Privacy issues plague Facebook users – yet again

Over the weekend, there was an interesting bit of news out of the social networking world, which once again places the privacy protection and controls offered by Facebook in the spotlight. A post on Reddit described a Google search that displayed notes written by Facebook users, and with those notes, a good deal of personal information.

The story on Reddit was picked up by The Next Web, and as they said in their coverage, the issue isn’t so much the fact that the notes were discovered via a Google search, the issue is that the notes discovered were associated with profiles that were marked as private. The Tech Herald did some research on several profiles, and every single user we looked at had privacy settings in full effect, but in some cases, several notes were easily obtainable with a Google search.

The search term, “site:http://69.63.186.30/notes.php” when coupled with a few extra search parameters, allowed us to read details and personal information about complete strangers. Other regional server IP’s where this trick will work include 69.63.184.142, 69.63.178.11, 69.63.176.140, and 69.63.186.31.

Yet, this was not what we took issue with. The problem we had was that each of the profiles was set to disallow public viewing using Facebook’s privacy settings. How then, were the notes available online?

According to Facebook, when they responded to The Next Web, “all of the individuals notes found via Google have chosen to make their notes public.” It is entirely possible that some users have allowed their notes to be public property. Yet, when Facebook introduced the new privacy settings earlier this year, they said that information opened up to “Everyone” would not be visible to someone using general Web searches. Yet, here it is on Google. 

Even if the notes were set to public viewing, we have a hard time accepting that out of the thousands of notes available, that every single user listed is ok with that public viewing option. Especially when you consider that the majority of the profiles were set to private. Not to mention, it seems that when Facebook said that information wouldn’t be returned via search results, they were speaking about their own domain, and not the regional searches. So it would seem anyway, but you can replace the IP addresses with Facebook.com, and it works the same.

For example, for one Long Island born college student, the amount of information we collected, using both Facebook and a few routine Google searches, could easily be used to pull off a Phishing attack, if not worse. How? Just from the information that can be collected from Google alone. Starting with the Google search that gives you the notes, it’s not a big jump to add other search parameters to it and dig deeper.

The information about someone online depends on the person. Some people are guarded, and share very little information, others share some things, but not all that much. From them, you’ll get things like what schools they attend, where they were born or currently live, unknowingly handing out information that alone seems useless, but with coupled with other tidbits of knowledge is quite valuable. Then you have those who share everything.

There is one popular example of using information online to commit crime. We’re not talking about Phishing attacks, those are possible with the most basic personal information, we’re talking about using information harvested from social networking profiles, blog posts, and targeted searches online to compromise security.

The example comes from the 2008 Presidential elections. Sara Palin had her email account compromised by someone who used information revealed publically, and a few Google searches to reset the password on her Yahoo email account. In another example, while some of the media over sensationalized the news, there is valid truth to the reports about people’s homes being robbed, because they announced an extended absence on their social network. It might be rare, but it can and will happen.

In the past, Facebook has been dogged by security and privacy issues. So much so, they hired MarkMonitor to augment their internal security practices. MarkMonitor, a vendor who Facebook was already using, was given a larger role in site security to combat the Phishing and other malicious attacks on Facebook’s users earlier this year and over the summer.

In June, Facebook had to deal with a vulnerability that allowed anyone to view all of the information recorded in the basic information section of a profile, no matter the privacy settings, by altering POST data. The hole was quickly patched by Facebook, but only after details of the vulnerability were made public after several failed attempts to report it.

So when you consider Facebook’s security and privacy issues overall, where entries using the Notes application are exposed from a simple search, the Phishing attacks that serve Malware, or the scams where people are tricked into handing over cash, should you blame the user or Facebook?

Facebook, again, says that the notes were displayed because the user selected that privacy setting. Likewise, Facebook’s own help section regarding security also references the privacy controls heavily. However, some of those privacy settings are confusing, and often take several steps to configure. How many users have gone through them completely and configured them properly according to their needs and expectations?

Your guess is as good as ours.

There are some steps you can take, which will protect your Facebook account and personal information, while keeping it highly interactive. The Tech Herald has written a primer on Facebook Privacy settings, you can read that here.

[This editorial is the opinion of Steve Ragan and not necessarily those of the staff on The Tech Herald or the Monsters and Critics (M&C) network. Comments can be left below or sent to [email protected]]

Like this article? Please share on Facebook and give The Tech Herald a Like too!

From our Other Sites

Awesome Stuff Made Out Of Car Parts

An awesome picture has started doing the rounds showing a bathroom with sinks made out of car tires and faucets created from gas pumps. It’s the ideal bathroom for any discerning car nut. That got us thinking — what other stuff is there made out of car parts and car paraphernalia. Here are some of the coolest […]

Range Rover Evoque Convertible Confirmed

Land Rover has officially confirmed that the Range Rover Evoque Convertible will go on sale in 2016. The company released some publicity photos showing a prototype of the Evoque Convertible driving through train tunnels under construction in London. The company says use of the Crossrail tunnels let them test the convertible in privacy. A Land […]

Mercedes-AMG GT3 Racing Car to Debut at Geneva Motor Show

The company says the standard Mercedes-AMG GT already provides the ideal base for the race model, with low centre of gravity, good weight distribution and wide track width.The driver sits on a carbon-fibre seat pan and is protected by a roll-over cage made from high-tensile steel.The engine cover, doors, front wing, sidewalls, side skirts, diffuser, […]

Lamborghini Aventador Wallpaper

Lamborghini Aventador wallpaper for your desktop or mobile device. Each image links to a page with multiple sizes of wallpaper you can download.

Man Makes Tiny Edible Pancakes with Tiny Kitchen Tools (Video)

This Japanese guy cooks up some pancakes…nothing special there right? Well he uses tiny implements to do it and makes perfect little pancakes. Kinda cool and they look tasty!

What Color is this Dress?

White and Gold or Blue and Black?
Well this one has been trending all over the web, just what color is this dress? It all started in Scotland when the mother of a bride-to-be sent a picture to her daughter asking what she thought of the dress. The bride and groom each saw the image differently, this then got posted online and picked up by some viral sites. The lighting in the photo is probably causing different people to see it as either white and gold or blue and black. Prof Stephen Westland, chair of color science and technology at a university in the UK told the BBC that it was impossible to see what other people see but that it […]

McLaren 675LT Pictures

Some great shots of the forthcoming McLaren 675LT. This coupe will get you to 60mph in less than 2.9 second and go all the way to 205mph.

McLaren 675LT Details

McLaren’s 675LT will debut at this year’s Geneva show and promises some eye-popping performance. The coupe only 675LT has a 3.8 liter V8 that will get you from 0-60mph in less than 2.9 seconds and to 124mph in less than 7.9 secondsMore than a third of the parts have been changed compared with its stable mate […]

McLaren 675LT Wallpaper

Some cool McLaren 675LT Wallpaper. The McLaren 675LT is the latest coupe to come from the supercar maker and has a top speed of 205mph.Click on an image to open a page with multiple sizes that you can download to use as wallpaper for your mobile or desktop.More McLaren Wallpaper.

Octopus hunts on land, grabs crab (Video)

This crab is minding its own business searching the rock pools for food when suddenly an octopus leaps out of the water and grabs it. The amazing thing is that the octopus does not just jump on the crab it actually pulls it all the way back to the rock pool it came from. If you check the second video you will see it is not unknown for octopus to come out of the water and the one in the second video has a crab with it, though is not hunting one! Octopus Walks on Land at Fitzgerald Marine Reserve The video was taken by Porsche Indrisie in Yallingup, Western […]