Facebook


'Facebook' Articles Page 2

Millions of Facebook Records Exposed on Amazon Cloud Servers

Millions of Facebook records were found on publicly accessible Amazon's cloud servers by researchers at UpGuard, a cybersecurity firm, reports Bloomberg. The data was uploaded by third-party companies that work with Facebook. Mexico City-based media company Cultura Colectiva, for example, was storing 540 million records on Facebook users on Amazon's servers, offering up information that included identification numbers, comments, reactions, and account names. A now-defunct app called At the Pool shared sensitive data like names and email addresses for 22,000 Facebook users. Facebook did not leak this data, but it did provide the data to the third-party companies that went on to improperly store it with no oversight from Facebook. For years, Facebook provided extensive customer information to advertisers and partners, and while the company has since cracked down on the amount of data it shares, the previously obtained information is still widely available."The public doesn't realize yet that these high-level systems administrators and developers, the people that are custodians of this data, they are being either risky or lazy or cutting corners," said Chris Vickery, director of cyber risk research at UpGuard. "Not enough care is being put into the security side of big data."Facebook's prior data sharing habits allowed any app on the site to obtain information from the people using the app and their friends in many cases, which led to the scandal that saw Cambridge Analytica illicitly using personal data acquired from Facebook to create targeted political

Facebook Stored Hundreds of Millions Passwords in Plain Text, Thousands of Employees Had Access

Facebook today announced that during a routine security review it discovered "some user passwords" were stored in a readable format within its internal data storage systems, accessible by employees. As it turns out, "some user passwords" actually means hundreds of millions of passwords. A Facebook insider told KrebsOnSecurity that between 200 and 600 million Facebook users may have had their account passwords stored in plain text in a database accessible to 20,000 Facebook employees. Some Instagram passwords were also included, and Facebook claims many of the passwords came from Facebook Lite users. Facebook says that there's no "evidence to date" that anyone within Facebook abused or improperly accessed the passwords, but KrebsOnSecurity's source says 2,000 engineers or developers made around nine million internal queries for data elements that contained plain text user passwords. Facebook employees reportedly built applications that logged unencrypted password data, which is how the passwords were exposed. Facebook hasn't determined exactly how many passwords were stored in plain text, nor how long they were visible. Facebook plans to notify users whose passwords were improperly stored, and the company says that it has been looking at the ways certain categories of information, such as access tokens, are stored, and correcting problems as they're found. "There is nothing more important to us than protecting people's information, and we will continue making improvements as part of our ongoing security efforts at Facebook," reads Facebook's blog post.

Facebook CEO Mark Zuckerberg Outlines 'Vision and Principles' for Building a 'Privacy-Focused' Social Networking Platform

Facebook CEO Mark Zuckerberg this morning penned a new missive outlining the company's plan to create a "privacy-focused messaging and social networking platform." Facebook's new privacy-focused platform, which will see its core apps overhauled, will, according to Facebook, be built around principles that include private interactions, end-to-end encryption, ephemeral messages, safety, interoperability, and secure data storage. Zuckerberg says that its services will be rebuilt "around these ideas" over the course of the next few years, and that as Facebook implements these changes (to both Facebook and Instagram), the company will be "taking positions on important issues concerning the future of the internet." These changes will be implemented "openly and collaboratively, and Zuckerberg points out that many people likely won't believe Facebook is able to build such a privacy-focused platform.I understand that many people don't think Facebook can or would even want to build this kind of privacy-focused platform - because frankly we don't currently have a strong reputation for building privacy protective services, and we've historically focused on tools for more open sharing. But we've repeatedly shown that we can evolve to build the services that people really want, including in private messaging and stories.The rest of Zuckerberg's article goes into more detail about each of the core principles that Facebook will be building its social networks around. For Messenger and WhatsApp, Facebook will focus on making them "faster simpler, more private and more secure"

Facebook Messenger Dark Mode Fully Rolling Out in 'Coming Weeks'

Over the weekend, it was discovered that Facebook had hidden a "Dark Mode" toggle in the latest version of FaceBook Messenger. On Monday Facebook confirmed the release of the hidden feature but also promised a full roll out in the "coming weeks." Dark mode in Facebook Messenger can be enabled by sending a crescent moon emoji in Messenger. Facebook describes the process as "Simply send a crescent moon emoji – 🌙 – in any Messenger chat to unlock the setting and prompt to turn on dark mode." That said, many have found they may need to force quit Messenger or even reinstall it for the Dark mode to activate. There's been no word on a dark mode coming to Facebook proper. Facebook also demonstrates that you can improve the look of your chats by tapping on the name, and selecting a custom color or gradient.

Some iOS Apps Sending an Alarming Amount of Data to Facebook and Most Users Are Unaware

It's no secret that Facebook is harvesting incredible amounts of data on all of its users (and some that don't even use the service), but what may come as a surprise is just how detailed and intimate some of that data is. A report from The Wall Street Journal takes a look at some of the apps on iOS that provide data to Facebook, with that info then used for advertising purposes. Instant Heart Rate: HR Monitor, for example, the most popular heart rate app on iOS, sent a user's heart rate to Facebook right after it was recorded in The Wall Street Journal's testing. Flo Period & Ovulation Tracker, which has 25 million active users, tells Facebook when a user is having a period or is intending to get pregnant. Realtor.com, meanwhile, provides Facebook with the location and price of listings that a user viewed. With Flo in particular, it says it does not send this kind of sensitive data in its privacy policy, but then goes ahead and does so anyway. Many of these apps are sending this data without "any prominent or specific disclosure," according to The Wall Street Journal's testing. Facebook collects data from apps even if no Facebook account is used to log in and even if the user isn't a member of Facebook. Apps are sharing this data to take advantage of Facebook analytics tools that allow them to target their users more precisely with Facebook ads. Apple does not require apps to disclose all of the partners that they share data with, and while certain personal information can be blocked, like contacts or location, more sensitive data, like health and

Apple Shut Down All of Facebook's Internal Apps When Revoking Enterprise Certificate [Update: Fixed]

Facebook is no longer able to use or distribute important internal iOS apps after Apple disabled the Enterprise Certificate Facebook was abusing to surreptitiously gather data from iOS users right under Apple's nose. Since 2016, Facebook has been paying teens and adults $20 per month to install a data gathering "Facebook Research" app that harvested all kinds of sensitive details from participants. Facebook abused its enterprise certificate to get customers to install a "Facebook Research app Apple had already banned Facebook's attempts to gather data through the Onavo VPN app, so Facebook used its enterprise certificate - provided to companies to install and manage internal apps for employees - to get participants to sideload the Facebook Research app, bypassing the App Store and Apple's oversight. Facebook yesterday said that it was not violating Apple's enterprise rules, but as it turns out, Facebook was wrong. Apple this morning revoked Facebook's enterprise and said the social network had clearly violated the Enterprise Developer Program.We designed our Enterprise Developer Program solely for the internal distribution of apps within an organization. Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple. Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.Facebook's revoked certificate wasn't just used for the Facebook Research app.

Facebook to Shut Down Controversial iOS Market Research App as Apple Revokes Certificate [Updated]

Facebook has said it will end a controversial market research program in which the company paid users to install a mobile app that tracked their activity and data. In a statement given to TechCrunch and other websites, the company said that its "Facebook Research" app, which paid volunteers between the ages of 13 and 35 up to $20 a month to access nearly all their data, would no longer be available on iOS. The news came just hours after TechCrunch's exposé on the Facebook app, which used an enterprise certificate on iPhones to get people to sideload the app and skirt Apple's App Store rules. In the same announcement, the company also took issue with the way its "Project Atlas" program had been reported, claiming: Key facts about this market research program are being ignored. Despite early reports, there was nothing 'secret' about this; it was literally called the Facebook Research App. It wasn't 'spying' as all of the people who signed up to participate went through a clear on-boarding process asking for their permission and were paid to participate. Finally, less than 5 percent of the people who chose to participate in this market research program were teens, all of them with signed parental consent forms.In August 2018, Apple forced Facebook to remove its Onavo VPN app from the ‌App Store‌ because Facebook was using it to track user activity and data across multiple apps, which is a violation of Apple's ‌App Store‌ policy. According to TechCrunch, a significant amount of code in the banned Onavo VPN app overlaps with the company's Facebook Research app, which

Facebook Paying Teens $20/Month to Install Data Harvesting VPN App on iPhones

Apple in August 2018 forced Facebook to remove its Onavo VPN app from the App Store, because Facebook was using it to track user activity and data across multiple apps, something that violate's Apple's ‌App Store‌ policies. As it turns out, Facebook has found an underhanded way to skirt Apple's rules and get people to continue installing its VPN -- paying them. TechCrunch this afternoon exposed Facebook's "Project Atlas" program, in which Facebook paid people -- adults and teenagers -- to install a "Facebook Research" VPN that is similar to the Onavo VPN app. As of 2016, Facebook has been secretly offering people aged 13 to 35 up to $20 per month along with referral fees to sideload the Facebook Research app using an enterprise certificate on iPhone. Enterprise certificates like this are designed to allow companies to distribute internal corporate apps and give full root access to a device. To hide its involvement, Facebook has been using beta testing services like Applause, BetaBound and uTest to recruit participants to install Facebook Research. By getting people to sideload an app this way through an enterprise certificate, Facebook has access to data that includes private messages in social media apps, chats from instant messaging apps (including photos and videos), emails, web searches, web browsing activity, and ongoing location information. It's not clear if Facebook is accessing this data, but it could, according to security researcher Will Strafach, who TechCrunch consulted for this piece."The fairly technical sounding 'install our Root

Mark Zuckerberg Plans to Make Facebook Messenger, Instagram Messaging, and WhatsApp Interoperable

Facebook CEO Mark Zuckerberg is planning to integrate three disparate messaging services -- Facebook Messenger, Instagram messaging, and WhatsApp -- into one "underlying messaging infrastructure" (via The New York Times). Facebook Messenger These services will continue to operate as their own standalone apps, but the company's work will make them interoperable with one another. This means that a Facebook user could send an encrypted message to someone who only has a WhatsApp account, and vice versa. The company is still in the early stages of the unification, with plans to be finished by the end of 2019 or early 2020. According to sources familiar with the plans, Zuckerberg's idea is the newest effort to keep people within the Facebook ecosystem, and off of rival texting apps like iMessage. Mr. Zuckerberg has also ordered all of the apps to incorporate end-to-end encryption, the people said, a significant step that protects messages from being viewed by anyone except the participants in the conversation. By stitching the apps’ infrastructure together, Mr. Zuckerberg wants to increase the utility of the social network, keeping its billions of users highly engaged inside its ecosystem. If people turn more regularly to Facebook-owned properties for texting, they may forgo rival messaging services, such as those from Apple and Google, said the people, who declined to be identified because the moves are confidential. In an official statement, Facebook said it's "working on making more of our messaging products end-to-end encrypted and considering ways to make it

Facebook Stories to Get Experimental Event Planning Feature

Facebook has revealed plans to start testing a way for users to "share the events" they are interested in and "coordinate to meet up with friends" using its Stories feature, according to The Verge. The test will roll out to Facebook users on iPhone and Android smartphones in the United States, Brazil, and Mexico. The report outlines how the feature will work:The stories will come with tappable stickers for revealing event details, and friends can toggle themselves as “interested” or “going” to the event right from within the story. There’s also a link to the event page built in and a way to start a group chat on Messenger with friends who responded.Facebook Stories have a reputation of being unpopular, but Facebook remains a popular platform for planning events like birthday parties, so this test could attract more people to start using Facebook Stories. Back in September, Facebook did say its Stories features have a combined 300 million daily users across its Facebook and Messenger apps, which is quite a surprising stat, as Facebook Stories appear to be far less popular than Stories on Instagram or Snapchat based on our anecdotal

Apple Hires Prominent Facebook Critic for Internal-Facing Product Privacy Role

Apple has recruited a former Facebook employee who went on to become one of the social network's most ardent critics, reports The Financial Times (paywall). Sandy Parakilas monitored the privacy and policy compliance of Facebook developers for 18 months before leaving the social network in 2012. Sandy Parakilas talking to Bloomberg During his time at the company, Parakilas felt his concerns about its data-sharing policies were downplayed, according to FT. Last year, following the Cambridge Analytica scandal, Parakilas also gave evidence to the British parliament's digital, culture, media, and sport committee, and told MPs that Facebook's data protection practices were "far outside the bounds of what should have been allowed" between 2010 and 2014. Mr Parakilas has urged the tech industry to improve its data protection practices, increase the use of encrypted messaging and "verify the truth of statements that can be viewed by millions of people". "We now live in a world where racist demagogues and their dictator buddies can cynically exploit our tools to seize power," he wrote in a blog post in late 2016. "There is no such thing as a 'neutral platform'. Facebook, Twitter and Google all profited from this perversion of democracy."According to FT's sources, Parakilas will work in Apple's privacy team as a product manager, an internal-facing role designed to ensure that new products in development protect users' privacy and minimize data collection. Apple has made much of its privacy focus in recent years. In 2018, CEO Tim Cook singled out user privacy a "core

Facebook Uses IP Address and Other Info to Deliver Location-Based Ads Even When Location Options are Disabled

If you've noticed Facebook continuing to deliver location-based ads even with all location services disabled, you're not alone, and that's because Facebook continues to use data like your IP address to determine your location for ad delivery purposes. Facebook's lack of an option to disable location tracking for ad targeting was highlighted in a Medium post shared today by Aleksandra Korolova, assistant professor of Computer Science at USC. Korolova noticed that Facebook was continuing to provide location-based ads even after she disabled Location History, turned off the location services option for Facebook on her iOS devices, and removed her city from her profile. She didn't upload photos, tag herself at certain locations, or check in, nor does she allow WhatsApp, Instagram, and Facebook Messenger to access her location.Nevertheless, Facebook showed me ads targeted at "people who live near Santa Monica" (which is where I live) or "people who live or were recently near Los Angeles" (which is where I work). Moreover, I have noticed that whenever I travel for work or pleasure, Facebook continues to keep track of my location and use it for advertising: a trip to Glacier National Park resulted in an ad for activities in Whitefish, Montana, a trip to Cambridge, MA -- in an ad for a business there, and a visit to Herzeliya, Israel -- in an ad for a business there.As it turns out, and as Facebook explains on its ads page, it is collecting location data based on "where you connect to the Internet" and "where you use your phone," aka your IP address, Wi-Fi, and Bluetooth

Mark Zuckerberg Says Apple's iMessage is Facebook's 'Biggest Competitor by Far'

Facebook CEO Mark Zuckerberg on Tuesday singled out Apple's iMessage mobile messaging service as Facebook's "biggest competitor by far." (via CNBC). The comments were made to investors during an earnings call for the company's third quarter performance, in which the Facebook CEO admitted the social platform was losing out to iMessage in "important" territories like the U.S., where iPhone sales are highest. "Our biggest competitor by far is iMessage," Facebook CEO Mark Zuckerberg said in an earnings call on Tuesday with investors, referring to the messaging service built into the iPhone and other Apple products. "In important countries like the U.S. where the iPhone is strong, Apple bundles iMessage as a default texting app and it's still ahead," he said.The Facebook chief said the company had identified a shift in the way users are communicating, with many transitioning from publicly shared content to private messaging, thanks to services like Messenger, WhatsApp, and Apple's iMessage. Zuckerberg also responded to vehement criticism from Apple CEO Tim Cook about companies that use people's personal information as a business model for profit. "It's worth noting that one of the main reasons people prefer our services, especially WhatsApp, is because of its stronger record on privacy," Zuckerberg said. "WhatsApp is completely end-to-end encrypted, does not store your messages, and doesn't store the keys to your messages in China or anywhere else. And this is important because if our systems can't see your messages, then that means that governments and bad actors

Facebook Rolling Out Redesigned Messenger App With Simplified Interface and Customizable Chat Bubbles

Facebook today announced that it's rolling out a redesigned, simplified version of the Messenger app on a global basis starting today. Messenger 4, as Facebook is calling it, will refocus on conversations, making it easier to navigate through the app. Instead of nine separate tabs, there will be three tabs, with conversations quickly accessible through the "Chats" tab. Quick access to the camera for sharing photos and for video chats is also included in the Chats tab. In the new "People" tab, Messenger users will be able to find friends, see who is active, and watch people's Stories, while the new "Discover" tab will let users find businesses to get deals, play games, follow news stories, and more. Conversations with people can be customized using color gradients. With color gradients, multiple colors can be used for chat bubbles, and the colors will change as you scroll up and down a conversation. According to Facebook, the new Messenger app will roll out to customers "over the coming weeks" so not everyone will have access to the refreshed design right away. In the near future, Facebook also plans to roll out a Dark Mode that will cut down on glare from the phone at

Hackers Accessed Data From 29 Million Facebook Users

Two weeks ago, Facebook announced that it discovered a security breach allowing hackers to steal Facebook data from millions of accounts, and today, Facebook shared further data on just what was accessed. To get the Facebook data, hackers took advantage of a security flaw in the social network's "View As" code, a feature designed to let people see what their profile looks like to someone else. The Facebook access tokens that hackers were able to obtain are basically digital keys that allow people to stay logged in to Facebook. According to Facebook, hackers used a set of accounts that they controlled that were connected to Facebook friends. An automated technique was used to move from account to account, allowing them to collect access tokens in September 2018. Hackers were able to obtain timeline posts, friend lists, groups, and the names of recent Messenger conversations from an initial 400,000 people. People in this group who were Page admins of a Page that had received a message from someone on Facebook had the content of their messages stolen. After stealing data from the 400,000 people attacked first, Facebook used their friends list to steal access tokens for approximately 30 million people. For 15 million people, attackers were able to access name and contact details that include phone number and email address. For 14 million people, hackers were able to access the same information as well as other data that includes username, gender, location, relationship status, religion, hometown, current city, birthdate, device types used to access

Facebook Launches 3D Photos Feature That Uses Portrait Mode Images From iPhone

Facebook today announced the launch of a new 3D photos feature that uses the Portrait Mode feature of the iPhone and other smartphones with dual lens cameras. Facebook manipulates the Portrait Mode photo to display the scene in 3D, using the depth information between the subject in the foreground and the background. Whether it's a shot of your pet, your friends, or a beautiful spot from your latest vacation, you just take a photo in Portrait mode using your compatible dual-lens smartphone, then share as a 3D photo on Facebook where you can scroll, pan and tilt to see the photo in realistic 3D--like you're looking through a window.According to Facebook, 3D photos can be uploaded by starting a new post, tapping on the three dots for more options, and choosing the 3D photo option. Facebook has several tips for creating ideal 3D photos using Portrait Mode, including choosing scenes with a clear difference in depth between the subject and the background, taking advantage of high contrast, and capturing images with some texture. All Facebook users can view 3D photos in the News Feed and via VR starting today, with the ability to create and share 3D photos rolling out to all users over the coming

Facebook Debuts Video Conferencing Device 'Portal' Starting at $200

Facebook today announced "Portal," a new communications device for the home aimed at connecting friends and family members through video chat. There are two models of Portal: the 10-inch base model and a 15-inch "Portal+" model with a display that pivots between portrait and landscape modes. Each device includes AI technology, a Smart Camera, and Smart Sound. The Smart Camera follows where you move around a room and automatically pans and zooms to keep everyone in view, while Smart Sound minimizes background noise and enhances the voice of who is talking. Portal connects to your friends list on Facebook Messenger, and you can call them even if they don't have a Portal. Calls made via Portal will also be sent to Messenger apps on iOS and Android smartphones, and Portal supports group calls of up to seven people at the same time. The video calling device supports hands-free voice control, so you can start a video call by saying "Hey Portal" and following up with who you want to call. Alexa is built into the device, so you can also ask about the weather, news, traffic, control smart home products, and more on Portal. With Portal, you can listen to music together with a friend or even watch a television show with another Portal user, through connected partnerships with Spotify Premium, Pandora, iHeartRadio, Facebook Watch, Food Network, and Newsy. Portal video calls also support AR effects, filters, and stickers. In terms of audio, Facebook says Portal has two full-range drivers, while Portal+ has two tweeters with high-range frequency and a single 4" bass

Instagram Testing Feature That Would Provide Location History to Facebook

Facebook-owned social network Instagram is testing a feature that would allow location data collected by Instagram to be shared with Facebook, reports TechCrunch. A prototype Location History feature being tested within Instagram suggests that Location History data collected when Location Services is turned on in the Instagram app will be used to bolster Facebook's ad targeting. From the setting:Allows Facebook Products, including Instagram and Messenger, to build and use a history of precise locations received through Location Services on your devices.The feature was discovered by a TechCrunch reader who often digs into new functionality that Instagram is testing. Instagram's Location History test option collects GPS coordinates even when the app is not in use and adds them to Facebook's Activity Log, which is explained in a "Learn More" button within the Instagram app: "Location History is a setting that allows Facebook to build a history of precise locations received through Location Services on your device. When Location History is on, Facebook will periodically add your current precise location to your Location History even if you leave the app. You can turn off Location History at any time in your Location Settings on the app. When Location History is turned off, Facebook will stop adding new information to your Location History which you can view in your Location Settings. Facebook may still receive your most recent precise location so that you can, for example, post content that's tagged with your location. Location History helps you explore what's around

Facebook Uncovers 'Security Issue' Affecting Nearly 50 Million Accounts

Facebook this morning announced that its engineering team on Tuesday discovered that hackers have exploited a vulnerability in its code, allowing hackers to steal Facebook access tokens for almost 50 million accounts. According to Facebook, hackers took advantage of security flaws in its "View As" code, which is a feature designed to let people see what their profile looks like to someone else. The Facebook access tokens that were stolen are digital keys that allow people to stay logged in to Facebook. This attack exploited the complex interaction of multiple issues in our code. It stemmed from a change we made to our video uploading feature in July 2017, which impacted "View As." The attackers not only needed to find this vulnerability and use it to get an access token, they then had to pivot from that account to others to steal more tokens.It is not clear whether the accounts affected were misused or have had information accessed at this time, and Facebook does not know who executed the attacks. Facebook says that the vulnerability has been patched at this time, and authorities have been informed. Facebook has reset the access tokens of the nearly 50 million accounts that were affected along with another 40 million accounts that have been subject to a "View As" lookup in the last year. Customers who have been logged out of their apps will receive a message about what happened once they log back in. While a security review is conducted, Facebook is turning off the "View As" feature that was used for the hack. Facebook says that it is "sorry this

Instagram Expected to Become 'More Tightly Integrated' With Facebook After Photo App's Founders Leave Company

Instagram co-founders Kevin Systrom and Mike Krieger have left Facebook, explaining in a statement this week that they are taking some time off to "explore our curiosity and creativity again." According to people familiar with the matter speaking to Bloomberg, Systrom and Krieger are leaving due to growing tensions with Facebook CEO Mark Zuckerberg. Mike Krieger and Kevin Systrom at Instagram In recent months, Zuckerberg is said to have become more involved in the day-to-day work going on at Instagram, and "more reliant on Instagram in planning for Facebook's future." Facebook acquired Instagram in 2012, and up until now Systrom and Krieger had been able to keep the photo-sharing app's brand independent from Facebook while using the larger social network's resources to expand. With this year's Cambridge Analytica scandal, it's believed that Zuckerberg and Facebook are now leaning into Instagram's success as Facebook faces ongoing struggles. Facebook has even started talking about Instagram more often in its earning calls, with Zuckerberg recently stating that Instagram grew twice as fast being in the Facebook family as it could have on its own. Internally, Instagram employees said this was "unnecessary and unprovable." Adam Mosseri, who came from Facebook's news feed team to be head of product for Instagram in early 2018, is the most likely successor for Systrom and Krieger. Through all of this, Facebook is predicted to "more tightly integrate" Instagram into the larger company, making Instagram less independent than it is now. Without the founders around,