Facebook to Pay $550 Million to Settle Facial Recognition Suit

(Jan. 29, 2020) Facebook just lost a class-action lawsuit it had been fighting for the past five years. And it will pay $550 million dollars in settlement of the suit. The lawsuit was brought against Facebook for scanning their user’s faces in photos and offering tagging suggestions.
The plaintiffs claimed that the platform violated the strictest biometric privacy law in the land – Illinois’s Biometric Information Privacy Act (BIPA) – due to its tag suggestions tool.
Facebook started using the tool in 2015 to automatically recognize people’s faces in photos and suggest to their friends that they tag them. And it does this without users’ permission and without telling them how long it would hang on to their biometrics. The lawsuit contends that Facebook squirreled away face-prints in what Facebook has claimed is the largest privately held database of facial recognition data in the world.
Last September, Facebook said it was ending tag suggestions in favor of the multi-purpose “face recognition” setting, which it made available to all users, along with an opt-out option.
The New York Times, in its reporting of the lawsuit outcome, referred to the $550 million hit as “a rounding error” for Facebook, which reported that revenue rose 25% to $21 billion in the fourth quarter, compared with a year earlier, while profit increased 7% to $7.3 billion.
Although this is a LOT of money (more than half a billion dollars) it could have been worse because Illinois' BIPA requires companies to get written permission before collecting a person’s biometrics, whether they are fingerprints, facial scans or other identifying biological characteristics. It also gives Illinois residents the right to sue companies for up to $5,000 per violation, which could get pretty expensive. So, not surprisingly, Facebook fought this lawsuit tooth and nail. In 2016, it tried – and failed – to wriggle out of it by saying that its user agreement stipulates that California law would govern any disputes with the company. Besides, Facebook said in its motion, BIPA doesn’t apply to Facebook’s facial tagging suggestions for photos.
The judge’s response was: nope, squared. Going by Illinois law was just fine, and it was always
clear that BIPA would cover faceprints because it governs the use of all biometrics. 

Beware Dec. 21, 2019. Facebook does it again!

Over 267 million Facebook users had their names, phone numbers, and profiles exposed thanks to a public database, researcher says

  • An online database exposed the names, Facebook IDs, and phone numbers of more than 267 million people, said Bob Diachenko, a data-security researcher, and Comparitech, a tech website.
  • They said the database was available online without a password, exposing the sensitive personal data to anyone who accessed it.
  • Diachenko traced the database back to Vietnam but could not identify exactly how the data had been accessed or what it was being used for. He said most people affected are from the United
  • States.
  • Diachenko and Comparitech speculated that the data could be used for spam messaging and phishing campaigns and said they contacted the internet service provider that was hosting the database.
  • The database is no longer available, but the data was reportedly posted to an online forum before the source was removed.





Click here for a link from the Business Insider India.

Here are the highlites:

  • Exclusive: Facebook said that it has "unintentionally uploaded" the email contacts of 1.5 million new Facebook users since May 2016.
  • A security researcher recently noticed Facebook was asking some new users to provide their email passwords when they signed up — a move widely condemned by security experts.
  • Business Insider then discovered that if you entered your email password, a message popped up saying it was "importing" your contacts without asking for permission first.
  • Facebook has now revealed to Business Insider that it "unintentionally" grabbed 1.5 million users' data, and is now deleting it.

In Security Now (Episode 711) comes more comments on the scams, repulsive and criminal activities behind FaceBook:

ScamAlertfacebook, again...

Two weeks ago I shared the astonishing (and really almost unbelievable) news that Facebook had been popping up interstitial notices requiring users to turn over their eMail account PASSWORDS as a means of verifying them. 

Rather than eMailing a nonce in a link to their eMail account and asking the user to please click on it, FaceBook was actually asking for their password. The ONLY THING Facebook could do with such a password is to use it to authenticate to and sign into their account.

So, at this point, you would have to imagine that it could not possibly get any worse, right? Wrong!

It turns out that FaceBook WAS in fact logging onto those eMail accounts... And not only that, they were then downloading and storing all of the user's contact information without their permission.

For Business Insider, last Thursday, under the headline "Facebook says it 'unintentionally uploaded' 1.5 million people's email contacts without their consent" in exclusive reporting, Rob Price wrote: Since May 2016, the social-networking company has collected the contact lists of 1.5 million users new to the social network.The Silicon Valley company said the contact data was "unintentionally uploaded to Facebook," and it is now deleting them.

The revelation comes after pseudononymous security researcher e-sushi noticed that Facebook was asking some users to enter their email passwords when they signed up for new accounts to verify their identitiesa move widely condemned by security experts. Business Insider then discovered that if you entered your email password, a message popped up saying it was "importing" your contacts without asking for permission first.

At the time, it wasn't clear what was happening — but Wednesday, Facebook disclosed to Business Insider that 1.5 million people's contacts were collected this way and fed into Facebook's systems, where they were used to improve Facebook's ad targeting, build Facebook's web of social connections, and recommend friends to add.

A Facebook spokesperson said before May 2016, it offered an option to verify a user's account using their email password and [then]  voluntarily upload their contacts at the same time. However, they said, the company changed the feature, and the text informing users that their contacts would be uploaded was deleted — but the underlying functionality was not.

Facebook didn't access the content of users' emails, the spokesperson added. But users' contacts can still be highly sensitive data — revealing who people are communicating with and connect to.

While 1.5 million people's contact books were directly harvested by Facebook, the total number of people whose contact information was improperly obtained by Facebook may well be in the dozens or even hundreds of millions, as people sometimes have hundreds of contacts stored on their email accounts. The spokesperson could not provide a figure for the total number of contacts obtained this way.

Note also that the contact downloads are essentially the raw material for the referential database. Once that raw material has been downloaded and "absorbed" by facebook, it CAN be freely deleted without any loss. So Facebook is not saying that they are deleting all of the FRUITS of that ill gotten information, only the raw information itself.

A Facebook spokesperson said in a statement: "Last month we stopped offering email password verification as an option for people verifying their account when signing up for Facebook for the first time. When we looked into the steps people were going through to verify their accounts we found that in some cases people's email contacts were also unintentionally uploaded to Facebook when they created their account."

Facebook has said it didn't store the passwords"Okay. Not that it matters after they've sucked all of the accounts contact info. But in yet another Facebook privacy blunder which came to light last month, the company confirmed that it improperly stored hundreds of millions of user passwords in plain text rather than as hashes. At the time Facebook said that this plaintext password storage error affected hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users.

That Facebook disclosure was just updated last Thursday to say the number of affected Instagram accounts was much higher. Thursday's update said: "Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format. We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others. Our investigation has determined that these stored passwords were not internally abused or improperly accessed." (How could they POSSIBLY make such an assertion after having "discovered additional logs of Instagram passwords being stored in a readable format"??) It's very CLEARLY a TOTAL and UTTER unorganized disaster over there.

And, last month, Mark Zuckerberg said he planned to rebrand the site he founded as a privacy service.

Yeah... Good luck with that. Perhaps set up an entirely new facility and rewrite the ENTIRE thing from scratch as a true privacy-centric service. What exists now is clearly beyond salvation.

stop sign

Join In

Social Media Links



Who's Online

We have 282 guests and one member online

  • Krash300