Mind what you post

Tags: social networks, privacy, websites.
By lucb1e on 2011-10-24 17:44:05 +0100

I knew companies like Facebook store a lot, but seeing everything makes it look plainly ridiculous.
This article is about someone who used the European right to retrieve all data a company (which has to be operative in Europe though) stores about you. He was sent a CD with the data, and posted the contents on the web - with the really personal stuff blacked out of course. Note that he deleted all contents of his account first, before getting the CD.

I've skimmed through it, and it's just insane. It not only contains normal logs, which I would expect them to keep, but they log every message independantly in great detail. Every message you ever sent to any contact on Facebook is retrievable, together with the exact second you sent it. Or every status update, like "Cycling to work now", is saved as well, together with all comments people made on it, also logged into great detail.

"Deleted" is just a column. A property stuff can have. When you delete anything, whether that is a message, status or even a photo comment, nothing about the message really changes in their database. Put simply, they set "Deleted" to "Yes", but the data is still there entirely. Deleting your entire Facebook account has no effect on this either.

Also, something that people do generally not think about when discussing privacy online, is how two users signing in on the same computer can be very easily linked together. Facebook does that exensively. Example data:
Associated Users     Max Mustermann (123456789)

                                Petra Musterfrau (987654321)
                                Sarah Roommate (555666777888)
                                Klaus Friend (333444555666)
                                Patrick Ex-Boyfriend (111222333000)
Cookie     dTfdTOTPuniqSHGJEKAAB9Qdqj
First Seen     2010-11-12 12:47:49 UTC
Seen Count     50


Not that I checked, but I'm quite sure you agreed personally to all of this when ticking "I agree to the terms of service" while signing up. You probably haven't got a single toe to stand on in court.


Why they log this? I bet it's power. I'm someone who wants to know exactly when someone did anything on my system or server (even what I did, it's handy to be able to look that up), but I respect people's privacy and don't generate personal profiles from the logs.
I must admit that I feel the draw though. The possibility of it nearly makes you do it. If you are the only one to know, and you have the ability to generate a user profile (click pattern, interrests, etc.) of everyone, wouldn't you do it?
No, I don't think you can really answer that if you haven't experienced the possibility. But I think this is why they generate and store all of this, the possibility for future use and the power of possessing it.

I must admit that as a test, I once did something similar once, but it was just to see how users would respond. For clarity I will post it in a different blogpost, which will be on my site soon.

Anyway, the moral of this post: be very carefull with what you post online. I noticed that I myself am not carefull enough, though I thought I was pretty unfindable online. And I am for the big public, just the big companies like Google or Microsoft surely can find me (name, surname, city, address, I bet even where I went yesterday and where I'm headed tonight) if they have a need to.
lucb1e.com
Another post tagged 'websites': CSRF: It's not trivial

Look for more posts tagged privacy, social networks or websites.

Previous post - Next post