I was at a party once with Facebook employees and they were telling stories about how they would spy on who visited who's profiles. They thought it was so funny, they could "tell" who had a crush on who. I deleted my account as soon as I got home. Vile company.
Wouldn't surprise me. Everyone clutches their pearls and hits the downvote button as soon as you mention the Zucc quote, but has there really been any evidence that the company culture has matured away from "They Trust Me - Dumb fucks"?
Absolutely not. I'm no friend of Zucc, but the graph is protected by a permission system that won't show almost anything for employees without a making a request including legitimate business reason, for a limited time and scope, and managerial approval.
what i understood is that "showing up on their suggested friends list is creepy, and it's an information leak". the way i read that is that they would prefer not to show when someone visited their profile. and that's what i consider creepy.
After getting scammed on Facebook Marketplace, I look at the profiles of sellers, particularly if they don’t have much in way of reviews. That seems more prudent than creepy to me. I’m not stalking anyone and I’m not looking to be their friend.
Is there a better way to do seller verification? It does seem like an information leak to me. Craigslist and eBay don’t share my identification as a potential buyer. I don’t love the marketplace being tied to a social network, but it’s what many people are using these days.
sure, showing up on suggested friends is weird. the way linkedin does it makes more sense: "these people have viewed your profile". i was picking up on hiding it outright. while that may be justified in your case, it's also reasonable to let them know.
the only people i would really not want to find out that i look at their profile are spammers and scammers (oh, and stalkers).
so both sides have a fair reason. so guess, if you can, choose the social network that works the way you prefer.
> found Meta to have inadvertently stored certain passwords of social media users on its internal systems without encryption, and fined it €91m (£75m)
WTF? I thought that on 2010 already people were diligent enough to avoid even sending the password and instead just hashed it locally before even sending it.
That is not standard even today. The main threat is in transit over the network, which https/TLS solves, but obviously this won’t stop error traces or logging on the server from including request bodies.
If you do hash locally (not sure I’ve seen any big players do this), you also need to be hashing server side (or else the hash is basically a plain text password in the database!)
That said, I’m not sure why companies don’t adopt this double hashing approach. Complexity maybe? I know it could limit flexibility a little as some services like to be able to automatically attempt capitalization variations (eg. caps lock inverse) on the server. Anyways in 2026 we should all be using passkeys (if they weren’t so confusing to end-users, and so non-portable)
Extremely doubtful to have occurred in the past 10 years. It's pretty much impossible to access anything on the graph without a business reason and managerial approval.
I was at a party once with Facebook employees and they were telling stories about how they would spy on who visited who's profiles. They thought it was so funny, they could "tell" who had a crush on who. I deleted my account as soon as I got home. Vile company.
Tesla employees talk about recordings of people fucking in cars around the watercooler
Wouldn't surprise me. Everyone clutches their pearls and hits the downvote button as soon as you mention the Zucc quote, but has there really been any evidence that the company culture has matured away from "They Trust Me - Dumb fucks"?
Are they able to see these data of whichever user whenever they want with no trails at all??
It certainly sounded like it, or that no one cared about the trails since they thought it was so hilarious.
Absolutely not. I'm no friend of Zucc, but the graph is protected by a permission system that won't show almost anything for employees without a making a request including legitimate business reason, for a limited time and scope, and managerial approval.
Wouldn’t it be nice if the scope of what you witnessed was limited to that one company…
What other companies have the scope of Meta(-stasis) FB?
Google, since you asked.
But the point is: Facebook attracts these employees, it doesn’t breed them.
Microsoft (Teams).
Hope the host checked thoroughly for missing property after everyone left, because I wouldn't put it past a metamate.
That must have been a long time ago. Nowadays there are a lot of safeguards and that's one of the things that gets you fired right away.
Nowadays when you visit someones profile you show up on their suggested friend list. Creepy or cute, a deliberate information leak.
viewing someones profile without them knowing is not creepy?
It is creepy, that's what they're saying.
what i understood is that "showing up on their suggested friends list is creepy, and it's an information leak". the way i read that is that they would prefer not to show when someone visited their profile. and that's what i consider creepy.
After getting scammed on Facebook Marketplace, I look at the profiles of sellers, particularly if they don’t have much in way of reviews. That seems more prudent than creepy to me. I’m not stalking anyone and I’m not looking to be their friend.
Is there a better way to do seller verification? It does seem like an information leak to me. Craigslist and eBay don’t share my identification as a potential buyer. I don’t love the marketplace being tied to a social network, but it’s what many people are using these days.
sure, showing up on suggested friends is weird. the way linkedin does it makes more sense: "these people have viewed your profile". i was picking up on hiding it outright. while that may be justified in your case, it's also reasonable to let them know.
the only people i would really not want to find out that i look at their profile are spammers and scammers (oh, and stalkers).
so both sides have a fair reason. so guess, if you can, choose the social network that works the way you prefer.
I keep reading same statements here for past 10+ years, every time some similar fuckup @fb happens. Every. Single. Time.
0 trust in that company, 0 trust in its employees.
Yes, in a "never_do_this_or_you_will_be_fired" kind of way
> found Meta to have inadvertently stored certain passwords of social media users on its internal systems without encryption, and fined it €91m (£75m)
WTF? I thought that on 2010 already people were diligent enough to avoid even sending the password and instead just hashed it locally before even sending it.
That's never been standard. Passwords in log files is a common issue, crazy you can get fined 8 digits for it.
That is not standard even today. The main threat is in transit over the network, which https/TLS solves, but obviously this won’t stop error traces or logging on the server from including request bodies.
If you do hash locally (not sure I’ve seen any big players do this), you also need to be hashing server side (or else the hash is basically a plain text password in the database!)
That said, I’m not sure why companies don’t adopt this double hashing approach. Complexity maybe? I know it could limit flexibility a little as some services like to be able to automatically attempt capitalization variations (eg. caps lock inverse) on the server. Anyways in 2026 we should all be using passkeys (if they weren’t so confusing to end-users, and so non-portable)
if you hash locally isn't that effectively like using private/public keys but less secure? might as well use the real thing then.
This would've been an embarrassing security lapse in 2007. In 2024(?) it's despicable.
Extremely doubtful to have occurred in the past 10 years. It's pretty much impossible to access anything on the graph without a business reason and managerial approval.
Can managers access it without managerial approval?
Even if they could, the purpose of safeguards are still to ask at least for a business reason and be logged, no matter your rank or approval
and this is the case for every member of the company? even mr sugarmountain?
What a creep.
What is it that Zuck called people who trusted him? Oh right
Dumbfucks