this request reveals his/her visit here to facebook.

  13. Steve says:

    It’s not a leak. This information is in the public. Accounts that don’t set appropriate privacy settings are ripe for the picking. It’s a trivial task to have a bot scrape through these publicly accessible profiles and compile all the info into a handy spreadsheet.

    I have my doubts that the message was really from Facebook, it looks like it was written by 15 year old.

  14. pfikus says:

    well did you get your $5 back?!??

  15. Maddy says:

    How dare you do something such as share personal information without facebook’s express permission to do so! Have you no ethics?

  16. gavin says:

    facebook inc = fbi

  17. C Silver says:

    Had this been a Federal investigation, you might have cause for concern as a whistleblower. The real motivation behind contacting you might be to merely silence a leak about a normal data exchange procedure between FB and agencies investigating the transitory nature of potential enemies of state.

  18. katmandu says:

    What info on your blog did they want you to delete?

  19. Joe Ramone says:

    So are you sure this is even facebook and not some scammer?

  20. Josh says:

    They have top men working on it. Top…men.

  21. Mo says:

    Facebook will be sending out their henchmen soon. Good luck.

  22. ccrewe says:

    I am over facebook. I have just deleted my account, and set up a fake account which i can use for sights which require me to have facebook.

  23. Ashton says:

    I wanted to post a link to this article on my Facebook wall to let others know about this. I didn’t do it because I’m afraid Facebook will delete my account if I do.

  24. Adzik says:

    I would like and share, but I’m afraid of Internet Police.

  25. Nomadic Hayward says:

    I would like to see validation that the phone call and email you got was actually from Facebook (for example, did you verify the email headers hadn’t been spoofed?). Because lets face it, their initial correspondence message stinks of scam!

  26. Crow says:

    Where they say, “it is a secret that we are even having this conversation,” reminds me of when I was a kid and I would hear a schoolyard secret. “Hey, Crow, Alex peed his pants today! But don’t tell anyone, it’s a secret that we’re even talking… Now go!”

    Fuck Facebook, this is hilarious and their threats are laughable.

  27. Tammer Salem says:

    Lol! Very funny exchange with fb. I wonder what their reaction would be if you had told them you had all 1 billion users details that tou had purchased for £10 ? I really think they would have sent around a hitman with a blue shirt (and no like button).
    If you did have thatany details what mischief could you get up to? Pictures of your backside emailed to everyone subject: zuckerberg drunk photos

  28. Freethinksman says:

    I’ll give you $3.50 for the list. It’ll still have been a better investment than if you had bought $5 worth of Facebook stock at its IPO.

  29. chaos1 says:

    tweet, facebook like, g+, trololol, upvotes.

  30. Biff says:

    Screw Facebook

  31. Robin says:

    I don’t know why everyone freaked so much on this. You can find any username – full name and email address of most users in Facebook. Depending on the profile’s privacy..

  32. tim peterson says:

    Why are you even dealing with these losers? Just delete your account already. I haven’t had an account in over 2 years and guess what, i’m pretty fucking content.

  33. Alfred J. Nonnymouse says:

    “According to Facebook, you are not allowed to read this post.”

    …why hello there, Streisand Effect.

  34. Ryan Tan says:

    Sometimes it’s imperative to keep investigations under cover for it to be effective at all. And it’s usual to take any external parties as untrusted until proven, so that may be why they couldn’t get you too involved as well.

  35. yamo says:

    That’s rich.. I’m pretty sure you sent that entire list to someone else entirely who doesn’t even work at Facebook.

    You’re saying the person’s domain e-mail was ‘@fb.com’?

  36. NorgeMag says:

    Disturbing, not only that you were able to buy that amount of info for just 5 bucks (makes me question how good the info actually is, or how creepy the source), but more so that Facebook, instead of publicly taking action, is trying to hide yet another privacy snafu from the public.

    As one commenter so cleverly remarked, the app leaking the info is called Facebook! The only way to keep your information safe is not to put it on FB in the first place, and I deal with privacy issues and data security professionally…

  37. Strobe says:

    Facebook makes money because they have your information. If they’re not selling it or access to it they would make nothing. I’m not sure why this is surprising or why anyone thinks this will stop. Your information changing hands is the business model.

  38. Anon says:

    I’m interested in what legal theory they think prevents you from sharing this conversation.

  39. Ahahaha! So you sent them the data you paid five dollars for? You don’t even know if it was Facebook? @fb.com sounds very fishy to me.
    I think someone just played you somehow. Maybe a reader read your post and wanted the data, then pretended to be Facebook and you gave it to them for free?

    This sounds likely and very silly.

  40. ConcernedUser says:

    Could you please do the same to Linkedin? I feel like they’re even worse offenders. They scrape your entire Google contacts in the blink of an eye. I know several people (including myself) who’ve asked Linkedin to delete the contacts that were stolen from them – and Linkedin just deactivates or deletes their accounts (they don’t delete their personal data). Linkedin is a data-miner of everyone’s e-mail contacts; they create pop-ups and emails until you accidentally authorize them to take hard-earned contacts and then they make a profit and require you to pay monthly for an account to continue effective networking.

  41. FarceBoook says:

    The first rule of FarceBoook is, you will not talk about FarceBoook.

    /also, this comment has not been posted.
    //you will not read this comment.

  42. JUlien says:

    FACEBOOK DOES NOT GET TO TELL US WHAT TO DO!

  43. adsfaD says:

    Dude, Proofread before you post.

  44. dackdel says:

    host the data up somewhere and sell it for 5$. you will get a lot of 5$.

  45. DUMB ASS says:

    Who cares everyone already knows you can buy profiles for cheaper and easily.

  46. paleblued0t says:

    So I highly doubt anyone who owns an app with that many active users would leek this kind of information for 5 dollars.

    Although a script kiddie with too much time on their hands might.
    http://code.google.com/p/fbpwn/

  47. Do you still have your Facebook account?

  48. concealment says:

    I think they’re overstepping their bounds on this one by being enforcement-oriented against you. It’s clear you bought the data to blog about it. You also took pains to conceal it and hide the method of its distribution. It is unfortunate they took this heavy-handed tack, since that’s how corporations usually get this wrong.

    The focus, of course, should be on finding the hole used to retrieve this data.

  49. Shabbir says:

    Did they have any reason to receive the file meaning did you have any legal obligation to hand it in ? why not sell it to a newspaper as a story with proof.

  50. Nick H says:

    Do you know how old this data? The first thing that came to my mind when I read this article was everyones Facebook profile information that was leaked a few years ago…

  51. codeyuppie says:

    “Facebook Attorney X, this conversation is the private exchange between the parties and is not subject to monitoring by any third party.”
    yak yak yak
    “Interesting. I conditionally accept your offer to (answer your questions/obey your demands) on proof of claim that I have consented to subject my person to your jurisdiction in this matter. You may submit said proof for my inspection via private registered mail. Pleasant day.”
    Click.

  52. Jack C. says:

    facebook needs to die!
    same goes for apple!
    and videogameconsoles!

  53. Juliana says:

    I shared this. On facebook.

  54. Chris says:

    Just posted a link about this on my profile. We’ll see how long it and my profile stay up and active, but I was thinking of removing my profile recently anyway so if it happens to come to that, no biggie.

  55. Damon says:

    After seeing your story on Reddit I read in the comments that you can disable the app platform to prevent all apps from accessing information about you.

    Apparently sometime after that comment was posted, opting out no longer works and the AJAX request returns a 404. It’s impossible to opt-out.

    Privacy Settings > Ads, Apps, and Websites > Turn off

    Posts to https://www.facebook.com/ajax/privacy/platform_optout/.

  56. Leo says:

    …and now it’s on the front page of Reddit. Gotta love the internet! LMFAO!!

  57. dc says:

    At least now the people you bought the file of are aware that Facebook is after them. If they built that database through legal means, and sold it to a lot suck^H^H^H^Hcustomers, good for them, they have no reason to be afraid. If they used voodoo, I guess they may have to hide for a while.

  58. Andy says:

    People who think the government is out of control should pay attention this. Thanks Bogo.

  59. I thought we told you to keep it zipped god dammit!

    RELEASE THE HOUNDS

  60. P. W says:

    you sure the email actually came from facebook? It’s not hard to spoof a from address in an email. You’d best look at the email headers and determine the source IP address of the email, then do an ARIN lookup of that IP to see if it does indeed belong to facebook.

  61. SK says:

    Does not appear to be a scrape. The emails are not public and not a former data scrape from former leaks. This might be a real leak.

  62. Obvious says:

    You should have sold it to them for a $1,000,000 fee. Why on earth would you give it to them or put up with their strongarm attempts. Who the hell do they think they are? They’re just a stupid website…

  63. Tomaz Z. says:

    You should’ve pledged the fifth.

  64. foobar says:

    fuck the police – im reading it

  65. Bryce says:

    hmmm i wanna know if MY name was on that list!!! thats not fair

  66. Luckily for me, I’ve already cancelled my Facebook account so I’m hopefully immune from the Facebook Police.

  67. Notasnitch says:

    You’ve just become a snitch for a criminal organization, and behave like an citizen of oppressive police state (replace with oppressive police corporation). You must be so proud of yourself.

    And how brave you for being open up about it. I will nominate you for the Nobel Peace Prize 2013!

  68. Mr Burble says:

    In this country you can’t sign away your civil rights.

  69. Melultu Kibsu says:

    So weird that Facebook doesn’t know of or understand the Streisand effect.

    http://en.wikipedia.org/wiki/Streisand_effect

  70. Corelianer says:

    Everyone that thinks his data on facebook are only visible for his friends are naive. Maybe FB should replace their “privacy policy” by this:

    “We try to protect your Facebook data, but it’s highly likely that we will fail some day.
    Do you agree that all data on Facebook possibly can be viewed and copied to companies and individuals on anywhere on the world?”

    [ ] YES I agree that unwanted can possibly view my data
    [ ] NO sorry dude you don’t have Facebook so you are not cool

  71. Pavel says:

    Next thing you know, they will send you somebody to tell you “if you don’t delete this, you will sleep with the fishes”.

  72. Jake says:

    You should’ve charged them quite a lot of money for that conversation and that data file. After all you’re doing their security work for them. Wait, did I just suggest that Facebook does security work? Who am I kidding, they simply do brute work!

  73. Doug says:

    Ya I shared this on my wall. If they care enough to go through and delete 3.1k users (or more) just for this, well have fun with that LOL.

  74. Jj says:

    Regardless of your intent you will most likely be charged. This is no joke. I wouldn’t get too comfy if I was you. Not on the bad side trying to scare you but on the good side trying to help you brother.

  75. Pływanie says:

    Nice… Great that you didn’t made the conversation a secret!

  76. Daruka Malone says:

    Fuck Facebook and the KIKE roach Schmuckerberg.

    KIKES control the USA and want to control the world.

    Biggest mistake in history. shutting down Auschwitz

  77. KK says:

    Get a freaking life dude. So FB is evil. Boo hoo.

  78. RG says:

    Even if you delete you account on FB it still has your information in there. It just set not to show your record. I am 100% they do no delete any user info.
    So the only thing I can think of is to change your info let it sit for sometime and only then delete profile.

  79. Sports Fan says:

    Wow. This make Facebook look really bad.

  80. Shit says:

    Fuckbook is bullshit

  81. SeoKungFu says:

    Well, we just read it and some of us even shared it further :)

  82. Jim says:

    Poor attempt at getting visits to your shitty website..

  83. Phoxx says:

    Fuck the scumbag roach Daruka Malone (see 3rd comment above).
    He thinks he controls the USA and wants to control the world.
    Biggest mistake in history, his mom choosing to have him.

  84. Mark must die, your true!

  85. T Fernand says:

    “The overall tone of the conversation was very imperative”

    Facebook’s attitude and behavior is quite despicable. I’m glad still that there are people like you who help us stay informed. Keep up the good work!

  86. Nawilżacz says:

    Facebook shoot himself in the foot. Good job Bogomil!

  87. Semi Essessi says:

    Good stuff, don’t be intimidated by the bs and do the right thing. I hope Facebook can’t silence you, and that the spirit, rather than the letter, of the law is applied with regard to any charges brought against you.

    Good luck.

  88. john doe says:

    “security” by bullying in its best

  89. Ross Kemp says:

    Hye, can you repost the torrent link again , downloaded a copy thanks, but wanted to send it to some mre peeps

  90. Azad Laxman says:

    I dont think there’s anything wrong in here, cuz mark stole the data too during initial days of FB, how can they claim this to be wrong?

  91. VaBeachDad says:

    Ha! I love that whole response by FB! “We would like…:” – as if they’re asking you to do them a favor – “you to jump through all these hoops, give us all this information, and you are not allowed to tell anyone!” What are they going to do? Destroy your Farmville farm? Un-Like your profile?

    You did a good thing, the right thing by notifying them in the first place. It’s a shame you had to deal with some twit with delusions of authority. Methinks he should go back to writing stern memos about the proper positioning of paper clips in desk drawers.

    You should ask them to reimburse your $5, pay you a reasonable fee for all the time involved in complying with their dema…er, ‘requests’, and require them to put their blog-editing and secrecy demands in writing so you can make some First Amendment lawyer (and yourself, of course) wealthy.

    Doncha just hate it when you try to do good and some schmuck tries to play Man in Black on you? He needs to be reminded he works for FB, not FBI.

  92. Tobias says:

    Good step – keep it up …

  93. Mustapha says:

    Did you get back yours 5dollar?

  94. Lee says:

    Ah, those FB bastards, instead of being humble and polite, they opted for the brute force approach of the matter that, as a matter of fact, is about their incapacity to provide a safe environment for their pricy piece of crap called faceshart. What did they thought when they tried pedal to the metal approach? Did they truly believe that Bogu would shit his pants and…beg for forgiveness? Silly assholes, I sometimes wonder why and how it happened that faceshart has so many suckers then, I realize that we are living in a depersonalized world and we crave for friendship and attention while the sharks are munching on our despaired weakness.

  95. Toni says:

    Към автора. Изпуснал си една буква в думата “exactly”.

  96. MSPS says:

    The monster starts to bite his own tail…

  97. thelabrat says:

    @bogomep –

    Good job, keep it up.

  98. ABel says:

    Fuck the policy!! haha

  99. Bums says:

    Fuck Facebook.

  100. That’s why I always use fake emails for everything round Facebook.

    Thanks for the info, Bogomil.

  101. martin jones says:

    >>”I asked if it was possible to tell what the problem was”

    it seems clear to me from your blog post, that the seller obtained the email address via Facebook applications that they have developed.

    When you add a Facebook application to your account, some applications ask you for permission to obtain your email address, though the way facebook has designed the permission request dialog box, its easy to miss the part where it says you are going to let the application have your email address.

    It seems obvious to me, that the person you bought the user details from, had apps that were collecting user details including their email addresses, and thought they could make extra money by selling those details on to third parties.

    In the past i have added a facebook application without reading the permissions request page, and after i added it i realised i had accidentally given permission to the app to access my email address. Not long after that, the email spam started arriving from the application.

    I think facebook should make it much harder if not impossible for apps to access user’s email addresses, and the permission request page should highlight very clearly when the app is requesting permission to access that users email address.

    I have recently found a browser extension called “FB Purity” that will actually do this, it also adds a “Block application” button to facebook application permission request pages, so if you dont like the look of the app, and dont want the app to get any of your user information, you can block the application then and there. It also highlights any permissions such as requesting email addresses, or the ability to post to the users wall. It works quite well, you can get it here, if you are interested: http://fbpurity.com

  102. […] los datos y que borrara el post en el que denunciaba la compra, Shopov ha publicado otro en el que explica la llamada por parte de la red social. Vamos, que el culebrón continúa, y los datos personales de los […]

  103. mohammad says:

    fuck facebook…the addictive social network….disables us…spy on us…and then what….wen should suck their cock too…mother fuckers

  104. Anonymous says:

    typo: ‘someone from a deprtment called “Policy”’

  105. susi linux says:

    Why didn’t you SELL the data to FB? I’d say it can be worth some thousends of dollars…

  106. Martin says:

    lol, nicely done :D

  107. […] Oh, this is not the end of the story. I ve’got a phone call from them. […]

  108. Adam says:

    Man, you just got yourself on US Defence Department’s list as a potencial terrorist. Do you even realize who those people are? It’s like messing up with mafia. Should anything happen, you will be one of the first they will deal with. Is your personal integrity and the opinion of anonymous Internet users really more important than your and your family’s life? Pick only those battles you can win. If I were you, I would delete those posts, contact them again and send them all the information they require together with apologizing for your rebellious and irrational attitude. And I suggest this as a bystander, with best intentions. Good luck.

  109. This next chart just shows the gun ownership per capita rate for the “developed” countries, or the members of the Organization for Economic Cooperation and Development (OECD). That basically means the world’s rich countries. Some of them, such as Switzerland and Finland, are actually among the highest-ranking countries in the world by gun ownership rates. But the U.S. is still way, way ahead. Keep this chart in mind the next time someone compares U.S. gun ownership to Switzerland or to Israel.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.