Thursday, May 27, 2010


There are as many Facebook groups lamenting the death/loss/explosion of a phone as there are words in Cryptonomicon. If you have a Facebook account, you're no doubt familiar with someone noting that their phone was destroyed by Telsa's ray gun, or perhaps by a more quotidian incident (e.g. dropped in toilet). Said victim is desperately in need of his friends' phone numbers, and fate has smitten his sole copy of his address book. So he does what any reasonable person would do: he sends a group request to all of his 1,000 Facebook friends requesting that they join a group (titled something grammatically immaculate, with judicious use of exclamation points) and post their phone numbers to the group. Except when Jove robbed him of his phone, he also rendered his common sense inert, so he makes the group public. "Public" in the Facebook vernacular means visible to anyone on the Internet, regardless of whether they have a FB account.

Enter Evil.

Evil is a proof-of-concept site -- it does something shocking to prove to how easy it is for someone with truly malicious intent to perform the same action. In this case, the software searches for public groups that serve the purpose described above and harvests the names, pictures, and phone numbers of everyone in the groups. In English: it shows how easy it is to collect people's private phone numbers from Facebook groups. Given that this site is just meant to teach, it redacts the last digits of the phone numbers, but if you'd like to get a clearer picture of what we're talking about, check this out. Scary, huh?

I shudder to think of what will happen when marketers figure this out -- text-message SPAM, anyone?

No comments: