It’s not as easy to scrape personal data as researchers claim, says Facebook
Facebook has responded to accusations that its security systems are inadequate, saying it has “serious concerns” about the methodology used by researchers.
Researchers from the University of British Columbia built a “socialbot” network and collected 250GB of personal data from Facebook users, by setting up fake profiles that sent and received messages. Facebook believes that the researchers gave themselves an unfair advantage, and the test may have been unfair and unethical.
Another security scrape
“We have serious concerns about the methodology of the research by the University of British Colombia [sic] and we will be putting these concerns to them,” said a Facebook spokesperson. “As always, we encourage people to only connect with people they actually know and report any suspicious behavior they observe on the site.”
The University test was carried out from a trusted University address, which might be argued to have given the team an unfair advantage in hacking Facebook, since most “real” attacks would be from fake or anonymous addresses that would trigger Facebook’s protective measures.
However, it could equally be argued that the attack provided a good model of a realistic situation in which an attacker has subverted a genuine IP address and is using it to hack into Facebook.
Facebook hinted that the attack might have been illegal, and could have had negative consequences for genuine users at the University, whose IP addresses may have been blacklisted.
Facebook also suggested that the group’s results might actually be wrong – a Facebook source suggested that its own processes actually disabled more of the fake accounts, more quickly than the University claims.
“We have numerous systems designed to detect fake accounts and prevent scraping of information,” said the spokesperson. “We are constantly updating these systems to improve their effectiveness and address new kinds of attacks. We use credible research as part of that process.”