Stalkbook: Stalk anyone, even if you're not Facebook friends

MIT graduate Oliver Yeh recently built a service called Stalkbook that he claims allows you to lớn stalk people on Facebook even if you're not friends with them on the social network. Yeh has a simple but malicious trick: he uses other Facebook users' credentials to lớn view whichever profile you want to lớn stalk.

Bạn đang xem: stalk facebook

When I went to lớn the site, typed in "Mark Zuckerberg" and clicked "Stalk," I was greeted with the following message: "Stalking is considered to lớn be morally wrong. Why don't you try talking to lớn the person instead." Stalkbook hasn't been released publicly, but Yeh has demoed it to lớn select individuals.

In an interview with IEEE, Yeh explained in further detail how Stalkbook works:

So, the photo version works by whenever a person signs on to lớn the application; not only does he reveal his or her own information but he also compromises all of his or her friends' information too. So for example, if I sign on to lớn the site, then my friend Trevor would also be signed on to lớn the site because I'm friends with Trevor. And because with my credentials, I can see Trevor's information. Now, everyone on the Internet can also see Trevor's information by using my credentials. And as more people sign up to lớn Stalkbook, you get this network effect, in which you only need perhaps 10 percent of Facebook to lớn join to lớn compromise 80 to lớn 90 percent of Facebook.

If that's a bit too complicated for you, this diagram should simplify it:

How can Yeh possibly pull this off though? With a Facebook phầm mềm that caches the data, of course. He continues:

So, with Facebook API--which is software that Facebook developed so sánh that third-party developers can access Facebook's information--so with this API, I can have access to lớn my friend Trevor's information. And what Stalkbook does is it goes through all of a user's information and all of the friends of the user's information and stores a cache copy on the trang web, so sánh that when somebody else visits Stalkbook, they now have access to lớn a cache version of Facebook's data, even though they don't have permission to lớn access Trevor's information.

So, is Yeh right? Technically speaking, it is possible to lớn bởi. He would have to lớn build a very large network of individuals willing to lớn use his phầm mềm for such purposes, cache all the information he can, all while avoiding Facebook's wrath as more and more users start using Stalkbook.

Xem thêm: lời bài hát mùa thu cho em

Unfortunately for Yeh and fortunately for Facebook's users, Stalkbook goes against Facebook's terms of service (Statement of Rights and Responsibilities). In the Safety section of Facebook's TOS, point number five clearly states: "You will not solicit login information or access an trương mục belonging to lớn someone else."

Some could argue that this doesn't apply to lớn Facebook apps. In that case, let's kiểm tra the "Special Provisions Applicable to lớn Developers/Operators of Applications and Websites" section. Here's point No. 2, "Your access to lớn and use of data you receive from Facebook, will be limited as follows:"

You will only request data you need to lớn operate your application.
You will have a privacy policy that tells users what user data you are going to lớn use and how you will use, display, share, or transfer that data and you will include your privacy policy URL in the Developer Application.
You will not use, display, share, or transfer a user's data in a manner inconsistent with your privacy policy.
You will delete all data you receive from us concerning a user if the user asks you to lớn bởi so sánh, and will provide a mechanism for users to lớn make such a request.
You will not include data you receive from us concerning a user in any advertising creative.
You will not directly or indirectly transfer any data you receive from us to lớn (or use such data in connection with) any ad network, ad exchange, data broker, or other advertising related toolset, even if a user consents to lớn that transfer or use.
You will not sell user data. If you are acquired by or merge with a third buổi tiệc ngọt, you can continue to lớn use user data within your application, but you cannot transfer user data outside of your application.
We can require you to lớn delete user data if you use it in a way that we determine is inconsistent with users' expectations.
We can limit your access to lớn data.
You will comply with all other restrictions contained in our Facebook Platform Policies.

A lawyer might argue that the first nine points don't explicitly restrict Yeh from achieving what he wants. The 10th point, however, is where Facebook does indeed properly cover its bases. In said document there's a section called "II. Storing and Using Data You Receive From Us," the fourth point of which specifically says: "A user's friends' data can only be used in the context of the user's experience on your application."

Busted. If you login to lớn a third-party phầm mềm or Web site that leverages Facebook, only you can view your friends' data. Yeh, or anyone else for that matter, is not allowed to lớn hoard your credentials so sánh that others can see your friends' information and photos.

I reached out to lớn Facebook for a comment on this story. Right as I was finishing up this article (really, I was on this paragraph!), I was told the company could not provide a comment on Yeh's phầm mềm (likely because it's not live). A Facebook spokesperson did, however, point u to lớn a section of its Data Use Policy titled "Controlling what is shared when the people you share with use applications."

This webpage explains all about sharing and resharing of your information on Facebook, but the last line in this section is the one that applies here: "If an application asks permission from someone else to lớn access your information, the application will be allowed to lớn use that information only in connection with the person that gave the permission and no one else." That's just another way of saying the line I found earlier in the Facebook Platform Policies: "A user's friends' data can only be used in the context of the user's experience on your application."