Ex-Meta worker investigated for downloading 30k private Facebook photos(www.bbc.com)

86 pointsby 165944709110 hours ago6 comments

cramsession9 hours ago
I was at a party once with Facebook employees and they were telling stories about how they would spy on who visited who's profiles. They thought it was so funny, they could "tell" who had a crush on who. I deleted my account as soon as I got home. Vile company.
- phyrex8 hours ago
  That must have been a long time ago. Nowadays there are a lot of safeguards and that's one of the things that gets you fired right away.
  - eviks6 hours ago
    Yes, in a "never_do_this_or_you_will_be_fired" kind of way
  - jnsaff28 hours ago
    Nowadays when you visit someones profile you show up on their suggested friend list. Creepy or cute, a deliberate information leak.
    em-bee8 hours ago
    viewing someones profile without them knowing is not creepy?
    nirvdrum5 hours ago
    After getting scammed on Facebook Marketplace, I look at the profiles of sellers, particularly if they don’t have much in way of reviews. That seems more prudent than creepy to me. I’m not stalking anyone and I’m not looking to be their friend.
    Is there a better way to do seller verification? It does seem like an information leak to me. Craigslist and eBay don’t share my identification as a potential buyer. I don’t love the marketplace being tied to a social network, but it’s what many people are using these days.
    hackable_sand8 hours ago
    It is creepy, that's what they're saying.
    em-bee7 hours ago
    what i understood is that "showing up on their suggested friends list is creepy, and it's an information leak". the way i read that is that they would prefer not to show when someone visited their profile. and that's what i consider creepy.
  - kakacik8 hours ago
    I keep reading same statements here for past 10+ years, every time some similar fuckup @fb happens. Every. Single. Time.
    0 trust in that company, 0 trust in its employees.
- ryandrake9 hours ago
  Wouldn't surprise me. Everyone clutches their pearls and hits the downvote button as soon as you mention the Zucc quote, but has there really been any evidence that the company culture has matured away from "They Trust Me - Dumb fucks"?
- DANmode9 hours ago
  Wouldn’t it be nice if the scope of what you witnessed was limited to that one company…
  - actionfromafar8 hours ago
    What other companies have the scope of Meta(-stasis) FB?
    hulitu2 hours ago
    Microsoft (Teams).
    DANmode8 hours ago
    Google, since you asked.
    But the point is: Facebook attracts these employees, it doesn’t breed them.
- livinglist9 hours ago
  Are they able to see these data of whichever user whenever they want with no trails at all??
  - cramsession9 hours ago
    It certainly sounded like it, or that no one cared about the trails since they thought it was so hilarious.
  - burnt-resistor8 hours ago
    Absolutely not. I'm no friend of Zucc, but the graph is protected by a permission system that won't show almost anything for employees without a making a request including legitimate business reason, for a limited time and scope, and managerial approval.
- unocard8769 hours ago
  [flagged]
  - cramsession9 hours ago
    It was more than one person and yes, it's vile that they had access to this information and a culture of spying (and joking about it). They also said they could tell how long someone was looking at each image. The whole company is basically perverted spyware, which absolutely makes sense if you know how and why it was conceived.
    hyperhello9 hours ago
    You could make that claim about all of public society in some way. Why go anywhere, unless it’s to be spied on and spy on others.
    guizadillas9 hours ago
    You CAN make that claim but it isn't right, not comparable at all
    vachina9 hours ago
    No
- tjpnz8 hours ago
  Hope the host checked thoroughly for missing property after everyone left, because I wouldn't put it past a metamate.
- morkalork9 hours ago
  Tesla employees talk about recordings of people fucking in cars around the watercooler
  - unocard8769 hours ago
    [flagged]
dietr1ch8 hours ago
> found Meta to have inadvertently stored certain passwords of social media users on its internal systems without encryption, and fined it €91m (£75m)
WTF? I thought that on 2010 already people were diligent enough to avoid even sending the password and instead just hashed it locally before even sending it.
- varun_ch7 hours ago
  That is not standard even today. The main threat is in transit over the network, which https/TLS solves, but obviously this won’t stop error traces or logging on the server from including request bodies.
  If you do hash locally (not sure I’ve seen any big players do this), you also need to be hashing server side (or else the hash is basically a plain text password in the database!)
  That said, I’m not sure why companies don’t adopt this double hashing approach. Complexity maybe? I know it could limit flexibility a little as some services like to be able to automatically attempt capitalization variations (eg. caps lock inverse) on the server. Anyways in 2026 we should all be using passkeys (if they weren’t so confusing to end-users, and so non-portable)
- f33d51738 hours ago
  That's never been standard. Passwords in log files is a common issue, crazy you can get fined 8 digits for it.
xnx9 hours ago
This would've been an embarrassing security lapse in 2007. In 2024(?) it's despicable.
burnt-resistor8 hours ago
Extremely doubtful to have occurred in the past 10 years. It's pretty much impossible to access anything on the graph without a business reason and managerial approval.
- stodor895 hours ago
  Can managers access it without managerial approval?
booleandilemma8 hours ago
What a creep.
xgulfie9 hours ago
What is it that Zuck called people who trusted him? Oh right
- 9 hours ago
  undefined
- tjpnz8 hours ago
  Dumbfucks