This week I’ve been writing about the cyberstalking activities of Judd Bagley on behalf of the Deep Capture website funded by Patrick Byrne, CEO of Overstock.com. In a nutshell, Byrne and company published a list of their enemies, which essentially includes journalists, bloggers, and hedge fund managers who think Overstock.com is a massive failure and aren’t afraid to talk about it.
The enemies list published this week included all the Facebook friends of these enemies, in an apparent attempt to demonstrate the conspiracy to manipulate the stock market these alleged conspirators are involved in.
To gather these lists, Judd created a fake Facebook profile under the name Larry Bergman, with a fake picture and profile data to go with it. He then proceeded to “friend” the various enemies so he could access their friend lists and publish his story.
But he found out a little too late that all that work wasn’t necessary, as Facebook has a fatal privacy flaw which exposes members’ information in a way most don’t know about. (Yes, Judd is now trying to pretend that he didn’t get the friends lists of the enemies with the fake Facebook profile. He’s trying to pretend that he got the lists via this privacy flaw. Another Bagley lie. How shocking.)
Facebook has a bunch of privacy settings that users can adjust to make portions of their profiles and data viewable by some people, but not viewable by others. Think you have your privacy under control? Guess again.
Facebook makes your friends list public to anyone who can login to the site, whether they’re on your friend list or not. That’s right…. your friends list is publicly available, and you probably had no idea this was the case.
UPDATE 1: I’ve done some testing, and can’t quite figure out what privacy settings allow your friends list to be seen publicly and which don’t. I’m suspecting that there is an issue with the “new” privacy options versus the “old” privacy options. I’m wondering if those people who have remained under the old options are more protected?
I had my friends list locked down, according to the Facebook privacy options, and yet anyone could see it. However, others on Facebook who have their friends lists locked down have really had them hidden. No one can see their friends lists outside of their friends.
UPDATE 2: A reader suggested that by not allowing your profile to appear in search results, that solves the problem of the public friends list. He suggested going to Settings->Privacy Settings->Search and making it so that you do not appear in search results. I did this, and my friend list was still showing up with the public URL. I’m still thinking that this is an issue with old versus new privacy settings.
All you need to view the friend list of just about anyone on facebook is a login and their friend ID. The link to the public friend list is something like this http://www.facebook.com/friends/?id=*********, with the asterisks replaced with their numerical ID.
The folks at Facebook have been making lots of noise about all the privacy options users now have available to them, but apparently forgot to mention that your friends list isn’t private at all, no matter what your settings are. And when you’ve got cyberstalkers like Judd Bagley and Patrick Byrne on the loose, who wants their friends list publicly available??? (And if you want more information on the cyberstalking crusade, check out this article at Huffington Post. Make sure you scroll down so you can see several updates Diane Tucker has made.)
How do you deal with this? The only solution that exists as I write this is to deactivate your account. The unfortunate result is that you won’t be able to participate on Facebook at all. Your friends will probably think you “unfriended” them, as they won’t be able to see that you’ve just deactivated your account until Facebook gets its privacy act together.
I realize that the whole point of social networking is to create connections and share information. Privacy settings get in the way of that. Sure, the most information would be shared if everyone’s profile was completely public. But that’s not what users want. They want to be able to limit who can access their data, and I think that’s smart. Too many people expose too much private information on the internet.
Until Facebook takes action and makes their privacy options truly private (i.e. makes your friends list truly private if that’s the setting your choose), I suggest you deactivate your account. It’s the only way to fully protect yourself and your friends, as well as to force Facebook to make this change.