Get SF Weekly Newsletters

Tuesday, August 20, 2013

Facebook Is Not Your Friend

Posted By on Tue, Aug 20, 2013 at 1:13 PM


It's always amusing when people refer to Facebook as being this way-cool company on the cutting edge of technology, with the hip, young CEO -- "Zuck" -- at the helm.

Facebook is not cool, and Mark Zuckerberg is pretty much the opposite of hip -- he's not even nerdy-hip.

In terms of how it affects users, Facebook's technology is terrible. The company's enthusiasts are almost invariably marketing and biz-dev types, and maybe some finance guys (yes, nearly all guys). It's the rare actual tech person -- coder -- who is a fan of Facebook. They know better. So should we all.

Facebook might seem like the most personal company in the world because it helps us connect with family and friends. But as a company, it's highly impersonal -- no different from any heartless multinational corporation, and maybe worse than most. Zuckerberg doesn't care about Facebook users except insofar as he can sell them to advertisers. All ad-driven media companies sell their readers, listeners, and viewers to advertisers, of course, but the better ones recognize that users, as humans, need to be respected.

Not so Facebook -- one need to only review the litany of privacy abuses and arbitrary (and stupid) redesigns to know that. By contrast, Google is far from perfect in this regard, but that company in its early days meant it when it added "Don't Be Evil" to its list of corporate imperatives. It often falls short of that goal, but at least the goal is there. Google generally weighs what it does against the possible negative impact on its users (or perhaps more importantly, on its image). Facebook generally doesn't, and both its users and its image suffer as a result.

The latest example of this involves a Palestinian man, Khalil Shreateh, who discovered a vulnerability allowing him to post content to Facebook walls of people who were not his friends. He wrote to Facebook's security team, which offers a minimum of $500 to people who discover serious vulnerabilities. In broken-but-understandable English, Shreateh wrote: "the bug allow facebook users to share links to other facebook users , i tested it on sarah.goodin wall and i got success post."

In other words, he posted on the wall of Sarah Goodin, a friend of Zuckerberg's. His contact at Facebook, identified only as Emrakul in the emails Shreateh posted. Emrakul couldn't see Goodin's page, so Shreateh suggested that Emrakul create a dummy page for Shreateh to hack. As an alternative, Shreateh said he could do the same to Zuckerberg's page. In reply to Shreateh's second query, Emrakul wrote tersely, "I am sorry, this is not a bug."

So Shreateh posted to Zuckerberg's wall, sounding a bit like a LOLcat: "First sorry for breaking your privacy and post to your wall," he wrote, "i has no other choice to make after all the reports i sent to Facebook team." He provided details and links to his Web site for more information.

A big thank you from Facebook and a check for at least $500, right? Wrong. Facebook, its interest finally piqued, temporarily blocked his account as a "precaution" and immediately contacted him. The bug was quickly fixed. But no reward for Shreateh -- because, Facebook said, he had violated the site's terms of service! Facebook said that "exploiting bugs to impact real users is not acceptable behavior for a white hat. In this case, the researcher used the bug he discovered to post on the timelines of multiple users without their consent." The company did grudgingly admit that it slipped up in not taking him seriously. Facebook engineer Mark Jones took to Hacker News to reiterate the company's stance, and to pointedly refrain from expressing any appreciation toward Shreateh, who after all could have plastered all kinds of awful stuff on all kinds of profiles if he wanted to.

"So. Cool. Problem solved," concluded Gizmodo in what we must interpret as sarcasm.

But Facebook's overall problem is far from solved. This is a pattern we've seen over and over again: incompetence followed by arrogance followed by (if we're lucky) a grudging admission that it made a mistake. This is not the stuff of a way-cool company, it's the stuff of a very badly managed one.

  • Pin It

About The Author

Dan Mitchell


Subscribe to this thread:

Add a comment

Popular Stories

  1. Most Popular Stories
  2. Stories You Missed

Like us on Facebook


  • clipping at Brava Theater Sept. 11
    Sub Pop recording artists 'clipping.' brought their brand of noise-driven experimental hip hop to the closing night of 2016's San Francisco Electronic Music Fest this past Sunday. The packed Brava Theater hosted an initially seated crowd that ended the night jumping and dancing against the front of the stage. The trio performed a set focused on their recently released Sci-Fi Horror concept album, 'Splendor & Misery', then delved into their dancier and more aggressive back catalogue, and recent single 'Wriggle'. Opening performances included local experimental electronic duo 'Tujurikkuja' and computer music artist 'Madalyn Merkey.'"