by Craig Buck

Created on: July 29, 2010   Last Updated: August 12, 2010

Facebook privacy has always been big news, some have even described it as an identity thief's paradise as millions of members, most of them unintentionally leave their personal details open for anyone using the Internet to see.

It comes as no surprise that the details of 100 million Facebook members have been collected and published on the net by a security consultant.  Ron Bowes used a piece of specifically written code to trawl through the entire Facebook userbase to collect any data on members where it was not hidden from public view by the privacy settings.  The list of members which is now freely available on the net contains the URL to each user's page, their name and their unique Facebook ID.  This information alone is not that significant as this will just get you to their page, exactly in the same way as a Facebook search or even a search through a search engine would.  What it does do however is allow people to target a specific set of people such as young females, youngsters in general or the elderly and snoop around their profiles which could provide extra information which puts the user at risk.  Of course, most people who get hold of the list will probably just view random profiles just out of curiosity but there will be the exceptions to this.

When asked, Mr Bowes said he had published the data to highlight the fundamental flaws in the Facebook privacy model.  Facebook countered this statement by saying that the information was already freely available and was not concerned by the story.  In a statement, a spokesperson for Facebook said, "People who use Facebook own their information and have the right to share only what they want, with whom they want, and when they want. In this case, information that people have agreed to make public was collected by a single researcher and already exists in Google, Bing, other search engines, as well as on Facebook. No private data is available or has been compromised."

Facebook has come under constant attack since the end of 2009 over it's privacy model.  Changes at the turn of the year were made to introduce a more configurable level of security which defaulted certain information to 'Everyone' view which meant that unless an individual member changed the settings, all of their data was freely available. Although Facebook did advertise that these changes were being made, it is clear that a lot of people either ignored the message or simply didn't understand the consequences of Facebook's changes.

This latest attack will force some people to question how safe Facebook actually is.  As the attack was designed to highlight how open the majority of profiles are, it didn't go as far as capturing more personal information such as email addresses, phone numbers and postal addresses.  This is not to say that they weren't available for collection and an opportunist who has access to the list would still be able to view this information if it was not hidden by individual users. 

It is hoped that Facebook users will revisit their security settings in the wake of this attack and tighten up any information that they do not wish to share with people outside of their circle of friends.

Source - BBC News

Learn more about this author, Craig Buck.
Click here to send this author comments or questions.