The Facebook Data - 全民監督

Security concerns over Facebook have been raised yet again after a security consultant collected the names and profile URLs for 171 million Facebook accounts from publicly available information. The consultant, Ron Bowes, then uploaded the data as a torrent file allowing anyone with a computer connection to download the data.

Simon Davies a representative of the U.K.-based privacy watchdog Privacy International accused Facebook of negligence over the data mining technique, according to the BBC. Facebook, however, told the British news service that Bowes actions haven't exposed anything new since all the information Bowes collected was already public.

Ron Bowes, a security consultant and blogger at Skull Security, used a piece of computer script to scan Facebook profiles listed in Facebook's public profile directory. Using the script Bowes collected the names and profile URLs for every publicly searchable Facebook profile. All together, Bowes said he was able to collect names and Web addresses for 171 million Facebook users. That's a little more than a third Facebook's 500 million users. (Click image above to zoom)

Bowes compiled this list of text into a file and made it available online as a downloadable torrent.

The Pirate Bay lists 2923 seeds and 9473 leechers for the torrent file at the time of this writing. Seeds are people who have downloaded the entire file and are uploading to others. Leechers are actively downloading the file.

That depends on who you ask. Facebook points out that some of the data Bowes collected was already available through search engines like Google and Bing. The entire data set is also available to any user signed into Facebook. So the data was already publicly available, and nobody's private Facebook data has been compromised. Nevertheless, this is the first time that 171 million Facebook profile names have been collected into one set of files that can be easily analyzed and searched by anyone.

As Bowes pointed out in a blog post, someone could use this data as a starting point to find other publicly available user data on Facebook. After all, you have to wonder how many of these 171 million Facebook users have publicly exposed e-mail addresses, phone numbers and other information on their profiles?

It has been proven time and again that the more a bad guy knows about you the greater your security risk is. Collecting personal data allowed a French hacker to steal confidential corporate documents at Twitter. Researchers were alarmed when Netflix wanted to release anonymous user data including age, gender and ZIP code for the Netflix Prize 2. Security researchers said the data dump by Netflix was irresponsible since it is possible to narrow down a person's identity just by knowing their age and ZIP code. The contest was eventually canceled. One Carnegie-Mellon study also found a flaw in the social security numbering system that could allow a sophisticated hacker using data mining techniques to uncover up to 47 social security numbers a minute.

From your Facebook profile dashboard click on 'Account' in the upper right hand side of your dashboard. Select 'Privacy Settings,' and then on the next page under 'Basic Directory Information' click on 'View Settings.' You should see a page similar to the image above. If the first listing called "Search for me on Facebook" is set to "Everyone." Then chances are, your name and profile URL are in the torrent file. (Click image to zoom)

You should also check to see if external search engines like Google and Bing are indexing your profile. To do this go back to your main privacy settings page, and at the bottom click on the "Edit Settings" button next to "Public Search." On the next page, if the "Enable public search" check box is ticked then search engines are indexing your profile. To stop this just uncheck the box and then click on "Back to Applications."

If you were not in the public directory Bowes says your name is not in the torrent file. However, you could be exposed to similar data mining techniques in the future. Bowes says that if any of your Facebook connections have made their friends lists public then your profile could easily be found through data mining your friends' profiles.

The biggest concern isn't so much about your name and profile URL being exposed. The greater concern, for you anyway, is the publicly available information contained on your profile page.

To protect yourself, you may want to reconsider your current privacy settings. To do that visit your Facebook profile's Basic Directory Information page by following the steps listed above or just click here.

On the top right of the page you should see a button that says "Preview My Profile." Clicking that button will show you all the information you make public on Facebook. Data you may want to consider hiding includes your hometown, birth date, age, phone number, current city and e-mail address.

So what do you say? Is Bowes' data dump making your rethink your Facebook profile settings or are you not concerned?

通過Facebook的安全憂慮已再次提出後，安全顧問收集了171萬Facebook帳戶的姓名和個人資料的網址，從公開的信息。顧問羅恩·鮑斯，然後作為一個torrent文件允許任何人與計算機連接下載數據，上傳數據。

英國的隱私看門狗隱私國際的代表西蒙·戴維斯指責Facebook的數據挖掘技術在疏忽，據英國廣播公司。然而，臉譜，告訴英國新聞服務，寶行動沒有暴露任何新自寶收集的所有信息已經公開。

那麼，什麼是安全風險？你應該擔心嗎？讓我們一起來看看。

哪些數據被收集？

安全顧問和在頭骨安全博客，羅恩寶，用一塊計算機上運行腳本來掃描Facebook的公共配置文件目錄中所列的Facebook的概況。使用腳本寶收集為每個公開搜索Facebook的個人主頁上的姓名和個人資料的網址。總之，寶說，他是能夠收集到171萬Facebook用戶的名稱和網站地址。這一點比第三Facebook的500萬用戶。（點擊上面圖片以放大）

他做了什麼數據？

寶編譯成文本文件的列表，它可在網上作為一個可下載的洪流。

有多少人下載的洪流？

海盜灣列出torrent文件，在寫這篇文章時2923種子和9473 leechers的。種子下載整個文件，並上傳給他人的人。 leechers正在積極下載文件。

這是一個大問題嗎？

這取決於誰你問。 Facebook的指出，數據寶收集的一些已經通過搜索引擎，如谷歌和Bing。整個數據集，也可到Facebook簽署任何用戶。這樣的數據已經是公開的，和任何人的私人Facebook數據已經失密。然而，這是第一次，1.71億Facebook的個人主頁上的名字已被收集到一組，可以很容易地分析和搜查任何人的文件。

惡意黑客可以使用這些數據？

作為寶在博客文章中指出，有人可能使用這個數據作為一個起點，Facebook上找到其他可公開獲得的用戶數據。畢竟，你要知道這些171萬Facebook用戶中，有多少公開e-mail地址，電話號碼和其他信息對他們的個人資料嗎？

它已被證明的時間，再一個壞傢伙，你知道您的安全風險就越大。收集個人資料，允許一個法國黑客竊取企業機密文件，在Twitter。研究人員感到震驚，Netflix的時候要釋放匿名用戶數據，包括年齡，性別和郵政編碼為Netflix的獎2。安全研究人員表示，通過Netflix的數據轉儲是不負責任的，因為它可以縮小一個人的身份，只知道他們的年齡和郵政編碼。比賽最終被取消。一個卡內基 - 梅隆大學的研究還發現，在社會安全號碼系統的漏洞可能允許一個複雜的黑客使用數據挖掘技術發現47社會安全號碼一分鐘。

我怎麼知道我的名字，如果在數據轉儲捕獲？

從您的Facebook的個人主頁上的儀表板儀表板的上部右側點擊“帳戶”。選擇“隱私設置”，然後在“基本目錄信息上點擊下頁”視圖設置“。你應該看到一個類似上面的圖片頁。如果上市首稱為“搜索Facebook上的”我的設置“每個人。”然後有機會，你的名字和個人資料的網址是在torrent文件。（點擊圖片放大）

您還應該檢查看，如果外部的搜索引擎如Google和Bing的索引您的個人資料。要做到這一點回到你的主的隱私設置頁面，並在上點擊底部的“修改設置”按鈕旁邊的“公眾查閱。”在接下來的頁面，如果勾選“啟用公共搜索”複選框，然後搜索引擎索引您的個人資料。為了制止這種取消選中該框，然後點擊“返回到應用程序。”

我的名字是不是在公共目錄中，我應該關心？

如果不是在公共目錄中寶說，你的名字是不是在torrent文件。然而，你可能會接觸到類似的數據挖掘技術在未來。鮑斯說，他們的朋友，如果您Facebook的連接，然後列出了公共您的個人資料，可以很容易地發現通過數據挖掘你的朋友的個人資料。

我能做些什麼來保持我的私人信息？

最大的擔憂是沒有這麼多，您的姓名和個人資料的網址被暴露。更大的關注，你無論如何，是您的個人資料頁上所載的公開信息。

為了保護你自己，你可能要重新考慮你當前的隱私設置。要做到這一點，訪問您的Facebook的個人主頁上的基本目錄信息頁面，上面列出的步驟，或者只需點擊這裡。

在頁面的右上角，你應該看到一個按鈕，說“預覽我的個人信息。”點擊該按鈕會告訴你你讓公眾Facebook上的所有信息。數據，你可能要考慮隱藏你的家鄉，出生日期，年齡，電話號碼，當前城市和e-mail地址。

所以，你說什麼？ Bowes的數據轉儲是使你重新考慮你的Facebook的個人主頁設置或者是你不關心嗎？