Meta’s revenue is in the tens of billions. This fine isn’t even a rounding error for them. This isn’t something that should be taken so lightly.
Fredselfish@lemmy.world
on 27 Sep 2024 13:16
nextcollapse
Yeah that was just a cost of business. Zuck probably pulled that from under his couch.
Coasting0942@reddthat.com
on 27 Sep 2024 13:31
collapse
Have you seen IT budgets? Some vice-president of technology is going to be pissed his numbers look bad compared to his peers during their weekly numbers measuring contest.
curbstickle@lemmy.dbzer0.com
on 27 Sep 2024 14:13
nextcollapse
Its about $2.6 billion per week in revenue, even
by the weekly numbers its not an impact
(based on ~$135b in revenue for 2023, according to financial disclosure reports)
homesweethomeMrL@lemmy.world
on 27 Sep 2024 16:32
collapse
All fines should be percentage of income instead of some arbitrary number.
sunzu2@thebrainbin.org
on 27 Sep 2024 14:00
nextcollapse
Why would the regime ever hurt itself tho?
The_v@lemmy.world
on 27 Sep 2024 14:05
nextcollapse
They also need to remove the limited liability from companies for intentional illegal activities.
illegal business practices should be charged to the people involved instead of the company. The executives who made the decision to break the law lose personal assets.
Otherwise the shitheads just pass the company losses onto the employees: no raises, hiring freezes, layoffs, reduction in benefits, etc…
yuki2501@lemmy.world
on 27 Sep 2024 14:14
nextcollapse
Intentional? Better use Negligent. It’s hard to prove intent; knowledge of something going on is much easier to prove.
100%. We need more personal liability for the evils of big business, not less
Skymt@lemmy.world
on 27 Sep 2024 16:09
nextcollapse
And collected from shareholder payouts.
rottingleaf@lemmy.world
on 27 Sep 2024 19:07
collapse
Shoulda coulda woulda.
My aunt recently gave me a good advice, and a person in one chat with, I suspect, very interesting expertise gave the same advice in different form.
Emotions harm reason, and propaganda is not just directed at suppressing or increasing the emotion. It’s directed at making you emotional when you should be patient, and apathetic when you should be emotional, and act when you should wait, and wait when you should act.
It can easily work since everyone feels their fight of their day to be unique. But it’s not, and more than that - you can always look a few years back and remember that not only was it predicted, but you yourself predicted it.
By all this smartassery I meant - people making the laws don’t want them to work as we do, and they have sterilized the field. Think further.
floquant@lemmy.dbzer0.com
on 27 Sep 2024 21:55
collapse
Point being…?
rottingleaf@lemmy.world
on 28 Sep 2024 05:13
collapse
The last sentence. You can say all you want in social media to blow off steam, but you’ll only make things right in the real world with real power applied. And posting it here you’ve removed yourself from there.
Social media are not designed to be usable for organizing and combining those crumbs of power we all possess. They are actually designed for the opposite goal - to let everyone receive the dopamin hit from saying what should be done and forgetting it, from dispersing their power as thinly as possible. Look at your (EDIT: the guy I was replying to, didn’t realize you’re different people) 300+ likes, all worthless.
A self-regulating propaganda device, better than cheap and good brothels everywhere, or cheap alcohol and cheap and legal maryjane. Also alcohol and maryjane reduce one’s labor value, while brothels can have an effect opposite to the desirable (there’s need for validation in the society, thus in hierarchy, which gets reduced by being sexually content). Social media are better in both regards.
shortwavesurfer@lemmy.zip
on 27 Sep 2024 13:33
nextcollapse
Glad I deleted mine in 2018 and use a password manager (KeepassDX). Only socials I have are Lemmy, Mastodon (rarely used), and Nostr. If it aint FOSS I avoid if at all possible.
Darkassassin07@lemmy.ca
on 27 Sep 2024 13:34
nextcollapse
Considering how old Facebook is, you’d think they would have their shit together when it comes to password security…
Dindonmasker@sh.itjust.works
on 27 Sep 2024 13:38
nextcollapse
They are still on the old system of writing them down on paper XD
FutileRecipe@lemmy.world
on 27 Sep 2024 14:32
collapse
old system of writing them down on paper
That’s harder to steal/hack by someone across the globe.
leisesprecher@feddit.org
on 27 Sep 2024 13:47
nextcollapse
Facebook is huge and has very diverse teams/departments. It’s absolutely possible the guys who know what security is, and the guys who build app xyz are in different departments, countries, continents.
The capitalists want us to believe otherwise, but large corporations are just as convoluted and inefficient as a planned economy.
ObviouslyNotBanana@lemmy.world
on 27 Sep 2024 13:54
nextcollapse
Of not more. At least government gives some amount of insight and a chain of responsibility. Corporations are opaque and responsibility ends in an understaffed, underpaid “support” line.
BearOfaTime@lemm.ee
on 27 Sep 2024 14:45
nextcollapse
The difference is even this pittance of a fine wouldn’t happen in a planned economy - it would be like the planners fining themselves.
What we’re seeing here is a result of the amoral “beastly” types concentrating power. What you’re suggesting is to intentionally concentrate that power from the start.
Facebook is a great example of democracy - the billions of people using it have effectively (in their voluntary ignorance) voted for it to be like this. These are the same people who would vote for policies in a pure democracy.
And you’re ignoring what happens in the SMB space, where people aren’t part of the corrupt circle.
You’re welcome to start a small community anywhere in the US with a planned economy, as proof of concept.
You could call it… A commune, to indicate its goals.
IsThisAnAI@lemmy.world
on 27 Sep 2024 16:11
collapse
Have you ever worked for government IT? Most of it is ages behind private sector.
superkret@feddit.org
on 27 Sep 2024 17:34
collapse
I work in the private sector and our most essential systems run on Windows Server 2012. Because the installed applications can’t be migrated to anything else. After a reboot, there’s 21 scripts that need to be run in a specific order (with admin rights) to get the app running again. The frontend is an http webpage that’s open to the world.
The supplier of the software is a huge global corporation, market leader in their field.
IsThisAnAI@lemmy.world
on 27 Sep 2024 22:18
collapse
I’m not saying there isn’t crap in the private sector, but in my experience government really sucks managing IT.
leisesprecher@feddit.org
on 27 Sep 2024 23:51
collapse
No. Large organizations suck at managing IT, simply because it’s not crucial for them to keep it managed and they usually have enough institutional insulation to mitigate the impacts. Whether that insulation is money or disregard of the public doesn’t matter all that much.
IsThisAnAI@lemmy.world
on 28 Sep 2024 10:14
collapse
👌👍
ramble81@lemm.ee
on 27 Sep 2024 13:49
nextcollapse
Considering how old Facebook is…. They probably never bothered to upgrade the authentication system because “if it ain’t broke, don’t fix it” and it didn’t matter to their revenue.
magic_smoke@links.hackliberty.org
on 27 Sep 2024 14:08
nextcollapse
Password hashing has been standard practice far longer than Facebook has existed. Even by 2004’s awful, ‘archaic’ standards.
frezik@midwest.social
on 27 Sep 2024 21:25
collapse
At the time Facebook was invented, plaintext passwords had been a joke for years.
bolapara@lemmy.ml
on 27 Sep 2024 15:08
nextcollapse
This is almost certainly the result of accidentally letting the passwords get into the logging infrastructure.
IsThisAnAI@lemmy.world
on 27 Sep 2024 16:10
nextcollapse
It seems like it was one of those old systems from the earlier days that somehow was overlooked. It’s not great but I understand how it happens if they didn’t have strong monitoring and system ownership.
eager_eagle@lemmy.world
on 27 Sep 2024 19:43
nextcollapse
These things are the other way around. The older something is, the more likely it is to find a bunch of questionable choices, spaghetti code, and security holes.
The questions I have surround the “since 2012” bit. FB exists since 2004, so what happened in 2012? Was it a data dump, a careless logger, system migration, or something else?
frezik@midwest.social
on 27 Sep 2024 21:26
collapse
I mentioned this in another comment too: Nobody seems to reads the actual posts, just the headlines. They were accidentally stored in logs:
As part of a security review in 2019, we found that a subset of FB users’ passwords were temporarily logged in a readable format within our internal data systems,
which is something I’ve seen at other companies too. For example, if you have error logging that logs the entire HTTP request when an error happens, but forget to filter out sensitive fields.
Cadeillac@lemmy.world
on 27 Sep 2024 14:23
nextcollapse
Quick math: this is only 0.076% of their 2023’s revenue. No wonder big corporations don’t give a fuck about fines and will continue doing fucked up/illegal shit. This is not a fine, this is a green light, my friends.
irreticent@lemmy.world
on 27 Sep 2024 17:13
collapse
They literally just consider fines as a cost of doing business.
bazingabot@lemmy.world
on 27 Sep 2024 14:51
nextcollapse
eehw, Facebook
Yuki@kutsuya.dev
on 27 Sep 2024 14:59
nextcollapse
Something like this should be like 15% of last year’s revenue.
anzo@programming.dev
on 27 Sep 2024 16:13
nextcollapse
They still store the passwords like that? I remember that quote of Zuckerberg doing so, in the early days, and boasting about it to a friend… This was so outrageous at the time. Now it’s beyond absurdity… Not to mention the fine is so small!
Imgonnatrythis@sh.itjust.works
on 27 Sep 2024 17:20
nextcollapse
I’m sure we can just trust that it’s better now. The small dent fee that falls under the category of "write-off’ on Meta’s budget probably really straightened up their behavior…
Blackmist@feddit.uk
on 27 Sep 2024 17:45
nextcollapse
I remember my bank used to ask me for the 2nd, 5th and 7th letters of my password from time to time.
There’s only one realistic way they can know those to ask me.
They haven’t asked me that for a while now, so I can only hope they encrypted them properly at some point.
andrew_bidlaw@sh.itjust.works
on 27 Sep 2024 18:09
nextcollapse
And you can imagine someone thinking it’s super clever and secure.
silentdon@lemmy.world
on 27 Sep 2024 18:43
nextcollapse
I once called my bank because I had trouble logging in. They didn’t outright say it but they implied that they could see my password and asked if I wanted to update it by telling them the new one. I said no.
obinice@lemmy.world
on 27 Sep 2024 18:47
nextcollapse
2019 isn’t some ancient far away time though, it’s just a few years ago. If Facebook were doing stuff like this then, think who else is still doing it.
Also, nobody reads the actual posts, just the headlines. They were accidentally stored in logs:
As part of a security review in 2019, we found that a subset of FB users’ passwords were temporarily logged in a readable format within our internal data systems,
which is something I’ve seen at other companies too. For example, if you have error logging that logs the entire HTTP request when an error happens, but forget to filter out sensitive fields.
NotMyOldRedditName@lemmy.world
on 27 Sep 2024 21:29
collapse
I worked at a company that handled sensitive data and we always had to pay special attention to logs in code reviews to make sure someone wasn’t inadvertently logging something that could potentially be private.
There’s sometimes cases people don’t think of ahead of time. For example if you log stack traces, they may contain details about the arguments passed to functions.
pr06lefs@lemmy.ml
on 27 Sep 2024 16:27
nextcollapse
Whoa, better make sure all my pwds are in keepass! Didn’t know the fines were so hefty for that.
ocassionallyaduck@lemmy.world
on 27 Sep 2024 17:45
nextcollapse
Jesus, why not fine them 5 bucks?
What a joke.
cmnybo@discuss.tchncs.de
on 27 Sep 2024 18:48
nextcollapse
This is why you never reuse passwords. Usually there’s no way to tell if a site is storing them in plain text until there’s a data breach.
octopus_ink@lemmy.ml
on 27 Sep 2024 19:02
nextcollapse
Meta: The company whose products you use when you absolutely, positively, don’t give a shit that they are the worst example of the worst nightmare of a consumer-hostile, privacy-invading, you-are-the-product, tech company. Yes, even worse than Microsoft.
werefreeatlast@lemmy.world
on 27 Sep 2024 19:18
collapse
If it’s free, you are the product.
Serinus@lemmy.world
on 27 Sep 2024 21:25
nextcollapse
I haven’t paid for Lemmy yet. Well, other than volunteer time.
I guess if we want something where we’re not the product, we have to build it ourselves.
NotMyOldRedditName@lemmy.world
on 27 Sep 2024 21:27
nextcollapse
What makes you so sure that the person hosting your instance isn’t monetizing it or trying to find a way to monetize it in the background?
Maybe they’re selling all these posts and DMs to OpenAI?
WarMarshalEmu@lemm.ee
on 27 Sep 2024 21:35
nextcollapse
They don’t need to sell access… It’s free. Assume anything you post here is getting sniffed up by everyone.
It’s easy enough to use the API to scrape the site and use all the posts and DMs for free. It’d be odd for OpenAI to pay for it.
Please do recognize that anything you post publicly IS public, whether that’s Facebook or here. The lack of an API isn’t going to stop places from scraping your data off of Facebook or Reddit either.
Your DMs here are explicitly public. That’s part of the federation between servers. If you want truly private DMs, there are options for that.
I suppose I should mention for full disclosure that I’m part of the (unpaid) staff here representing the Lemmy.World Community Team.
NotMyOldRedditName@lemmy.world
on 27 Sep 2024 21:43
collapse
Not that I DMd people, but I don’t think I knew that, so that’s good to know.
But also don’t mistake a not for profit as not being able to do something to aquire money to help pay for itself or the salaries of it’s people. They could absolutely be looking for ways to monetize this to a certain extent. A not for profit is not a charity.
I’d recommend Signal for truly private messaging. I’ve heard things about Matrix, and the warning mentions Element.io, nether of which I’m personally familiar with.
NotMyOldRedditName@lemmy.world
on 27 Sep 2024 21:47
collapse
Oh, well that’s a great warning. Glad they put that there.
Even without any potential monetization by anyone… you kind of are? You are part of the community here, and that’s what people come here for. Lemmy’s community is the product it offers, and you are a piece of it.
I wish more people on Reddit and Twitter would recognize that and use more discretion with who they’re creating a product for.
Moah@lemmy.blahaj.zone
on 27 Sep 2024 22:27
nextcollapse
Well now even when you pay you’re the product.
joshcodes@programming.dev
on 28 Sep 2024 00:23
collapse
This just doesn’t hold up in 2024. BMW charge you 60k for a vehicle and chuck a subscription on top. Apple, Google and Samsung charge between hundreds and thousands for their phones and advertise with their own agencies. Amazon forces paying customers to wade through bullshit products to finally buy the one they want, customers who bought prime and who didn’t.
Everyone is the product even if you pay. Stop saying this please.
tyler@programming.dev
on 28 Sep 2024 05:50
nextcollapse
It’s not an either or. It’s _if it’s free, you’re the product _. That’s it. It’s not saying anything about if you pay for it.
gjoel@programming.dev
on 28 Sep 2024 09:27
nextcollapse
So it’s misdirection. It should be “You’re the product”. Free or not doesn’t matter.
joshcodes@programming.dev
on 29 Sep 2024 21:02
collapse
Mate. Everyone is the product. Everyone’s attention is being paid for. Every service is collecting your data. Everyone wants your screen time and is happy to pay for it.
“If it’s free you are the product” has been drilled into us to accept the bullshit of Facebook, Google and the rest. Get it in your head now: you are the product, always. Unconditionally. No exceptions.
tyler@programming.dev
on 01 Oct 2024 05:14
collapse
You’re literally using a service there that isn’t the case for.
Sorry, but that’s irrelevant to “if it’s free…” implication. Those are just unrelated ways companies made suckers out of their customers.
joshcodes@programming.dev
on 29 Sep 2024 21:23
collapse
Hey mate, so this comment is just not productive. I’m going to be a little hyperbolic here: if everyone alive is being advertised to then your “unrelated ways companies making suckers out of their customers” comment isn’t correct or honest. It’s the norm, everyones going through it is totally related.
I talked about companies that lock you into their ecosystems and force you to have a stake in their business model. They do this for two reasons: you make money and they want it, and if you spend your money elsewhere they don’t get it.
Name one phone manufacturer that isn’t stealing your data.
Name one social media app that isn’t spyware.
Name one online store, review site or fucking cooking blog that isn’t loaded with ad trackers and cursor monitoring shit that tells you to subscribe as soon as you go to close the tab.
Sure some smaller examples exist (I love lemmy, this place is awesome), sure I can download a free open source os, or just install an:
Adblocker
User agent spoofer
Anti track-sender
Set my browser to stop allowing targeted ads or download a privacy browser
but everyone is still stuck using the other products in some capacity just the same. I’m happy for you if you fall outside this, seriously. However, most people do not. We are stuck and it’s because we got prayed upon. So yeah, everyone is the product. Always. No exceptions.
I’ve been told we have state senators who openly claim to only be there to keep speeding tickets low.
Squizzy@lemmy.world
on 28 Sep 2024 10:11
nextcollapse
And thats is all this is, it isnt for war profiteering it is for poor practices, sure it could be more but people really lose sight of things when it comes to fining these companies.
The fines for targetting children with damaging content or promoting harmful posts should be way more than this and than they are but this isnt an action they directly profitted from it was a lazy and harmful missing of the required mark.
Im not this invested in defending meta but 102 million is a lot for one country to fine one company. Ireland fined the company nearly 1% of their global net for one issue.
You’re so totally wrong. Storing passwords in plaintext is such a dangerous, obviously wrong mistake that it can only be considered wanton disregard for the safety and the security of your users, and it should carry the equivalent of a life-in-prison sentence for the corporation which breaks that rule. Not only should the company be completely fucking destroyed over this but the CEO should be criminally liable.
The legal system does not take corporate crimes seriously at all. Perhaps it’s time to take justice into our own hands.
oo1@lemmings.world
on 28 Sep 2024 10:44
nextcollapse
It’s the points on the licence that really matters for speeding though in my country.
When they accumulate enough points they get banned from driving for a period like a year or maybe more.
I hope this applies to meta. I’m pretty sure it doesn’t though.
That’s not an entirely accurate representation, because after taxes you still use that money for housing and food and transportation etc. In business terms that 50k would still contain operating costs. So that $120 might still seem a lot.
That 50k a year should be extra money, the money left in your pocket after taxes, housing, groceries, other necessities and debts are paid off. That would give an accurate representation of how insignificant a $120 ticket would be.
That’s the thing, though. I computed from the claimed figure above of 13 billion net income. The costs are already accounted for.
floquant@lemmy.dbzer0.com
on 27 Sep 2024 21:50
nextcollapse
It is absolutely not, but I understand it’s easy to lose sense of scale when you go into billions territory.
ChaoticEntropy@feddit.uk
on 28 Sep 2024 09:40
collapse
This is less than a rounding error.
WhatYouNeed@lemmy.world
on 27 Sep 2024 21:18
collapse
Should be like GDPR fines: 4% of your annual global revenue.
Edit: just read “It has so far fined Meta a total of 2.5 billion euros for breaches under the bloc’s General Data Protection Regulation’s (GDPR), introduced in 2018, including a record 1.2 billion euro fine in 2023 that Meta is appealing”
Wow, Meta really likes donating to the EU
Test_Tickles@lemmynsfw.com
on 28 Sep 2024 11:57
collapse
I can’t find anything that states how much they have actually paid. It’s not quite the same if they spend 20 years fighting the amount in court.
Laristal@lemmy.dbzer0.com
on 28 Sep 2024 00:28
nextcollapse
And these are the people who demand id to get back into your account if they find activity they deem suspicious.
jayandp@sh.itjust.works
on 28 Sep 2024 01:22
collapse
Yep, had basically a throw away account for the occasional thing that basically required a Facebook account, and then I guess because I never posted anything they locked my account and demanded ID. Hell no.
Thanks, I appreciate that.
I paid an independent IT security consultant lot of money to help me come up with it - so I don’t want to have to change it.
FJW@discuss.tchncs.de
on 28 Sep 2024 12:01
collapse
That “m” should be a “b”. For a company that size, there is truly no excuse!
threaded - newest
Meta’s revenue is in the tens of billions. This fine isn’t even a rounding error for them. This isn’t something that should be taken so lightly.
Yeah that was just a cost of business. Zuck probably pulled that from under his couch.
Have you seen IT budgets? Some vice-president of technology is going to be pissed his numbers look bad compared to his peers during their weekly numbers measuring contest.
Its about $2.6 billion per week in revenue, even by the weekly numbers its not an impact
(based on ~$135b in revenue for 2023, according to financial disclosure reports)
😱
All fines should be percentage of income instead of some arbitrary number.
Why would the regime ever hurt itself tho?
They also need to remove the limited liability from companies for intentional illegal activities.
illegal business practices should be charged to the people involved instead of the company. The executives who made the decision to break the law lose personal assets.
Otherwise the shitheads just pass the company losses onto the employees: no raises, hiring freezes, layoffs, reduction in benefits, etc…
Intentional? Better use Negligent. It’s hard to prove intent; knowledge of something going on is much easier to prove.
100%. We need more personal liability for the evils of big business, not less
And collected from shareholder payouts.
Shoulda coulda woulda.
My aunt recently gave me a good advice, and a person in one chat with, I suspect, very interesting expertise gave the same advice in different form.
Emotions harm reason, and propaganda is not just directed at suppressing or increasing the emotion. It’s directed at making you emotional when you should be patient, and apathetic when you should be emotional, and act when you should wait, and wait when you should act.
It can easily work since everyone feels their fight of their day to be unique. But it’s not, and more than that - you can always look a few years back and remember that not only was it predicted, but you yourself predicted it.
By all this smartassery I meant - people making the laws don’t want them to work as we do, and they have sterilized the field. Think further.
Point being…?
The last sentence. You can say all you want in social media to blow off steam, but you’ll only make things right in the real world with real power applied. And posting it here you’ve removed yourself from there.
Social media are not designed to be usable for organizing and combining those crumbs of power we all possess. They are actually designed for the opposite goal - to let everyone receive the dopamin hit from saying what should be done and forgetting it, from dispersing their power as thinly as possible. Look at your (EDIT: the guy I was replying to, didn’t realize you’re different people) 300+ likes, all worthless.
A self-regulating propaganda device, better than cheap and good brothels everywhere, or cheap alcohol and cheap and legal maryjane. Also alcohol and maryjane reduce one’s labor value, while brothels can have an effect opposite to the desirable (there’s need for validation in the society, thus in hierarchy, which gets reduced by being sexually content). Social media are better in both regards.
Glad I deleted mine in 2018 and use a password manager (KeepassDX). Only socials I have are Lemmy, Mastodon (rarely used), and Nostr. If it aint FOSS I avoid if at all possible.
Considering how old Facebook is, you’d think they would have their shit together when it comes to password security…
They are still on the old system of writing them down on paper XD
That’s harder to steal/hack by someone across the globe.
Facebook is huge and has very diverse teams/departments. It’s absolutely possible the guys who know what security is, and the guys who build app xyz are in different departments, countries, continents.
The capitalists want us to believe otherwise, but large corporations are just as convoluted and inefficient as a planned economy.
Of not more. At least government gives some amount of insight and a chain of responsibility. Corporations are opaque and responsibility ends in an understaffed, underpaid “support” line.
The difference is even this pittance of a fine wouldn’t happen in a planned economy - it would be like the planners fining themselves.
What we’re seeing here is a result of the amoral “beastly” types concentrating power. What you’re suggesting is to intentionally concentrate that power from the start.
Facebook is a great example of democracy - the billions of people using it have effectively (in their voluntary ignorance) voted for it to be like this. These are the same people who would vote for policies in a pure democracy.
And you’re ignoring what happens in the SMB space, where people aren’t part of the corrupt circle.
You’re welcome to start a small community anywhere in the US with a planned economy, as proof of concept.
You could call it… A commune, to indicate its goals.
Have you ever worked for government IT? Most of it is ages behind private sector.
I work in the private sector and our most essential systems run on Windows Server 2012. Because the installed applications can’t be migrated to anything else. After a reboot, there’s 21 scripts that need to be run in a specific order (with admin rights) to get the app running again. The frontend is an http webpage that’s open to the world.
The supplier of the software is a huge global corporation, market leader in their field.
I’m not saying there isn’t crap in the private sector, but in my experience government really sucks managing IT.
No. Large organizations suck at managing IT, simply because it’s not crucial for them to keep it managed and they usually have enough institutional insulation to mitigate the impacts. Whether that insulation is money or disregard of the public doesn’t matter all that much.
👌👍
Considering how old Facebook is…. They probably never bothered to upgrade the authentication system because “if it ain’t broke, don’t fix it” and it didn’t matter to their revenue.
Password hashing has been standard practice far longer than Facebook has existed. Even by 2004’s awful, ‘archaic’ standards.
At the time Facebook was invented, plaintext passwords had been a joke for years.
This is almost certainly the result of accidentally letting the passwords get into the logging infrastructure.
It seems like it was one of those old systems from the earlier days that somehow was overlooked. It’s not great but I understand how it happens if they didn’t have strong monitoring and system ownership.
These things are the other way around. The older something is, the more likely it is to find a bunch of questionable choices, spaghetti code, and security holes.
The questions I have surround the “since 2012” bit. FB exists since 2004, so what happened in 2012? Was it a data dump, a careless logger, system migration, or something else?
Careless logging is the one.
I mentioned this in another comment too: Nobody seems to reads the actual posts, just the headlines. They were accidentally stored in logs:
which is something I’ve seen at other companies too. For example, if you have error logging that logs the entire HTTP request when an error happens, but forget to filter out sensitive fields.
Hold on, let me dig around for my surprised face
Quick math: this is only 0.076% of their 2023’s revenue. No wonder big corporations don’t give a fuck about fines and will continue doing fucked up/illegal shit. This is not a fine, this is a green light, my friends.
They literally just consider fines as a cost of doing business.
eehw, Facebook
Something like this should be like 15% of last year’s revenue.
They still store the passwords like that? I remember that quote of Zuckerberg doing so, in the early days, and boasting about it to a friend… This was so outrageous at the time. Now it’s beyond absurdity… Not to mention the fine is so small!
Not to excuse them, but this is from 2019. Yes, that behavior was so outrageous at the time, but hopefully it is no longer happening
Probably is
I imagine the implementation would cost them more than the fine…
no… just… no.
I’m sure we can just trust that it’s better now. The small dent fee that falls under the category of "write-off’ on Meta’s budget probably really straightened up their behavior…
I remember my bank used to ask me for the 2nd, 5th and 7th letters of my password from time to time.
There’s only one realistic way they can know those to ask me.
They haven’t asked me that for a while now, so I can only hope they encrypted them properly at some point.
And you can imagine someone thinking it’s super clever and secure.
I once called my bank because I had trouble logging in. They didn’t outright say it but they implied that they could see my password and asked if I wanted to update it by telling them the new one. I said no.
.
2019 isn’t some ancient far away time though, it’s just a few years ago. If Facebook were doing stuff like this then, think who else is still doing it.
Also, nobody reads the actual posts, just the headlines. They were accidentally stored in logs:
which is something I’ve seen at other companies too. For example, if you have error logging that logs the entire HTTP request when an error happens, but forget to filter out sensitive fields.
I worked at a company that handled sensitive data and we always had to pay special attention to logs in code reviews to make sure someone wasn’t inadvertently logging something that could potentially be private.
There’s sometimes cases people don’t think of ahead of time. For example if you log stack traces, they may contain details about the arguments passed to functions.
Whoa, better make sure all my pwds are in keepass! Didn’t know the fines were so hefty for that.
Jesus, why not fine them 5 bucks?
What a joke.
This is why you never reuse passwords. Usually there’s no way to tell if a site is storing them in plain text until there’s a data breach.
Meta: The company whose products you use when you absolutely, positively, don’t give a shit that they are the worst example of the worst nightmare of a consumer-hostile, privacy-invading, you-are-the-product, tech company. Yes, even worse than Microsoft.
If it’s free, you are the product.
I haven’t paid for Lemmy yet. Well, other than volunteer time.
I guess if we want something where we’re not the product, we have to build it ourselves.
What makes you so sure that the person hosting your instance isn’t monetizing it or trying to find a way to monetize it in the background?
Maybe they’re selling all these posts and DMs to OpenAI?
They don’t need to sell access… It’s free. Assume anything you post here is getting sniffed up by everyone.
Lemmy.world is a registered non-profit organization. fedihosting.foundation/about-us/
It’s easy enough to use the API to scrape the site and use all the posts and DMs for free. It’d be odd for OpenAI to pay for it.
Please do recognize that anything you post publicly IS public, whether that’s Facebook or here. The lack of an API isn’t going to stop places from scraping your data off of Facebook or Reddit either.
Your DMs here are explicitly public. That’s part of the federation between servers. If you want truly private DMs, there are options for that.
I suppose I should mention for full disclosure that I’m part of the (unpaid) staff here representing the Lemmy.World Community Team.
Not that I DMd people, but I don’t think I knew that, so that’s good to know.
But also don’t mistake a not for profit as not being able to do something to aquire money to help pay for itself or the salaries of it’s people. They could absolutely be looking for ways to monetize this to a certain extent. A not for profit is not a charity.
<img alt="Image of private messaging within Lemmy showing that the messages are not secure" src="https://lemmy.world/pictrs/image/3358ac65-adfe-4720-9d5c-a7f4ce7a54b0.png">
I’d recommend Signal for truly private messaging. I’ve heard things about Matrix, and the warning mentions Element.io, nether of which I’m personally familiar with.
Oh, well that’s a great warning. Glad they put that there.
And ya I already use signal.
Even without any potential monetization by anyone… you kind of are? You are part of the community here, and that’s what people come here for. Lemmy’s community is the product it offers, and you are a piece of it.
I wish more people on Reddit and Twitter would recognize that and use more discretion with who they’re creating a product for.
Well now even when you pay you’re the product.
This just doesn’t hold up in 2024. BMW charge you 60k for a vehicle and chuck a subscription on top. Apple, Google and Samsung charge between hundreds and thousands for their phones and advertise with their own agencies. Amazon forces paying customers to wade through bullshit products to finally buy the one they want, customers who bought prime and who didn’t.
Everyone is the product even if you pay. Stop saying this please.
It’s not an either or. It’s _if it’s free, you’re the product _. That’s it. It’s not saying anything about if you pay for it.
So it’s misdirection. It should be “You’re the product”. Free or not doesn’t matter.
Mate. Everyone is the product. Everyone’s attention is being paid for. Every service is collecting your data. Everyone wants your screen time and is happy to pay for it.
“If it’s free you are the product” has been drilled into us to accept the bullshit of Facebook, Google and the rest. Get it in your head now: you are the product, always. Unconditionally. No exceptions.
You’re literally using a service there that isn’t the case for.
Sorry, but that’s irrelevant to “if it’s free…” implication. Those are just unrelated ways companies made suckers out of their customers.
Hey mate, so this comment is just not productive. I’m going to be a little hyperbolic here: if everyone alive is being advertised to then your “unrelated ways companies making suckers out of their customers” comment isn’t correct or honest. It’s the norm, everyones going through it is totally related.
I talked about companies that lock you into their ecosystems and force you to have a stake in their business model. They do this for two reasons: you make money and they want it, and if you spend your money elsewhere they don’t get it. Name one phone manufacturer that isn’t stealing your data. Name one social media app that isn’t spyware. Name one online store, review site or fucking cooking blog that isn’t loaded with ad trackers and cursor monitoring shit that tells you to subscribe as soon as you go to close the tab.
Sure some smaller examples exist (I love lemmy, this place is awesome), sure I can download a free open source os, or just install an:
Adblocker User agent spoofer Anti track-sender Set my browser to stop allowing targeted ads or download a privacy browser
but everyone is still stuck using the other products in some capacity just the same. I’m happy for you if you fall outside this, seriously. However, most people do not. We are stuck and it’s because we got prayed upon. So yeah, everyone is the product. Always. No exceptions.
This is like when Dr Evil asks for $1 million dollars after being unfrozen. These courts need to get with the times.
102 million is a major fine.
Not for a company with 120 Billion profits.
102 million is a major fine for you. For meta that’s less than 1% of their last quarter (which was 13 billion net income).
To put it into perspective, the fine was 0.8% of that net income.
If you make $50k/yr after taxes, the equivalent fine would be on the order of about $120.
Where I’m from, that’s a speeding ticket.
Wow you have very forgiving traffic laws where you’re from. $190 for rolling through a stop sign here.
I’ve been told we have state senators who openly claim to only be there to keep speeding tickets low.
And thats is all this is, it isnt for war profiteering it is for poor practices, sure it could be more but people really lose sight of things when it comes to fining these companies.
The fines for targetting children with damaging content or promoting harmful posts should be way more than this and than they are but this isnt an action they directly profitted from it was a lazy and harmful missing of the required mark.
Im not this invested in defending meta but 102 million is a lot for one country to fine one company. Ireland fined the company nearly 1% of their global net for one issue.
You’re so totally wrong. Storing passwords in plaintext is such a dangerous, obviously wrong mistake that it can only be considered wanton disregard for the safety and the security of your users, and it should carry the equivalent of a life-in-prison sentence for the corporation which breaks that rule. Not only should the company be completely fucking destroyed over this but the CEO should be criminally liable.
The legal system does not take corporate crimes seriously at all. Perhaps it’s time to take justice into our own hands.
It’s the points on the licence that really matters for speeding though in my country. When they accumulate enough points they get banned from driving for a period like a year or maybe more.
I hope this applies to meta. I’m pretty sure it doesn’t though.
That’s not an entirely accurate representation, because after taxes you still use that money for housing and food and transportation etc. In business terms that 50k would still contain operating costs. So that $120 might still seem a lot.
That 50k a year should be extra money, the money left in your pocket after taxes, housing, groceries, other necessities and debts are paid off. That would give an accurate representation of how insignificant a $120 ticket would be.
That’s the thing, though. I computed from the claimed figure above of 13 billion net income. The costs are already accounted for.
It is absolutely not, but I understand it’s easy to lose sense of scale when you go into billions territory.
This is less than a rounding error.
Should be like GDPR fines: 4% of your annual global revenue.
Edit: just read “It has so far fined Meta a total of 2.5 billion euros for breaches under the bloc’s General Data Protection Regulation’s (GDPR), introduced in 2018, including a record 1.2 billion euro fine in 2023 that Meta is appealing”
Wow, Meta really likes donating to the EU
I can’t find anything that states how much they have actually paid. It’s not quite the same if they spend 20 years fighting the amount in court.
And these are the people who demand id to get back into your account if they find activity they deem suspicious.
Yep, had basically a throw away account for the occasional thing that basically required a Facebook account, and then I guess because I never posted anything they locked my account and demanded ID. Hell no.
They tried to do the same to me on Instagram.
Nope, it’s not worth that level of privacy invasion.
17 cents apiece
I hope i dont get fined for
5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8
nah, sha-256 is fine, though you should pick something stronger than “password”
Don’t worry I don’t use that for my internet bank: 19513FDC9DA4FB72A4A05EB66917548D3C90FF94D5419E1F2363EEA89DFEE1DD
well, “Password1” is slightly better, I’ll make sure not to tell anyone.
Thanks, I appreciate that. I paid an independent IT security consultant lot of money to help me come up with it - so I don’t want to have to change it.
That “m” should be a “b”. For a company that size, there is truly no excuse!