Here's my concern, right? I'm worried about much more info than simply email and phone number. A few years ago, I downloaded my Facebook data, and they had information on me that I never told them or anyone outside of family, so there's no way they should have access to that. That is the info I'm worried was leaked, and Have I Been Powned is not going to tell me if any of that info got out.
@26, obviously without revealing the exact nature of said data, mind telling us what sort of information specifically they were able to collect? I'm incredibly curious, and also slightly concerned.
Where can you download your facebook data?
Discord: MatthewSmithYT #4496
@26: I think those sites also help with that, since I think if your E-Mail address and phone number return negative (no breached accounts) there, all the other info associated with that data on Facebook should be safe, or am I missing something here?
If you say you never lie, you're a liar.
#30 (edited by Dan_Gero 2021-04-06 21:49:44)
In terms of miner things they have books and Movies/TV shows that I watched as a kid, though I'm not sure how they know those things were specifically bought for me. Books from the library make sense because they'd be under my name, but my mother and father bought our movies so how they managed to find that out is beyond me. The only way they could have seen that is by scraping my profile here on the forum as I recall mentioning a few times that I love Spongebob and Finding Nemo. This is the only place on the internet that I recall bringing that up though. If that wasn't creepy enough though, one thing I'm certain they have is my card information. They require you to set up a card for money transfer using Messenger, and they don't allow you to connect it to Paypal. I had to use Messenger a few times to transfer money to and from my father on multiple occasions before I had access to Apple Pay. I'd have to download my data again, but I'm certain they have that info so I confess that has me a little worried. There could be more info on that page I don't remember as well, which is potentially scarier. It’s also worth mentioning that I checked the website mentioned above, and it said my information has been compromised, so I’m definitely sure about that. Exactly what information was leaked is what I don’t know.
I may go to jail for downloading the data if i would have committed crimes before and would be under watch or something, but i don't thing downloading that data with a vpn/another server via transmission and then sftping it on to my mac will even expose the fact i downloaded the data.
My ultimate example of a person who got the XP source and facebook data, and who also shown both of these off on youtube, is mental outlaw, checkout his channel BTW.
Yeah, but considering how I own the VPN that you want to use for that, they can trace it back to me and I could get in legal trouble for that.
#33 (edited by Dan_Gero 2021-04-06 22:52:25)
Plus, they can look at the forum topic and put 2 and 2 together quite easily even if I hadn’t said anything about you using my VPN, because I know exactly why you want to do this, and I've seen the topic and replied to it so they would know that I know. Now that I mention it, I think the admins are well within their rights to say something to authorities if they decided to go that rout. You're my friend Stasp, and I did say I wanted you to download the data to make sure personal data from myself and my family didn't get breached, but at the same time I fear the potential consequences for doing this. There's a very blurry line of morality here as well, and when it comes to crossing the line I'm not sure if I feel comfortable. I could suggest a VPN to use and possibly help you pay for it, but that's as far as I feel comfortable going.
@30, your thinking too narrowly. Facebook is first an ad network. They sell data and buy it from others. They probably didn't even need to scrape the forums -- Google probably knows what movies you watched and FB bought the info from them. The majority of info that FB has on you was probably purchased from 3rd-parties and collected based on hints you left on your timeline and replies to others.
Well, working with such datasets from time to time I can tell you that its not safe that downloading those datasets is actually illegal. In fact, lawyers differ on that topic. Just for the curious people out there, refer to this link for more details, although most of has already been covered within this topic and its not as up-to-date, but AFAIK the same laws are active today.
@35, I didn't know the scene was so divided. I wasn't sure, so I'm assuming its illegal, because that's the common sense conclusion. If I'm wrong, then that's okay, but from all that I've read about privacy laws, possessing PII from someone who you didn't get consent from to begin with is illegal, so I view this case in the same vane -- you've downloaded the torrent and therefore are in possession of PII from individuals who you *didn't* ask. You just acquired the data.
I would think it wasn't illegal unless you distributed or used it. Pii comes out of being PII when it is freely available on the internet. If you hacked a server and got it sure, but this data is widely available.
Things like this are the reason why Tim Berners-Lee wants to recreate the web. If you don't know who he is, he was essentially the creator of the worldwide web in the first place. he now has a project that is seeking to completely rewrite how data privacy works so that things like our data can't get into the hands of companies like this, and therefore wouldn't pose a problem in the hacking department. Now, I am not really sure how realistic it is to think that he will succeed in that department. After all, with how complicated the web has become since its creation, I don't know how possible it would be to even start untangling that net. But hell, if he can create the web, I can't say it is impossible either. Maybe one of these days we will come upon a time when we have complete control over our data.
@37, right, but wouldn't the fact that the data was published unlawfully make downloading it also unlawful?
@39, No I don't think so. Now again, I haven't looked into it enough to really say for sure. But if I am not mistaken, which I very well could be, you technically couldn't be charged for just downloading it. I still want to look into it because now this has my curiosity peaked, but that is my thought at the moment. I will check back in if I find anything of use or interest.
39, I think it would depend on the case. I wouldn't think think if it would be unless you made special eforts to distribute the files. Distributing them could likely be viewed as continueing the crime. An example in Turkey someone found an exposed 6 mb or so sized Excel file from the family and social policies ministry which contained huge PII, including full addresses, disability percentage, birth place/date, ID numbers, and currently resided city. Someone posted this on a group of more than a thousand members, and multiple people, including myself downloaded the file to check if they were included, and what information was accurate, since it was a dump from about 4 years back from that time. Now that person who decided to let everyone know about this could've gotten in trouble, both by assisting in the crime, and giving people access to the data.
I have a really stupid question:
If it is at least in a very grey area to have data from these kinds of leaks, how do websites like haveibeenpwned.com a) get the data in the first place and b) how is that okay?
If you say you never lie, you're a liar.
42, yeah that is a good question. As they download all these data dumps, and index them.
Not like they haven't already sold your data to the highest bidder anyway... Every day we get new reasons why not to use Facebook and every day people seem to forget or lapse into "but why should I care?"
There's a lot to Ethin's earlier point. The largest demographic of Facebook users are Millennials (between the ages of 25-34), many of which have probably been using it since 2008 to keep in touch with friends and family. It also can't help that they provide one of the most popular outlets for business marketing in the form of facebook pages and targeted advertising now.
If I'm not mistaken, social plugins track your activity if you happen to be logged into your facebook account, and make inferences about you if not. Few realize the shear magnitude of personal information they're exposing by making a google search and clicking on an article ridden with sharing widgets and adds while logged into all their accounts.