NEW YORK – Raise your hand if you’ve had your identity stolen on Facebook.
Wow, that’s a lot of hands!
Now, let’s thin the mob. Raise your hand only if someone lifted private information on your own Facebook page, pretended to be you, befriended your friends, family members and business contacts and pried information out of them as if the “real” you were asking the questions.
Well, still quite a crowd!
Identity theft is a painful experience. Regardless of the extent of the damage, most victims feel totally violated.
Worse, we found, it appears Facebook doesn’t even have the courtesy to respond to subscribers’ complaints when their Facebook account is hacked.
After following all the necessary steps described on a Facebook page to report a fake account, you’ll find that Facebook doesn’t even send an automated e-mail saying, “We are sorry that this has happened to you,” or “Your fake account will be taken down immediately.”
Almost five hours later, the fake account will still be lurking out there, impersonating you and duping your friends.
Facebook’s offenses don’t end there, however.
The social media giant, having neglected to acknowledge your fake account report in the first place, goes into your actual Facebook page -- without your permission – and deletes the warning message that you posted to alert your friends that you’ve been hacked.
Facebook then goes a step further: Anyone who has responded by posting a consoling comment also gets deleted. Facebook – without permission or warning -- erases only comments specific to the latest identity theft on your wall.
Poof! Gone, forever.
Could it be that Facebook doesn’t want anyone to know how easy it is to use its platform to disrupt people’s personal lives?
This isn’t a hypothetical scenario. It happened recently to George Haber, a serial entrepreneur in Silicon Valley who is currently CEO at Cresta Technology Corp. (Santa Clara, Calif.)
On the morning of Feb. 7, a week after Facebook filed an IPO seeking to raise $5 billion, Haber’s wife, who was checking her e-mails in bed -- asked him: “Why did you invite me again on Facebook?”
Haber at first wasn’t alarmed. But he quickly found out that his younger son had already accepted a “friend” he thought was his father. Haber discovered that the impersonator had his picture – the same one on Haber’s real Facebook page. The pseudo-Haber also copied his entire “profile,” from schools to jobs.
Hardly a technology or social networking novice, Haber first sent a message to his doppelganger, asking: “Who are you? Why are you impersonating me?”
Haber reported the fake account to Facebook and asked them to block it – essentially following the procedure described on the Facebook website. Still no response from Facebook. Five hours later, the phony Haber was still out there. From Facebook? Zilch.
Haber says he immediately started sending alerts to his friends; posting a message on his real account, informing his hundreds of friends of the Haber impersonator. Be careful. Messages from “real” friends began pouring in to his page.
Haber kept waiting for the shadow Haber’s page to go down. Nothing happened. “I didn’t even get a ‘ticket item’ from Facebook,” he recalls. “It’s as though my request to Facebook — asking them to block this person — [had] gone into a black hole.”
Six hours later, Fake George finally disappeared from Facebook. Then, the strangest thing of all happened.
“My own message about this identity theft disappeared. Hundreds of my friends’ comments on the same topic disappeared at the same time,” says Haber. “And, of course, I get no message from Facebook telling me something like, ‘Hey, George, we took care of it.’”
Haber is from Romania. He grew up in a Communist state. “I lived through the time when someone tells the government on something or someone. I accepted that then.” He adds, “When this happened to me here in the United States, it really, quite shocked me.”
Most puzzling to Haber, and to me, is why his warning message and his friends’ sympathetic responses about the identity theft disappeared from his Facebook page. This couldn’t have happened unless someone with a clear intent went into Haber’s page to wipe out all mentions of identity theft, presumably to save face at Facebook.
Facebook has not returned our calls or repeated e-mails for comment.
Haber wonders why Facebook seems to be indifferent to preventing fake accounts on its site. “It’s not like they don’t have a technology to stop it in advance,” he notes.
While online impersonation is illegal in California, Facebook doesn’t seem to be interested in tracking down impersonators. Haber says, “It’s not like they can’t track him down. They have their e-mail address; they can trace the IP address. We’d have to assume that it’s just not in their best interest to do so.”
In fact, detecting fraud is against Facebook’s interest. One of the secrets of Facebook’s success is the vast number of members, estimated at more than 845 million worldwide. Facebook’s marketing dollars depend on that number being as big as possible. Facebook would be crazy to go cull the duplications from that whopping stat?
Creative hooliganism. A vending machine in the
Facebook HQ corridor.
What Facebook has demonstrated to me is that there are some services that people want to be supplied by a single source. There is only one Facebook, the competition is miniscule in comparison. Clearly people want only one social networking hub.
This single 'black hole' effect is common in human behaviour, and has another feature: the 'herd' can spontaneously abandon one fashion for another. which will happen when FB gets just enough people disappointed that they switch to the next big thing. at that point Facebook will be history, and rebranding will not help.
FB's best move is to create a 'NEW FB' and get everyone to switch, offering better, more secure etc etc. Hell they could switch everyone automatically, its only software!
Come to think of it, the competition could switch us all over from FB without asking anyway, by the sound of it!
My brother had an impersonator once too. I think nothing major happened. But I think he now uses another name just to avoid this kind of things. He's a TV artist so that's why he gets some attention, lucky for us who are not so famous and have not much to fear. Nevertheless quite interesting to read that Facebook is capable of playing "Big Brother" and tweak one's profile willingly. Yikes!
I think we all know that any entity that stores a lot of personal information about individuals -- like Facebook does -- is totally capable of play a "Big Brother" role.
The question is how much trust and faith we put in them, assuming that they would "do the right thing."
Clearly, in this case, Facebook failed to live up to our expectations.
You are absolutely right, Frank.
We all understand that there are security risks on a lot of sites. We even understand someone could impersonate us on Facebook.
What separates an excellent company from others is how the company deals with it. Let's hope that the pending IPO would help Facebook act more responsibly and maturely.
Thanks, resistion. When a company with power thinks that they can get away with such a practice as "erasing" what people said about the company on a "social" network site, I think they went too far.
After all, Facebook is "a social network," and if the social network giant can't take the heat on the social playground they have created, there is nothing "social" about Facebook.
If you don't pay for a service and have a service level contract with the provider, then all you are to them is a source of revenue that they can derive from the data you put onto their site. If it is not obvious how a company makes money out of giving a free service then it is because they are selling what you gave them for free. Currently this is through focussed advertising - but is that the limit to what they can do with your data?
Does FB really need you real date of birth, and all of the other data that "prove" who you are in other contexts eg when opening a bank account?
[For that matter do you need to know what everyone you have ever met have eaten for lunch? ;) ]
The removal of the messages is both disturbing and, sadly, not terribly surprising.
I think there's a natural tendency to assume that governments and old-guard corporations can't be trusted, but new Internet companies can. Wealth, power and control are prime motivators for misdeeds in government and old companies. The people in new Internet companies are really no different and are just as likely to succumb to those temptations.
The other thing that is easy to forget is that Facebook and similar companies don't really have anything to stop them from deleting or even altering users' data because it's really not "users'" data. It pretty much belongs to FB and they have a lot of legal leeyway in what they do with it.
Join our online Radio Show on Friday 11th July starting at 2:00pm Eastern, when EETimes editor of all things fun and interesting, Max Maxfield, and embedded systems expert, Jack Ganssle, will debate as to just what is, and is not, and embedded system.