The recent news of someone compiling 100 million Facebook users data into a single public torrent (a downloadable file) brilliantly illustrates some of the growing pains of social media. So did someone hack Facebook and steal your data? Nope, the profiles were all public.
What’s actually in the torrent?
Not much, actually. Well, 100 million people’s names are there along with the url to their facebook profile.
I’m not really worried about random people having my name, but this case is just a proof of concept. The torrent includes the script used to gather the info which could be easily modified by just about anyone to gather other details (like the profile picture or any other public details provided), so there’s a face to go with that name.
But to add to the creepiness factor, you should realize that if you’re reading this and you have a facebook profile, then your name is probably on the list. My name is in there along with my wife, my brother, my boss, and everyone else I tried. But who cares? Who’s even downloading this list?
Answer: a lot of people.
Who’s watching this list?
For those unfamiliar with torrent technology, there’s an important thing to know about it for this story. Torrents allow anyone downloading the torrent to see the IP addresses of everyone else downloading the file. Now when you take those IPs (IP addresses) and match them up against a database of companies’ IPs, a very interesting thing happens. All of a sudden, we can see all the companies that are downloading a torrent with 100 million users names in it.
Some of the big names include
- The Church of Scientology
- United States Postal Service
- The United Nations
You can read the whole list that’s been gathered thus far at gizmodo.
So, what can we learn from this?
Whatever social media platform you’re using–Facebook, Twitter, Last.fm or anything else–you have to know that your public profile is PUBLIC. Whatever information you make public is available to anyone with the know-how to look it up. Someone has probably modified the code in the torrent to snag profile pictures and any other public information available. Go take a few minutes to double check your privacy settings and remove any info that you don’t want public.
What this means for social media
Social media isn’t going anywhere, but hopefully incidents like this will remind people that their data isn’t theirs once they make it public. Ideally this will lead to better privacy controls and more awareness. Suddenly social media models like diaspora (not yet available) look a lot more attractive.
It’s going to be more and more about control of your data than just a nice place to interact with friends.