http://www.schneier.com/blog/archives/2010/01/privacy_violati.html
apparently any facebook employee can click a button, type "possible compromised account" and log in as whatever account they want! :)
Are there actually any social networking sites that don't have some sort of access to the database like that?
i don't understand your question. of course social networking sites have access to that database, how would they be a social networking site? i was talking about the employees.
That's what i mean too...I just sort of assume that all the content is accessible by employees in some fashion or other. Also happens to be why I dont' use them.
You mean like content moderators?
An ethical social networking site should make private info unaccesible.
You're saying the procedure for evaluating "possible compromised accounts" has been excessively streamlined, such that any employee can "evaluate" said accounts without need for any other check or balance?
Quote from: Faust on January 21, 2010, 01:07:37 AM
You mean like content moderators?
I suppose so..i mean i just don't feel comfortable with those sites since there's too many middle people between me and my recipient. If the possibility for PI to be observed is out there, chances are it will probably be abused in some way.
Quote from: Burns on January 21, 2010, 02:04:15 AM
Quote from: Faust on January 21, 2010, 01:07:37 AM
You mean like content moderators?
I suppose so..i mean i just don't feel comfortable with those sites since there's too many middle people between me and my recipient. If the possibility for PI to be observed is out there, chances are it will probably be abused in some way.
It was a question, if Administrators can do it ok. But if any of the multitude of content moderators can do this freely I'd be really worried, I've heard of them snooping on their friends/girlfriends/bosses and thats without the ability to log into their accounts.
PROTIP: If you have information you consider personal, DO NOT POST IT ON FACEBOOK... OR ANYWHERE ON THE INTERNET!
Quote from: yhnmzw on January 21, 2010, 01:41:38 AM
You're saying the procedure for evaluating "possible compromised accounts" has been excessively streamlined, such that any employee can "evaluate" said accounts without need for any other check or balance?
I mean, click the link and read the article, then make up your own mind :roll: Look, I'm willing to post a short summary with a link, or sometimes an extract, but if you need your information regurgitated to you, ask someone else.
Quote from: Slanket the Destroyer on January 21, 2010, 04:36:13 AMPROTIP: If you have information you consider personal, DO NOT POST IT ON FACEBOOK... OR ANYWHERE ON THE INTERNET!
Why thank you, Captain Obvious ... Good advice that is completely missing the point, however.
Quote from: Faust on January 21, 2010, 02:06:00 AM
Quote from: Burns on January 21, 2010, 02:04:15 AM
Quote from: Faust on January 21, 2010, 01:07:37 AM
You mean like content moderators?
I suppose so..i mean i just don't feel comfortable with those sites since there's too many middle people between me and my recipient. If the possibility for PI to be observed is out there, chances are it will probably be abused in some way.
It was a question, if Administrators can do it ok. But if any of the multitude of content moderators can do this freely I'd be really worried, I've heard of them snooping on their friends/girlfriends/bosses and thats without the ability to log into their accounts.
Indeed. And I get from the article the idea that it's not even just content moderators, but just about any "engineer".
And while I applaud the fact that Facebook instantly fires people whenever such abuse is discovered, I'd rather have them fix their protocols so that there can not be any abuse, or at least that the number of trusted* people is as small as possible.
*in security terminology "trusted" is defined as "capable of causing security breach".