I was at a party once with Facebook employees and they were telling stories about how they would spy on who visited who's profiles. They thought it was so funny, they could "tell" who had a crush on who. I deleted my account as soon as I got home. Vile company.
After getting scammed on Facebook Marketplace, I look at the profiles of sellers, particularly if they don’t have much in way of reviews. That seems more prudent than creepy to me. I’m not stalking anyone and I’m not looking to be their friend.
Is there a better way to do seller verification? It does seem like an information leak to me. Craigslist and eBay don’t share my identification as a potential buyer. I don’t love the marketplace being tied to a social network, but it’s what many people are using these days.
sure, showing up on suggested friends is weird. the way linkedin does it makes more sense: "these people have viewed your profile". i was picking up on hiding it outright. while that may be justified in your case, it's also reasonable to let them know.
the only people i would really not want to find out that i look at their profile are spammers and scammers (oh, and stalkers).
so both sides have a fair reason. so guess, if you can, choose the social network that works the way you prefer.
sneaking up to someones house and peeping in theier windows is creepy. or just camping out in front of their window from the street legally.
but that person had to put their info into the website, themselves, by choice, and then chose to let their privacy settings be such that others can view them.
if you pin your photo up to a cork board, don't be surprised if people see it
but the reverse is true too. if you look someone up, don't be surprised if they find out. really, i don't see how that would be a big deal.
with more and more illegitimate tracking being done, informing those being tracked seems a benefit, not a drawback.
there is a difference however between one institution tracking who all the people are that i am looking at, vs the person i am looking at finding out for themselves who is looking at them.
what i understood is that "showing up on their suggested friends list is creepy, and it's an information leak". the way i read that is that they would prefer not to show when someone visited their profile. and that's what i consider creepy.
Wouldn't surprise me. Everyone clutches their pearls and hits the downvote button as soon as you mention the Zucc quote, but has there really been any evidence that the company culture has matured away from "They Trust Me - Dumb fucks"?
Absolutely not. I'm no friend of Zucc, but the graph is protected by a permission system that won't show almost anything for employees without a making a request including legitimate business reason, for a limited time and scope, and managerial approval.
It was more than one person and yes, it's vile that they had access to this information and a culture of spying (and joking about it). They also said they could tell how long someone was looking at each image. The whole company is basically perverted spyware, which absolutely makes sense if you know how and why it was conceived.
> found Meta to have inadvertently stored certain passwords of social media users on its internal systems without encryption, and fined it €91m (£75m)
WTF? I thought that on 2010 already people were diligent enough to avoid even sending the password and instead just hashed it locally before even sending it.
That is not standard even today. The main threat is in transit over the network, which https/TLS solves, but obviously this won’t stop error traces or logging on the server from including request bodies.
If you do hash locally (not sure I’ve seen any big players do this), you also need to be hashing server side (or else the hash is basically a plain text password in the database!)
That said, I’m not sure why companies don’t adopt this double hashing approach. Complexity maybe? I know it could limit flexibility a little as some services like to be able to automatically attempt capitalization variations (eg. caps lock inverse) on the server. Anyways in 2026 we should all be using passkeys (if they weren’t so confusing to end-users, and so non-portable)
Extremely doubtful to have occurred in the past 10 years. It's pretty much impossible to access anything on the graph without a business reason and managerial approval.
>The engineer, who lives in London, is believed to have designed a program to be able to access personal pictures on the site while avoiding security checks.
> A Meta spokesperson told the BBC the breach was discovered over a year ago, after which the firm said it immediately fired the suspected employee and "referred the matter to law enforcement".
> A spokesperson for the Metropolitan Police said a man in his 30s was arrested in November 2025 on suspicion of unauthorised access to computer material.
I was at a party once with Facebook employees and they were telling stories about how they would spy on who visited who's profiles. They thought it was so funny, they could "tell" who had a crush on who. I deleted my account as soon as I got home. Vile company.
That must have been a long time ago. Nowadays there are a lot of safeguards and that's one of the things that gets you fired right away.
Yes, in a "never_do_this_or_you_will_be_fired" kind of way
Nowadays when you visit someones profile you show up on their suggested friend list. Creepy or cute, a deliberate information leak.
viewing someones profile without them knowing is not creepy?
After getting scammed on Facebook Marketplace, I look at the profiles of sellers, particularly if they don’t have much in way of reviews. That seems more prudent than creepy to me. I’m not stalking anyone and I’m not looking to be their friend.
Is there a better way to do seller verification? It does seem like an information leak to me. Craigslist and eBay don’t share my identification as a potential buyer. I don’t love the marketplace being tied to a social network, but it’s what many people are using these days.
sure, showing up on suggested friends is weird. the way linkedin does it makes more sense: "these people have viewed your profile". i was picking up on hiding it outright. while that may be justified in your case, it's also reasonable to let them know.
the only people i would really not want to find out that i look at their profile are spammers and scammers (oh, and stalkers).
so both sides have a fair reason. so guess, if you can, choose the social network that works the way you prefer.
sneaking up to someones house and peeping in theier windows is creepy. or just camping out in front of their window from the street legally.
but that person had to put their info into the website, themselves, by choice, and then chose to let their privacy settings be such that others can view them.
if you pin your photo up to a cork board, don't be surprised if people see it
but the reverse is true too. if you look someone up, don't be surprised if they find out. really, i don't see how that would be a big deal.
with more and more illegitimate tracking being done, informing those being tracked seems a benefit, not a drawback.
there is a difference however between one institution tracking who all the people are that i am looking at, vs the person i am looking at finding out for themselves who is looking at them.
It is creepy, that's what they're saying.
what i understood is that "showing up on their suggested friends list is creepy, and it's an information leak". the way i read that is that they would prefer not to show when someone visited their profile. and that's what i consider creepy.
I keep reading same statements here for past 10+ years, every time some similar fuckup @fb happens. Every. Single. Time.
0 trust in that company, 0 trust in its employees.
Wouldn't surprise me. Everyone clutches their pearls and hits the downvote button as soon as you mention the Zucc quote, but has there really been any evidence that the company culture has matured away from "They Trust Me - Dumb fucks"?
Wouldn’t it be nice if the scope of what you witnessed was limited to that one company…
What other companies have the scope of Meta(-stasis) FB?
Google, since you asked.
But the point is: Facebook attracts these employees, it doesn’t breed them.
Microsoft (Teams).
Are they able to see these data of whichever user whenever they want with no trails at all??
It certainly sounded like it, or that no one cared about the trails since they thought it was so hilarious.
Absolutely not. I'm no friend of Zucc, but the graph is protected by a permission system that won't show almost anything for employees without a making a request including legitimate business reason, for a limited time and scope, and managerial approval.
[flagged]
It was more than one person and yes, it's vile that they had access to this information and a culture of spying (and joking about it). They also said they could tell how long someone was looking at each image. The whole company is basically perverted spyware, which absolutely makes sense if you know how and why it was conceived.
You could make that claim about all of public society in some way. Why go anywhere, unless it’s to be spied on and spy on others.
You CAN make that claim but it isn't right, not comparable at all
No
Hope the host checked thoroughly for missing property after everyone left, because I wouldn't put it past a metamate.
Tesla employees talk about recordings of people fucking in cars around the watercooler
[flagged]
> found Meta to have inadvertently stored certain passwords of social media users on its internal systems without encryption, and fined it €91m (£75m)
WTF? I thought that on 2010 already people were diligent enough to avoid even sending the password and instead just hashed it locally before even sending it.
That is not standard even today. The main threat is in transit over the network, which https/TLS solves, but obviously this won’t stop error traces or logging on the server from including request bodies.
If you do hash locally (not sure I’ve seen any big players do this), you also need to be hashing server side (or else the hash is basically a plain text password in the database!)
That said, I’m not sure why companies don’t adopt this double hashing approach. Complexity maybe? I know it could limit flexibility a little as some services like to be able to automatically attempt capitalization variations (eg. caps lock inverse) on the server. Anyways in 2026 we should all be using passkeys (if they weren’t so confusing to end-users, and so non-portable)
if you hash locally isn't that effectively like using private/public keys but less secure? might as well use the real thing then.
That's never been standard. Passwords in log files is a common issue, crazy you can get fined 8 digits for it.
Extremely doubtful to have occurred in the past 10 years. It's pretty much impossible to access anything on the graph without a business reason and managerial approval.
From the article:
>The engineer, who lives in London, is believed to have designed a program to be able to access personal pictures on the site while avoiding security checks.
> A Meta spokesperson told the BBC the breach was discovered over a year ago, after which the firm said it immediately fired the suspected employee and "referred the matter to law enforcement".
> A spokesperson for the Metropolitan Police said a man in his 30s was arrested in November 2025 on suspicion of unauthorised access to computer material.
and this is the case for every member of the company? even mr sugarmountain?
Yep.
Can managers access it without managerial approval?
Even if they could, the purpose of safeguards are still to ask at least for a business reason and be logged, no matter your rank or approval
This would've been an embarrassing security lapse in 2007. In 2024(?) it's despicable.
What is it that Zuck called people who trusted him? Oh right
Dumbfucks
What a creep.