Chuck Norris and Facebook privacy

Filed Under: Facebook, Privacy, Social networks

Chuck Norris
Controversy has stirred up on the internet regarding an interview posted on The Rumpus website with what is claimed to be an anonymous Facebook employee.

The interview claims that Facebook tracks every move you make on the social networking website. In other words, every time you look at a friend's profile, send a poke, or take any other action on Facebook, the action is recorded.

From this data, Facebook could - potentially - be able to determine which of your friends you interact with the most, whose photo galleries you check the most often, etc. You can probably imagine the possible privacy implications of this.

And you thought there might be a lot of CCTV cameras in your town..

In addition, it was alleged in the interview that a universal master password existed that allowed Facebook employees to log into any user's profile. And what was that password? A corruption of the phrase "Chuck Norris", the cult action movie star.

Transcript from interview with alleged Facebook employee

In other words, if we are to believe the interview, the master password could have been something like:

{hu[k N0rr15

Lets assume for the purposes of this discussion that the "Chuck Norris" claim is true. Is this a cause for concern?

Well, I would worry if such a powerful, single universal password was available to multiple employees for a period of time. Yes, it's good that its use was restricted so it could only be used from the company's own computers (or IP range) to prevent it from being used by third parties - but surely there should be different passwords for different employees - making it easy to remove access rights to workers who no longer needed the ability to log into any user's account, and to make it easier to log precisely who accessed the account rather than just "Chuck Norris".

From the sound of things, Chuck Norris can no longer log into your Facebook account (if the claims in the interview were ever true at all). And we can only hope that there is greater control today over what Facebook staff can do and see in regards to individuals' accounts, as the potential for abuse is high. I would also hope that there's an official process that Facebook staffers need to go through to seek permission to access a particular user's profile, rather than being left to the individual worker to decide.

But ultimately there's a warning for all of us here.

The more information you share with the internet the more data you are potentially handing over for others to see. The recent changes to Facebook's privacy settings, made clear that the company's philosophy is leaning much more heavily towards encouraging users to allow their personal information to be shared with everybody on the internet, not just their approved friends.

Oh, and once information is shared with everybody on the internet - that actually means "everybody forever". Don't forget that.

If you think it might be time to look again at your Facebook privacy settings, check out our best practice recommendations.

, , ,

You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.