?

Log in

Previous Entry | Next Entry



Okay - this is freaky [Update, I think I've partly figured this out - but it's still scary and possibly worse - see below]

One of Facebook's more-fun features (I find) is the 'Suggestions Friends' page, wherein Facebook looks at your friends and who they friend and looks for patterns that suggest people that you might know and want to friend. When it works, it's really good - and when it's bad, it is occasionally amusing. So like I say, it's fun.

Recently, they've also added a 'Suggestions' box to the main Facebook page which simply displays one of the recommendations in the same format and changes it when the screen refreshes.

Okay, that's enough background. Today, hand-coding for partially script-generated HTML pages was breaking my brain, so I was taking a five minute Facebook break (as people do) when the following popped up on my main Facebook page:



At this, I went *boink* but then thought for a moment. "Now, this is surprising, but not impossible" You see: Angela Melick draws a webcomic called Wasted Talent that I'm a regular reader of (really - it's very good) but I'm pretty sure Facebook doesn't know that. Eeek.


Okay - deep breath. I have other friends who are into or actually create, webcomics. It's not impossible that one of them has friended her and that that's what Facebook is picking up on. Okay, check this - go to Ms Melick's profile and check for mutual friends.



Buh?

Now that qualifies as spooky. I know that she has a seperate group for followers of the comic and keeps her main page to people she knows in real life - so I'm not actually surprised that there's no overlap. And I'm not a friend of her group or any of the other fan groups on there.

So how did Facebook make the connection?

Perplexed, I refreshed the page a couple of times to see if this was a freak error. A few refreshes later:



Now I know Facebook is screwing with me. Samantha Cherolis draws another webcomic: Random Assembly (Also very good - really, you should check these guys' comics out) Again, we have no friends in common:



...and she doesn't even have an 'followers group'. Facebook really doesn't know that I follow this person.

So how the hell are they pulling out this connection?


By this point I was seriously re-evaluating the semi-paranoid rumours I've heard about the alleged link between Facebook and the American FBI. Did I dare go down that mental  that rabbit-hole, was it true? But if so, then why would they make it obvious? It made no sense.

Then the penny dropped and it rasies different questions.

One thing both comickers have in common is that I've corresponded by email with them in the purchase of books and similar. And I let Facebook look at these once a few weeks back as part of its "Find people you know on Facebook via their email' feature. But that's supposed to be a one-off deal: It checks the list against the (normally hidden) emails and then dumps the list.

If it isn't dumping the list, it needs to flag this in b-i-i-i-g letters. If Facebook didn't keep the list, then how is it connecting us now? 

Hm, Except... Except that if Facebook did keep the list, then why did it only find them now and not at the time? These two guys are showing up pretty frequently in my 'Suggested' box, I'm pretty damn sure that they didn't show-up in the list of suggestions from Facebook that were generated as a result of the email list and I've checked my full page of suggestions (including the extras that don't appear until you start removing suggestions from the list) a few times since then (Look - it was a lunchtime at work - okay?)

Suggesting that Facebook kept my email results and two people that I know, and are in the same field, both decided to update their emails at roughly the same time and they both added emails that they've advertised on their respective websites for several years, but apparently hadn't added to Facebook a few weeks previously...

...is stretching credulity more than a bit. But that's the only answer.

I'm almost certainly missing an important piece of the puzzle, but I'm otherwise ferklempt here.

[ Update: See next post - Aha! What's actually happening: http://eponymousarchon.livejournal.com/121522.html - (Hint: Naughty Facebook, no cookie.)]


Comments

( 3 comments — Leave a comment )
tackline
Jun. 26th, 2009 10:52 pm (UTC)
For a while, I had a load of easyJet ads. I suspect *they* collaborate with other sites through cookies+webbugs to track us.
eponymousarchon
Jul. 1st, 2009 01:31 pm (UTC)
Boneist suggests similar in the next entry. I'm not given to conspiricy paranoia (I've had my skeptic's shots) but the sum total of this is concerning.
quaestor23
Nov. 23rd, 2009 04:14 pm (UTC)
Please read all my mail? No thanks.
Sorry I can't understand why people give their webmail password out to other sites. It's like giving root access to someone who wants to chown a file. ie you are giving away WAY more power than the task actually requires.

An approach adopting the precautionary principle would be to dump your addressbook, from where you can add candidate email addresses to Facebook's Foe Finder or whatever. For the vast majority of people this is likely to amount to maybe 20-50 addresses: a few minutes of cut-n-pastery.

Give it the password, and it can grab a copy of every email you've sent and received and, potentially, do pretty unspeakable things with them... that information is gold dust to marketers and they will pay sufficient for it that morals or privacy codes go out the window (all it takes is one employee, qv T-Mobile)... Even if they don't do anything with them, they may just keep them hanging around, increasing the attack surface by which someone might be able to hack in and steal them... No no no no. The minor convenience of automatically spamming your friends, and a larger number of completely irrelevant people, to say "hi I'm on $social_networking_site", is not worth the risk of such valuable data.

I raised a quizzical eyebrow when I first saw one of these "give us your password for some other site that's nothing to do with us" boxes, because isn't divulging your password in this way contrary to the terms of use of most sites? And as a general rule, people ought to be of the mindset that typing your password for site A into site B is something you NEVER DO. These friend-finder gadgets are legitimising what should be a wholly illegitimate idea. Phishing has probably never been so easy.

Twitter has it right. An API for remote access, but you don't (or shouldn't anyway) need to type your password into any other site, just be logged into Twitter, which will ask your permission.

( 3 comments — Leave a comment )