Facebook’s latest security blunder is a complete disgrace.
Facebook knows it, which is why the man in charge took a call with reporters on Friday to give the first, patchy explanation of multiple bugs which exposed 50 million people’s information. Apparently, Zuckerberg sounded tired. He should have sounded desperate.
The company waited for the news to filter out before revealing in a second call that, actually, the hack was much worse than anyone thought. It’s possible that the breach also affected services where a person uses their Facebook identity to login, such as Tinder, Spotify, and Airbnb. At this point, no one knows precisely how much data hackers took off with, although it’s clear they would have had full access to victims’ profiles.
The company’s attitude is roughly equivalent to writing the shrug emoji and the caption “sux 2 b u.” In a call with reporters, Facebook didn’t willingly volunteer that its security breach might actually be much bigger than anyone thought — it took a question from Slate journalist Will Oremus to tease that out.
Here’s the relevant part of the transcript, highlighted:
There’s lots about the attack we don’t know at this point, but one thing is clear: It would not be unjust for Facebook to have many billions wiped off its value. The potential scale of this hack is more serious than Cambridge Analytica.
Even if the hackers miraculously stole very little, the fact it ever happened at all to a company entrusted with two billion people’s information is astonishing. And it is all down to the company’s early, hacky approach to growth and its apparently boundless greed.
Facebook was too eager to own people’s identities across the web, and now it should pay the price
Around 2010, there was a battle for our collective online identity. Everyone knows that trying to remember account names and passwords for every site you use online is unfeasible. So one solution was either to use a password manager, or a trusted site like Google and Facebook to log in instead.
As an example, here’s a screenshot of Spotify’s sign-up page. It shows just how easy it is to log in with Facebook rather than fill out a long tedious form:
The tactic worked. According to Quartz, citing statistics from identity firm Janrain, Facebook became the most popular sign-in choice by a long shot.
The deal for the user was that they didn’t have to remember countless logins. The deal for a service like Spotify was that users had a frictionless sign-up, meaning faster growth. And, as ever, the deal for Facebook was more data — specifically knowing what their users were up to on websites that weren’t Facebook.
Was it really worth giving Facebook all that data, in exchange for an easier sign-up process? Especially since Facebook so clearly can’t be trusted to manage that information? Friday’s news suggests not.
Security experts and journalists have been warning for years that giving internet giants this much access to our online lives is risky. This is how comedian Baratunde Thurston put it in Forbes. He was writing about Twitter, but the same could apply to any big tech firm:
“Now I need Twitter to log in to the Washington Post’s comments section, where I express my anger about the latest plot twist on Fox’s Empire. If I never used Twitter again, I’d still be a Twitter user, because the company is like the school janitor with a fat ring of jangling keys to various doors in my online life.”
Users should be outraged that Facebook, after lobbying so hard for those jangling keys, massively profited from their information while making a paltry effort to protect it. The company doesn’t deserve billions of users’ trust, and the only way to effect change is to leave in droves.