Facebook goes full Naked Gun after its latest password fiasco
The social network proves once again how little respect is has for its users
One of the funniest scenes in the slapstick comedy The Naked Gun involves a perpetrator, on the run, ending up on a nuclear warhead that crashes into a firework factory. This results in a massive explosion and an endless stream of fireworks shooting up into the air. As people start to gather to watch the show, detective Frank Drebin, played by the wonderful Leslie Neilson, stands in front of the building and proclaims: "Please disperse, nothing to see here".
It's something that consistently pops into my head whenever I see Facebook going into damage limitation mode - and they've been doing that a lot lately. Appearing to make light of serious situations has become the go-to response for Facebook. Most recently the tactic was deployed when the company admitted to storing user passwords in plain text, sans any encryption.
"As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems," said Pedro Canahuati, VP of engineering, security and privacy in the Facebook Newsroom. "This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable."
That doesn't sound so bad. It's only "some" passwords and hey, it's just internal access and only Facebook's trusty staff could see it, right?
It turns out that "some" in the world of Facebook actually translates to hundreds of millions of Facebook Lite users, tens of millions of other Facebook users and tens of thousands of Instagram users - perhaps the company has become too used to talking in billions that it's lost track of the real world.
Or it could just be a poor choice of words, like saying that a "few" people live in China, or Starbucks has "some" coffee shops. But, as we've come to expect, it's another example of the social network trying to downplay an incident because, ultimately, they don't want the negative press.
It could also be seen as me jumping on the bandwagon and sticking it to Facebook, but I will point out that this is one of many privacy issues the company has caused. That bandwagon has joined a full-on parade that's winding its way towards Facebook's front door.
Facebook is like Frank Drebin, waving its arms in front of yet another privacy blunder of staggering proportions, hoping that we'll divert our gaze elsewhere and get on with our lives. The company has become so arrogant that it believed we would read beyond the first paragraph of its token statement, discover the scale of the issue, and then simply shrug it off as a passing curiosity, instead of calling it out for what it is - a nuke in a firework factory.
It's a slap in the face for anyone who takes their data security seriously and a further sign that Zuckerberg and co are more concerned with their public image than they are with user privacy.
Facebook says the passwords were never visible to anyone outside of the company and that it has found "no evidence to date that anyone internally abused or improperly accessed them". That statement might be somewhat reassuring if Facebook's reputation wasn't already in tatters.
In fact, court documents released the same day this statement was issued, revealed that Facebook employees knew what Cambridge Analytica was doing 15-months before that particular scandal came to light. The company is now doing its best to proclaim its innocence.
Once again, Facebook is asking us to trust its word. It wants us to believe that not one of the 20,000 employees that had access to the plain text data ever gave in to temptation - to have a poke around or, even worse, make copies of that data.
I could give Facebook the benefit of the doubt, if I was feeling particularly generous, and say that on this occasion it was just a poor choice of words. Yet there is no single company in the world right now under as much intense scrutiny as Facebook, and, as such, it's staggering that the company isn't doing more to deliver meaningful communiqus to users.
But this represents the typical non-committal response that Facebook too often deploys in the face of a data incident. It boils down to a box-ticking exercise where it can now say it has informed its users, no matter how little detail its put forward. Which no is no longer going to cut it now we have GDPR.
Facebook has become the world's biggest social network and, by extension, one of the world's biggest purveyors of personal data. It feels the company has fractured under the pressure of its own success, and our personal data is starting to seep through the resulting cracks.
As Frank Drebin bumbles his way through investigations in the Naked Gun movies, we get lots of laughs - but there's nothing funny about the bloated mess that Facebook has become.
The ultimate law enforcement agency guide to going mobile
Best practices for implementing a mobile device programFree download
The business value of Red Hat OpenShift
Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShiftFree download
Managing security and risk across the IT supply chain: A practical approach
Best practices for IT supply chain securityFree download
Digital remote monitoring and dispatch services’ impact on edge computing and data centres
Seven trends redefining remote monitoring and field service dispatch service requirementsFree download