The dilemma of good intentions and bad outcomes

As you may know, a data dump of 533M FB users was recently made available on an internet forum for free. A number of individuals, and organizations volunteered to help fb users search for their personal data in this trove.

Payatu Labs has created a similar site. They claim it works only for Indian phone numbers now, however they are planning to add other countries too.

The problems with this site are:

  • No privacy policy
  • Lack of clarify on ownership (WHOIS records of this site points to an Icelandic entity)
  • Lack of clarify on retention of users’ search queries, and of course, retention and uses of the breached data

After I pointed these out, a single line disclaimer was added to the site that says:
“We do not log queried mobile numbers. Facebook Data Leak Check by”

However there’s been no formal acknowledgement from Payatu Lab’s twitter account or website about this new FB data search service, nor have they clarified their policies.

There are serious privacy issues hidden behind such services that appear to “do good”.

In an ideal world, Facebook would provide this service, failing which an appropriate data protection authority would take up the matter with Facebook. In India, MEITY/TRAI can take up the issue at the very least.

3 Likes

This is definitely complicated, and it raises a lot of suspicion.

One of the good implementations of a “breach” check I’ve seen is https://haveibeenpwned.com/ which in the case of a password check does not send that information to the servers at all. Instead it hashes the contents and sends only a part of that to the backend which makes it impossible to reverse-engineer the original contents.

More about how it works here - https://haveibeenpwned.com/Privacy

1 Like

Yes I think this is kinda scary. Some things on the internet are just too good to be true to the point that they can lure many people for their services, then steal their information on the side. Personally, i am really cautious about these things for I have heard lots of rants from my friends about the consequences of being on social media at most times. I’ve heard about them falling into the wrong traps so sometimes when there are promising links online, I tend to just miss out on them instead of taking the risk of being hacked.

I think that it is a great idea since that there are many people who consider to have it in the long run. Facebook is secure but they do need to patch up their own as well. We may have more to expect in the long run and I believe that they need to come up with a good idea to put some effort on the security as well. Making a new site is nothing different. I agree that it has a lot of great looks, but one can say that it might also end up being like facebook too.