Facebook is just a huge mess, really. The other day I was amazed at one particular scam that was so obvious, I decided to investigate. Someone made a page that promised a free iPhone 5 (even though there is no such thing) and had sent over 800,000 invites to people in 3 days. Over 20% answered, liked the page, and entered an email address in a form (as the fan page instructed). The wall was filled with comments like "I hope I win!" and such. There was even some people commenting on the fact that there is no such thing as an iPhone 5, and in every case the answer from other users was basically "who cares? what do we have to lose? it might be true"

Moral of the story? There's enough gullible people on Facebook for scammers to make money, regardless what measure Facebook puts in place.

It is better than that though.

You see you now not only have a list email addresses. You have a list of email addresses of gullible people. Pretty smart if you ask me.

What was the quote again? "Nobody ever lost money by overestimating the stupidity."

There's also plenty of people who "like" pages because somebody put a transparent like button over them.

Newsflash: There are enough gullible people EVERYWHERE for these things to work. This is not a new thing.

But now, we have one place to go to meet them all. People on craigslist are wary, otherwise it is not easy to get a group of gullible people all in one place.

There is literally an advertising industry with this fact at its foundation.

I do not see any problem here.

> [...] much of it configured to be available only to people on the user's list of friends.

And it was. People randomly accept friends and then have their data configured to be shared with them. In this case, the problem was not Facebook but was sitting in front of the computer.

I suppose it's a bit of a bigger problem than that since a lot of information on Facebook is shared with friends of friends.

Because of this it's not just a problem for the bad user (like my aunt on FB), but also all of their connections (like me and 300 other people).

True. But still, you can just set your privacy options to only share this stuff with first-level friends.

The real problem with Facebook is that they collect data about you, without you being able to control that data. Everything that people have in their smartphones about you, or that other people add about you on Facebook by other means (uploaded email address books, etc) is agregated into "your" profile, even if you don't actually have a profile on Facebook.

If anyone from Facebook is reading...You guys should add a "Do you know this person?" option to friend requests received from new accounts. If the amount of negative responses to the question surpass some threshold you flag the sending account as suspicious.

We have that: http://mkjon.es/friend.png. In addition to data from that, we also look at how many people click "not now" when someone adds them as a friend.

These signals (and a number of other factors) are taken into account when classifying if friend requests are spammy / malicious.

(I work on the anti-spam team at Facebook).

What is the difference (in practice) between clicking "not now" to an unwanted friend request, and simply ignoring it?

The problem is that that this is where Facebook's contradictions really appear.

The problem is that Facebook needs to both maintain the fiction that it's a network for only your "real life" friends to seem safe and keeping finding new friends to keep the interest up.

But the average person only has about 150 friends and they're either currently on Facebook or they probably never will be. So to get new friends, people have to friend "friends-of-friends", people sharing common interests, people with attractive photos and so-forth. But if Facebook were to really discourage non-real-friends, everyone's friend numbers would drop and the site's excitement level would start going down.

It is a weird kind of situation... Facebook is become more like "the regular Internet" how that works out will be interesting...

This is a composite of previous comments, someone should hack a " Facebook is dead " essay.

Cure to the present roberry 2.0 - gear up a homomorphic scheme[1] combined with a generative personal cloud[2].

The " personal " in PC was most important when C stood for computer. Next, it will be most important when C stands for cloud.

The other wall this epic bubble is going to run against sooner or later - as people wake up at an intuitive level :

"Well, since Moore's law makes computation really cheap, let's just give away the computation, but keep the data."[3]

All of this nightmare will be compounded by the stunning crap-storm about to emerge in economies world over.

[1] - http://crypto.stanford.edu/craig/

[2] - http://futureoftheinternet.org

[3] - http://edge.org/conversation/the-local-global-flip

The new privacy/group tools are a step towards helping solve that.

It's not perfect but with a little bit of organisation you can use the same FB account for random people, casual acquaintances and real friends without causing issues.

Hopefully this will only get better.

> You guys should add a "Do you know this person?" option to friend requests received from new accounts.

As long as the profile is a young attractive lady, that option will rarely be chosen.

There is already an "I don't know this person" option when declining friend requests as far as I've seen.

What Facebook does is to discourage people from adding people they don't know in the first place; evidently this hasn't worked. One interesting thing they used to do but don't anymore: back when they kept track of where people knew each other from, the dialog box for adding someone as a friend would ask where you knew them from, with a whole bunch of checkboxes. One was "I don't know them"; checking this would, rather than displaying boxes so you could enter more details, instead display the message "Then why are you adding them?", and change the "add friend" button to a cancel button. (I may have the exact details wrong there.)

Wasn't this LinkedIn instead?

They may have done this also, and I have no idea who was first, but Facebook definitely did this as well. (In particular, I've never used LinkedIn.)

They already do this.

Internet users opt in to providing their personal details on the internet and then knowingly accept connections from unknown parties, upset about "privacy breaches".

This, and more on News at 11.

Most people who'd be willing to accept random friend requests on Facebook probably have no idea that this even happened.

One major problem is that Facebook's privacy model for a long time was "trusted with everything"/"trusted with little", and the criteria for entering the inner circle was "the user adds you as a friend." Combine this will social pressure to reciprocate friend requests, and you have a mess.

I wonder what effect allowing assymmetric contacts will have. Will users get used to people "subscribing" to them without reciprocating, or will we all try to achieve the ultimate high score by "friending" everyone we can get ahold of?

Any estimate of the number of bots posing as people on facebook? Any way it could be like 100 million? Can facebook could prove or disprove either way?

Seems both advertising prices and their valuation are linked to this number, I'm curious what kind of due diligence has been done if social bots are as easy as article makes it sound.

"Within two weeks, 976, or about 19 percent of the requests, were accepted.

Of the 3,517 users who received the second round of requests, 2,079, or about 59 percent, accepted."

It seems to me that either people are really indiscriminate in who they accept as their 'friends', or the 'randomly selected "people"' were actually other socio bots :-D

Or people are more likely to accept a friend request when you already share a common friend on FB.

I'm guessing the profile pictures of the 'friends' weren't ugly people.

Funny how those stereotypical 'beautiful' pictures found on the internet are usually ugly.

I'm sure that's no accident. I suspect they're at the empirically determined sweet spot between 'beautiful/sexy' and 'loose/easy' for the maximum number of people to feel they'd both stand a chance with the person and actually would want to have sex with them.

I actually got one of these requests and reported it as a scam. One of the reasons I knew it was a scam was because the facebook picture came from one of the stockphoto websites.

Most of my FB contacts are "friend collectors", they would accept any request. Most of them have 1000+ "friends". I have no clue how they can even remember that many people, let alone have meaningful relationships.

I delete contacts that don't post anything interesting after my list grows beyond 50.

It makes you wonder what private data sources actually have of the facebook graph (Not including facebook). Does someone have the whole facebook social graph downloaded or a large portion?

At 500+ mil users with an average of 150 connections, you're looking at 500,000,000 * 150 / 2 = 3.75e10 edges. Assuming generously that each edge can be stored with a 4 byte unsigned int, you're looking at about 140 GB. I haven't seen any scrapes that even come CLOSE to that, an that's ignoring throttling and privacy controls.

Edit: more likely, you'd get the data as (id1, id2) pairs with 8 byte longs for each id. That's about 600 GB.

This is an ignorant question, but do apps have access to the social graph? If so, I'd assume the top game applications have a substantial portion.

You can get names and Facebook IDs of user's friends for anyone who signs in with your app. I don't believe you can fetch their friends through the API, so the game companies should have access to only edges in which one person uses a game.

The only way possible to download the whole FB social graph is to get permission to do so from every FB user. People can scrape public info but the social graph allows access to a users friends, friends of friends, likes, comments, checkins an so forth.

"Steal" is stretched thin here. People made their information public.

I am going to delete my facebook account this November 5. I encourage others to do the same.

Kinda obvious that Facebook is getting scraped up and down for all sorts of reasons. Wasn't there some "art" project of some guy guy who recently scraped millions of (public) profiles?

"used programming interfaces from ihearthquotes.com" seems to be down/unknown the the googles?

>Wasn't there some "art" project of some guy guy who recently scraped millions of (public) profiles?

Oh, it's amazing - http://openbook.org/

I think the grandparent post may have been thinking of this: http://www.sott.net/articles/show/223241 ('Dating' Site Imports 250,000 Facebook Profiles, Without Permission)

For the site linked in the parent post, it looks like the site uses the Facebook Graph API search function for public posts and then makes additional queries to show information about the creator of each post. Since you don't need a Facebook account to use it, I suspect they are making the queries via the server. They might be accumulating the profile photo data as they retrieve it, but it doesn't look any different than any other site that uses the server-side Facebook APIs.

It's a typo: iheartquotes.com is up.

Thanks! The site seems somewhat odd in relation to the story. Sure they have some API for pulling quotes, but using this for Facebook scraping seems a bit out of proportion.

The bots used the quotation site to generate dummy content, not for scaping.

Another way to do this is just to use the search method that's part of the Facebook Graph API (replace watermelon in the URL with your query) - https://graph.facebook.com/search?q=watermelon&type=post

You'd be surprised the amount of information that people post publicly.

wow, THIS is interesting.. and this is like 750 million people's posts :O

Is that stealing? Not to get into a "data wants to be free thing", it just seems like the automatic scraping of (effectively) public information, by an algorithm which can't be held to terms of use.

I don't think it's stealing, but it's certainly rude.

It's automated social engineering.

What if people begin to sell the data that they have gathered. Would it be illegal then?