This is a neat trick and reminds me of MCI codes from the BBS days. Basically, for a lot of BBS software (and usually enabled by default) visitors to your BBS when posting in discussion threads could insert escape characters (like "%UN") which at runtime would be replaced with metadata related to the person viewing the post at that time.
So, if I were to post "%UN's mother was a hamster and father smelled of elderberries" as part of a thread when I viewed it it would say "gfodor's mother..." etc. You could have first name, last name, etc, so with some creative thinking you could post fairly convincing posts that would trick people into thinking you were actually legitimately mentioning them.
I can remember many posts filled with angry replies from random users who went off the deep end when seeing that some random person on the BBS was trash talking them personally. Oops.
Edit: And for the curious, the purpose of these codes was usually for people creating assets for the BBS. For example, when designing your home screen (an ANSI text file, basically), inserting the codes made it so the home screen would reflect information on the logged in user. Usually when enabled the interpolation happened anywhere, not just in user defined assets. (Of course as BBS software got more mature these types of pranks were not possible with default settings.)
My favorite BBS hack was that on some standard RA configs, unless explicitly turned off by the sysop, you could save received messages to disk even if you were just a normal user. This meant that you could send a message to yourself, i.e. 'del . /q /s' (or whatever zapped your dos disk, I can't really remember.), and then save it to 'c:\autoexec.bat' ...
Other fun things where nailbombs, small .zip files that would expand to multiple gigs. When you uploaded those to early RA systems the virus scanner would attempt to unpack them and quickly fill up the entire disk, causing the BBS to grind to a halt.
Just to set any minds at ease after the initial shock:
The link I posted is just a generic bad id link that ends up redirecting to your own Facebook profile if you are currently logged into Facebook. Anyone logged into Facebook will see their own profile.
The link joering2 posted OTOH is actually to my Facebook profile. But:
A) I don't really care (anything I put on my Facebook profile is assumed to be 1000% publically available information anyway).
Interestingly, the string of numbers is a real user id. I presume it defaults to your own profile because facebook.com/profile.php goes to your own profile, and fb simply ignores the malformed parameters.
Nope, the trick is that he's skipping the "id=" part between the '?' and the user ID, so the param is not being passed properly and thus the link is processed as just 'profile.php' without params. The link https://www.facebook.com/profile.php?id=yaddayadda would work propperly.
Some times a benefit can be indirect and hard to see immediately. Being "technical correct" reduces complexity, which again reduces costs down the road. For example, it makes it easier for third parties to integrate with your service, to name one benefit.
It may never be clear for each individual feature, but violations compound to form a mess of unpredictability. Facebook generally appears to me as being a company with a very strong engineering culture and so it surprises me a bit that they would let something like this slip. Maybe I'm just not seeing the whole picture and it is a clearly thought-out tradeoff and not simply negligence.
Searching for '743264506' reveals that it is actually quite an old trick. And the poor chap whose facebook profile number it is doesn't seem to be a geek so he probably didn't invent it
Sure you could. But do a google search on this one and compare it with a google search for a random number of similar length. Besides you can see from the search that it is this number that is used quite often with this trick
I was just saying that it's interesting that this number has such a history. I didn't expect it. And from your first reply it seems you didn't either. It is a profile ID not a random number and it has been used multiple times for this exact trick
Funny thing is that when you try to post it on your facebook wall the preview shows your profile. But when somebody else clicks it it takes them to their profile
A great example that should remind people that it's probably best to assume that everything they say or do online (offline as well) is now (and forevermore) public. Assume that anything you say or do has the ability to be seen by anyone and everyone around the globe instantly - without any methods of recourse. The genie is out of the bottle.
Hence one should adapt one's own behaviour and act accordingly (that doesn't mean that you should get paranoid - just be more careful :).
There's no such thing as online privacy - privacy is dead.
It's better that the default for most things online is public since any privacy setting is just an illusion of security. Of course there are some notable exceptions to this (encrypted backup services that encrypt locally before backup), but for the most part if it's online and at least some other people can see it - everyone can see it.
It took me a loooong time to figure out how to do privacy and social networking at the same time, using only web technology. Actually it can't be provably private using web technology because you have to trust the server -- which is why we need this: http://news.ycombinator.com/item?id=2024164
using encryption it's completely possible to make any information exchange as secure as it can possibly be without accounting for humans on the other end leaking the information.
It doesn't have to be that way; it's very easy to lock down your facebook settings to friends-only. I think it's quite ridiculous that that's not the default. This pessimistic assumption you mention where anyone can see everything might be the safest, but it's just not how humans work. When you're surrounded by a bunch of friends (or their status messages), you don't assume the rest of the world is overhearing you as well.
As other readers have mentioned, your data is still owned by Facebook and subject to malicious intruders and the like. I just wanted to add that without any malicious intent, Facebook could intentionally or accidentally change your settings so certain information you had set to private is now public, without your consent and without any warning. Remember when Google exposed everyone's contacts through Google Buzz[1]? It's easy for someone to underestimate the difference between what you consider private data compared to what they do.
You are right about that option. But I find it prudent to always reduce the chance of a type 2 error and increase the chance of a type 1 error (http://news.ycombinator.com/item?id=4081972). It is best to assume the worst and trust nothing whilst acting probabilistically than to assume perfection/trust and act deterministically.
Hence, in this case, if you assume everything is public, you reduce the harm that can come to you when the trust you have in a service fails you (as it may well do). Just like an investor - take on risk, minimise uncertainty and price catastrophe correctly. This gives you the best of both worlds - risk priced in proportion to reward. You can have your cake and eat it too - if you only take a slice and no more.
As a completely off-topic side note: Since I was introduced to statistics, I always forgot which error was type 1 and which was type 2. I had to read your link to find out.
In code, "int errorType = 1;" would be a badly chosen variable :)
The expressions "false positive" and "false negative" reveal more semantics than "type 1" and "type 2", and are therefore much easier to remember.
You are correct, my apologies for explaining with improper terms - that's the curse of knowledge I suppose.
I quickly forget that the "map" in my brain is about 10 times more detailed than the vector representation I detail in my answer - and it often lacks ideas that may be critical to understanding.
I will use false positive/negative terminology from now on - apologies for the dense language and propagating difficult to comprehend terms - I'll try to stop doing that :D.
While I do agree that false positive and false negative are better names, they do have one shortcoming in comparison:
Classical statistics suffers from the inference problem, where instead of "tested positive for presence" you have to say "tested negative for absence". So a type I error is a false negative as much as it is false positive, which can get confusing.
I believe that when people say that everything on the internet is in the public domain they imply that even private data is subject to hackers and such. And if someone got root of Zuckerbergs cellar server (or, wait, somethig) they would be able to do what they wished with our data.
In principle it has always been so - whatever you do leaves an permanent imprint in people and things around you. It's just that the Internet is a new, much more efficient way to navigate and explore the Great Web of Causality. So what was true just in principle, now became true in practice.
I can't believe people are still publicly posting stuff about their bosses. Surely there has been enough press coverage about people getting fired for fb/twitter antics
Au contraire, regardless of whether or not it's wise to diss your boss online, the last thing we need more of is mass knee-jerk reactions to information over-reported by the press.
Well according to the Gervais principle, there are two likely possibilities here. If it's a Loser insulting his Clueless boss then he probably has little to lose and probably enjoys the risk of his boss finding out while sharing a good laugh with his friends. On the other hand if it's a Clueless insulting his Sociopath boss then, well, there's probably a good indicator of why he's stuck in the Clueless caste.
I think this is so naive. Sure a "good" boss probably won't be snooping on his or her employees. However, I'm pretty sure most bosses are humans and humans tend to snoop on each other
I have some doubts about the site's disclaimer: "I cannot be held responsible for any persons actions as a result of using this experiement."
If someone gets fired upon a comment you took out of context and put under "people who want to get fired" then I wouldn't bet the above statement as your best line of defence in a lawsuit.
That's a terrible disclaimer. You can't just disclaim your way out of statutory liability.
There's probably nothing to worry about with re-publishing an already public fact, but the cases where errors are made e.g "I'd hate to be my boss" filled under "People who hate their boss", the casual reader may be confused (some might say mislead).
The solution is just to keep people informed, so your disclaimer may say something like: "the information on this site is automatically collected from public posts to Facebook. Posts are classified automatically, and as such our classification of their sentiment may be inaccurate."
Also, just in case one of the Facebook posts says something defamatory, hate speech, etc. you can gently remind people that you didn't write, edit, or approve of the content so "are not responsible for the content of messages".
You know what? Use that same GET method from the about page, mine for certain words, display analytics on a dashboard next to a stream and you've probably just put a few social media "consultants" out of work.
Reminds me on the who-is-not-at-home syndication from Facebook and Twitter. Even so these are scary, I really think they provide excellent privacy teaching moments. Hope you are going to keep this up for some time and enhance it with other categories.
Maybe because they never consciously chose to make it public; that's simply facebook's default and IMO it's counter-intuitive that social interactions are made public.
This could have been done a little more sophisticated. Now it seems nothing more than some basic text searches.
For instance two people saying "Not Hungover AT ALL, I love these mornings" and "Hungover !" respectively are both in the hungover section. And in the doing drugs section there was one guy who was happy he actually quit.
That's a nontrivial problem to solve. Consider "I avoided becoming hungover again!". In other words, you'd have to do a full semantic analysis and get the scope of negations right. I hear that current sentiment analysis techniques use a heuristic by looking for a nearby negation.
Reading the comments I understand that it grabs public facebook data if you are logged, right ? Since I am currently logged and can't see any of my data it means that my facebook profile isn't public (or at least the data this page fetches aren't public) ?
The page doesn't display any info/statuses related to my fb profile or any of my fb friends. From my point of view it is just displaying random fb results obtained by keyword related searches performed against the fb public data accessible via fb API. As far as I am concerned and aware of nothing in my profile is public.
It's simply displaying public data that has been scraped before-hand (so nothing to do with your own profile). It abuses the fact the people's profiles are public by default, something that people are probably not aware of.
I'm guessing the site is making an API call to pull each user's thumbnail. Remember, your capped at 350 API requests per hour per APP ID. You should cache image links to avoid all the broken image icons.
The point isn't that it's uninteresting to you, the point is that it may very well be interesting to stalkers, bosses, insurance companies, thieves, exes, "lost" relatives, arsonists, mother stabbers, father rapers, litterbugs, jaywalkers, identity thieves, nosy neighbors, and other undesirables.
It's a thought experiment. Along the lines of
YOU DOLTS, YOU REALLY SHOULDN'T BE PUTTING ALL THIS STUFF OUT HERE!
On a purely ideal level I agree with you (the fact that at any time someone has been fired from their job for expressing personal opinions on non-company time does not sit well with me..), but the reality of it is, how many of these people do you think know that their info is on this site and/or accessible to quite literally anyone in the world? Of the people that know that, how many of them do you think understand the implications of that openness?
I've got a fantastic idea: Why don't you make a list of all the pages on the internet that don't interest you, and then tell HN about it. Then I can use that as the starting point for my list.
This guy for example:
http://www.facebook.com/profile.php?=743264506