You are not paranoid about surveillance – at least, not as far as Facebook is concerned.
It appears that Facebook founder Mark Zuckerberg and his minions, in the early days, had a master password with which they could sign in to any user account and poke at whatever data we entrusted to the site.
The Guardian gleaned this from Zuckerberg’s former speechwriter, Katherine Losse.
Losse told the media outlet that users should be guarded with their private data on the site – a timely warning, given the launch of Facebook’s social search tool graph search.
Losse – aka Facebook employee No. 51 – joined the company in 2005 as a customer support staffer and worked her way up to being Zuckerberg’s ghostwriter. She left in 2010 and, according to the Guardian, is now regarded as a rogue former employee by Facebook itself.
In 2012, she released a book, The Boy Kings, about those early years.
Recent revelations about the US National Security Agency’s (NSA’s) voraciously hungry appetite for surveillance may have left many users of social networking sites fretting about the government sucking up our private data, but Facebook has been privy to that data – including our passwords – from its infancy, Losse told the Guardian.
As The Guardian’s Siraj Datoo points out, that’s a little scary, given that plenty of users likely have never changed their passwords since they first signed up.
To make matters worse, many people commit security blasphemy by using the same password on multiple sites.
To make matters spontaneously combust in worse-osity, Losse wrote in “The Boy Kings” that in its early years, Facebook passed out the master password like candy, without vetting any of the support staffers.
Here’s an excerpt from the book, courtesy of coverage from CNet’s Jennifer Van Grove:
"Jake introduced us to the hanky application through which users' e-mails to Facebook flowed. Once we learned how the software worked, Jake taught us, without batting an eyelid, the master password by which we could log in as any Facebook user and access all their messages and data... I experienced a brief moment of stunned disbelief: They just hand over the password with no background check to make sure I am not a crazed stalker?"
As Losse told The Guardian, social networking users tend to assume they’re the only ones who can access the information they input, but at most companies, it’s probably not true, given that “at least some of the staff need to have access to user accounts in order to do their jobs.”
"There has to be a way for the staff to manage and repair user account issues, and for this reason user data within most startups, especially when they are young, is never completely locked up from company staff."
At any rate, Facebook doesn’t hand out a master password anymore, it says.
Nowadays, the company told CNet, employees don’t have password access:
"An audit by the Irish Data Protection Commission included a detailed review of the level of access to user data that employees have at Facebook and found that we have an appropriate framework in place. Facebook employees do not have access to users' passwords."
It is, of course, preferable that we have as clear a picture as possible of what companies do with our personal data, so this history of early data yahooism is welcome.
If it helps Losse to sell more books by tying it in to concern about PRISM-like surveillance, that’s OK, as far as I’m concerned.
The more light we shed on these formerly murky matters, the better.
Facebook from its start could watch us, listen to us, and, probably, make fun of us and our soppy, trivial and/or really embarrassing posts and data.
Now it can’t, it assures us.
If that helps to ease your compulsive surveillance suspicions, paralyzing fear of electronic privacy violation, or even, to borrow the Joy of Tech’s formal diagnosis, PRISM Anxiety Disorder, all the better.
Thank you, Ms. Losse, for letting us know.Follow @NakedSecurity