Quantcast

WebProNews IT Team Confirms Facebook “Leak” Not Much of a Story

Torrent Has Nothing Other Than Public Data

Get the WebProNews Newsletter:
[ Social Media]

Facebook has put a lot of people on edge about privacy in recent months, and while some of it may be legitimate concern, a lot of the discussion is simply getting blown out of proportion.

You’ve probably read about the infamous "leaked" list of user names this week, that a security researcher shared in a torrent. A bunch of companies have reportedly been downloading the info leading to some unnecessary paranoia. Our own IT department took a look at that torrent, and there’s really nothing to get freaked out about. It just contains data that’s already public (170,879,858 URLs by our count), as the "leaker" Ron Bowes told BBC News.

The biggest file is called facebook-urls.txt. The top of the file looks like this (with "xxxxx" representing the unique number associated with the accounts):

http://en-us.facebook.com/people/-/xxxxxxx
http://en-us.facebook.com/people/-/xxxxxxxx
http://en-us.facebook.com/people/-/xxxxxxx
http://en-us.facebook.com/people/-/xxxxxxxxx
http://en-us.facebook.com/people/-/xxxxxxxxxx

Eventually, once you get past the dashes, they start looking like this (where the "xxxx" represents people’s names):

http://en-us.facebook.com/people/A-xxx-xxx-xxx/100001172054083
http://en-us.facebook.com/people/A-xxxxxx-xxxxxxxx/100000816806409
http://en-us.facebook.com/people/A-xxxxxx-xxxxxxxxxxxxxxx-xxx-xxxxxx/643427473

"So you could figure out somebody’s name from the profile URL, but that’s really about it,” our IT manager says. "Anything else, you’d have to actually go to the URL and crawl it."

And of course, these people are already in the Facebook Directory anyway, as Bowes noted. There’s no other information.

From the README file included in the torrent, here are the list of all the files:

Filname                            Description
————————————————————————-
facebook.rb                     The script used to generate these files (v1)
facebook.nse                    The script that will be used for the second pass (v2)
facebook-urls                   The full URLs to every profile
facebook-names-original         All names, including duplicates
facebook-names-unique           All names, no duplicates
facebook-names-withcount        All names, no duplicates but with a count
facebook-firstnames-withcount   All first names (with count)
facebook-lastnames-withcount    All last names (with count)
facebook-f.last-withcount       All first initial last name (with count)
facebook-first.l-withcount      All first name last initial (with count)

Bowes said that collecting the data was in no way irresponsible and likened it to a telephone directory. On top of that, there’s not any info to distinguish people with the same names apart from one another.

Facebook has also confirmed that the info in the list was already freely available online, and that "no private data is available or has been compromised."

This article from the Telegraph claims that the torrent contains info like profile pictures, lists of friends, etc. Our team says that’s not true and that you’d have to re-crawl the profile URL in order to get that data.

The bottom line is that the info in the torrent is public info, just like any other personal info that is published publicly on the web that’s out there for Google, Yahoo, Bing, or any other crawler to index. Essentially, all that’s really in the torrent is big list of URLs. Whoa!

The companies downloading the torrent for whatever purposes they have in mind, would probably be better served to just look at the directory. Facebook has a lot more users than 170,879,858.

WebProNews IT Team Confirms Facebook “Leak” Not Much of a Story
Top Rated White Papers and Resources
  • http://www.xdra-design.com Oliver

    Nobody is forced to use facebook, myspace or other networks. It’s up to ourselves, how much of our privacy we wanna give away.

  • Guest

    Personally in my opinion Bowes had no right to do what he did. It was not his right to put 100 million people at risk just to prove a point. Fortunatley he has not put anyone at risk but he should still have not done this in the first place. It is solely each individuals responsibility for what is seen or not seen on any social networking site. If you want to put yourself out there for everyone online then that is your choice. I dont, therefore I am safe but what about peeps who dont read the small print as it were, or go for the default settings set by facebook for example. What about children who sign up for social networking sites. You wouldnt ask your child to go out on the street and say his name , address, phone number etc to anyone passing by. It is surely your legal right to keep your information private if you so wish.

    • Chris Crum

      This information was already in the Facebook directory. Publicly available. And Bowes’ file was only a fraction of FB’s user base.

  • http://viktoriamichaelis.com Viki

    The information provided on Facebook – and all other social websites – is the information that users enter themselves. If someone has a problem with their private information then they simply shouldn’t enter it in the public domain. The only thing which might be of interest to a social researcher is to see who is linked to whom and where friendships across borders have sprung up but, again, each individual chooses their own linked friends.

    Viki
    viktoramichaelis.com

  • http://www.delishibusiness.com Arwen Taylor

    I always say, if you don’t want millions of people looking at it, then don’t put it online. It doesn’t matter what you have your account set to. There will always be people trying to get at your personal information. So don’t put anything online that you would not want anyone to see.

  • http://www.worldtravelingartist.com/about Alexander

    Paranoid people shouldn’t really be on social networks. Period.

  • Riley

    @ oliver

    and if you use Facebook, you gave it all away

  • http://africatopforum.com africa

    Well, most of us know that total privacy can’t totally gurantee.

  • http://www.deafjapan.net yudik

    I always say, if you don’t want millions of people looking at it, then don’t put it online. It doesn’t matter what you have your account set to. There will always be people trying to get at your personal information. So don’t put anything online that you would not want anyone to see

  • Join for Access to Our Exclusive Web Tools
  • Sidebar Top
  • Sidebar Middle
  • Sign Up For The Free Newsletter
  • Sidebar Bottom