Has Facebook got too complicated? Site doesn't even "notice" latest data leak


In the flurry about smears, dirty PR and who is worst at dealing with sensitive user data, an interesting story about Facebook passed under the radar yesterday.

The story was also about privacy. And surprise surprise – it wasn’t good news for Facebook. Or Facebook users for that matter. Facebook admitted yesterday that they just hadn’t noticed a major data loophole, that up until yesterday had let advertisers access user details including your name, sex, chatlogs and photos.

The Leak
It was all down to a url quirk that research company Symantec pointed out.

As PCWorld describe it:

“Symantec claims Facebook has not only leaked private data such as your sex and your age, but for the past four years third-parties have had access to such goldmines as your profile, photos, and chats. Symantec also blats Facebook for giving third parties the ability to post things to your wall.”

It’s likely the advertisers didn’t even notice that this information was available to them, which is good.

But the problem is that FACEBOOK DIDN’T EITHER. They just didn’t realise. And that’s bad.

Facebook didn’t “notice” leak
The whole purpose of Facebook as a site is that it manages user information – stores, shares it and puts it in the right place. Accidentally giving private stuff to advertisers was definitely putting it in the wrong place. But it’s not some evil plan – it was just a mistake.

And I think that could be telling. Facebook have been callous with privacy before – but then they usually meant to be. This was just an accident.

Is the site just getting so big that they didn’t notice for a while? The problem came with 3rd party apps – stuff like Farmville – and the access tokens they use to get into the profiles of their users. The spare access tokens were kicking around and got passed onto advertisers and analytics sites as well as the apps. The access tokens will be disabled when you change your password, but otherwise can access your profile at any time.

Confusion at the heart of the social network
But if Facebook doesn’t know, WHO DOES?

For us, it’s reminiscent of when we asked Facebook how they arrange the top friends box and the spokesperson just told us that they couldn’t really tell us. Well, they told us a bit – it was interesting. But it was vague and the PR told me that she couldn’t really explain what exactly the algorithms did.

A lot of this could be corporation talk – trying to make sure pesky questions run into the sand. But it could also be that genuinely they are losing control about what goes on around the edges of the organisation…

Facebook is the Roman Empire of the digital world

Let’s compare Facebook to the Roman Empire (why not). An smart, efficient organisation spreads quickly because it’s tightly-run and simple. As it overruns surrounding areas, its success leads to more success as it wins more resources, which lets it go further.

Now, after growing absolutely huge, it hits a tipping point and becomes a victim of its own success and the need to manage and finds that maintaining vast amounts of land (in the Roman case) or data (in the Facebook case) is a different task to winning it over in the first place.

It starts to bend under its own weight and gets bogged down by management. Its size becomes a disadvantage instead of an advantage.

Byzantine Data Hoard
Enough Romans, but I think you get gist – Facebook is now huge and a massive data repository: more a Byzantine data hoard than a slim-line start-up.

Take the simple idea of uploading a photo to your Facebook profile. For starters, Facebook makes and saves 6 versions of it – in different sizes to put it in different places (albums, thumbnails and 4 other ones, don’t actually know what they are), they add it to your profile news feed, to an album. You can add to a specific album… but if you don’t, they’ll automatically set it to either ‘Mobile Uploads’ or ‘Wall pictures’ depending on how you uploaded it.

You can set individual privacy settings for that picture as a single upload. You can also set general privacy settings for a general album. If your friend John is able to see your photos he’ll see it on his news feed, and can click through to see

If you tag Abby in the photo, it will get copied to her wall, and added to the album Pictures of Abby, where the original privacy constraints you put on it will also apply, but also ones specific to Abby and her wall.

Comments and likes from all over the place then accrue to that photo and become associated with it and they’ll get posted about too – Abby’s comment will appear on John’s news-feed, and so on.

So one piece of data – a photo – gets copied multiple times and spread in different places to create its own network of connected packages linked to itself.

Just an example of how a very simple thing can have so many consequences in such a complex structure.

Now multiply that by 100 million – the number of photos uploaded to Facebook everyday.

It’s no wonder they’re losing some of that information…

[Symantec via Mediapost]
Anna Leach


  • First, how do so many people get journalism jobs with such such poor writing skills?

    Second, why was everyone so eager to dump their life onto the internet for all to see? Everyone complains about privacy, while posting their last bowel movement.

    Third, Facebook is absurdly complicated. I wanted to create a temporary web page to promote a book and ended up deleting the account. Instead of a simple WYSIWYG interface, you have a handful of different pages to sift through (I still don't know why they all exist) Then I was getting ad,, and posts, and links to things I never heard of, before I even finished. I finally found the page creator, but there is nothing clear about how you built a nice looking page to display your product. I've hand written HTML sites in less time.

    The fact that they are undermining their users for profit is just one of many reasons to jump ship.

  • I never use it for personal use, everyone knows what you’re doing and where you are. It’s good to spy on your staff though!

  • Oh, yeah! much better to use a social networking site that “society” doesn’t use. IDIOT!

  • Sometimes I prefer Facebook, sometimes I prefer Twitter. As far as Facebook growing too large–I’ll agree, since any tech. or customer support is virtually impossible to get ahold of

  • The people running the site are obviously the type that would sell their mother’s soul for the right price.

  • Facebook sucks. I barely use the site, and only cause everyone else does. I don’t know why everyone else likes it so much.

Comments are closed.