Web 2.0 is pretty cool and has gone a very long way to change the Web and how we use it. Social Media for better or worse has tagged along for the ride and regardless of your feels about individual services sites like Facebook and Twitter have forever changed how we interact, both on the Web and off of it.
The problem is that they are all inherently insecure when it comes to how our data is handled. The primary reason is that the very reason that sites like Facebook make their money by encouraging you to share as much of yourself as is possible. In many cases this means either making the privacy setting so obscure as to cause the click through syndrome or they are the very barest of options.
This of course leads to much of your data and activity being available to just about anyone who wants to work at it a little bit.
In fact it is incredible at just how easy it is to do this sort of thing, not to mention that in most cases if done right isn’t illegal. Case in point is the news out today via the Thinq blog on one such person, Rick Bowes of Skull Security, who has managed to collect the information of over 100 million people on Facebook and then post it as a 2.8 GB file on a torrent site. This means that anyone can download it and peruse all that account information to their heart’s content.
The 2.8GB torrent was compiled by hacker Ron Bowes of Skull Security, who created a web crawler program that harvested data on users contained in Facebook’s open access directory, which lists all users who haven’t bothered to change their privacy settings to make their pages unavailable to search engines.
Bowes’ directory contains 171 million entries, relating to more than 100 million individual users – more than one in five of Facebook’s recently trumpeted half billion user base.
The file contains user account names and a URL for each user’s profile page, from which details such as addresses, dates of birth or phone numbers can be accessed. Accessing a user’s page from the list will also enable you to click through to friends’ profiles – even if those friends have made themselves non-searchable.
And the thing is, as I pointed out, there is nothing illegal about what he has done.
Someone want to tell me again why these social sites are such a fantastic idea?