This is like when Dr Evil asks for $1 million dollars after being unfrozen. These courts need to get with the times.
this post was submitted on 27 Sep 2024
1115 points (99.7% liked)
Technology
58739 readers
4181 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
Meta: The company whose products you use when you absolutely, positively, don't give a shit that they are the worst example of the worst nightmare of a consumer-hostile, privacy-invading, you-are-the-product, tech company. Yes, even worse than Microsoft.
This is why you never reuse passwords. Usually there's no way to tell if a site is storing them in plain text until there's a data breach.
Jesus, why not fine them 5 bucks?
What a joke.
Whoa, better make sure all my pwds are in keepass! Didn't know the fines were so hefty for that.
They still store the passwords like that? I remember that quote of Zuckerberg doing so, in the early days, and boasting about it to a friend... This was so outrageous at the time. Now it's beyond absurdity.. Not to mention the fine is so small!
Not to excuse them, but this is from 2019. Yes, that behavior was so outrageous at the time, but hopefully it is no longer happening
Also, nobody reads the actual posts, just the headlines. They were accidentally stored in logs:
As part of a security review in 2019, we found that a subset of FB users' passwords were temporarily logged in a readable format within our internal data systems,
which is something I've seen at other companies too. For example, if you have error logging that logs the entire HTTP request when an error happens, but forget to filter out sensitive fields.
load more comments
(2 replies)
2019 isn't some ancient far away time though, it's just a few years ago. If Facebook were doing stuff like this then, think who else is still doing it.
I remember my bank used to ask me for the 2nd, 5th and 7th letters of my password from time to time.
There's only one realistic way they can know those to ask me.
They haven't asked me that for a while now, so I can only hope they encrypted them properly at some point.
I once called my bank because I had trouble logging in. They didn't outright say it but they implied that they could see my password and asked if I wanted to update it by telling them the new one. I said no.
And you can imagine someone thinking it's super clever and secure.
I'm sure we can just trust that it's better now. The small dent fee that falls under the category of "write-off' on Meta's budget probably really straightened up their behavior...
Probably is
I imagine the implementation would cost them more than the fine...
no... just... no.
Something like this should be like 15% of last year's revenue.
eehw, Facebook
Quick math: this is only 0.076% of their 2023's revenue. No wonder big corporations don't give a fuck about fines and will continue doing fucked up/illegal shit. This is not a fine, this is a green light, my friends.
They literally just consider fines as a cost of doing business.
Hold on, let me dig around for my surprised face
Considering how old Facebook is, you'd think they would have their shit together when it comes to password security...
I mentioned this in another comment too: Nobody seems to reads the actual posts, just the headlines. They were accidentally stored in logs:
As part of a security review in 2019, we found that a subset of FB users' passwords were temporarily logged in a readable format within our internal data systems,
which is something I've seen at other companies too. For example, if you have error logging that logs the entire HTTP request when an error happens, but forget to filter out sensitive fields.
These things are the other way around. The older something is, the more likely it is to find a bunch of questionable choices, spaghetti code, and security holes.
The questions I have surround the "since 2012" bit. FB exists since 2004, so what happened in 2012? Was it a data dump, a careless logger, system migration, or something else?
load more comments
(1 replies)
It seems like it was one of those old systems from the earlier days that somehow was overlooked. It's not great but I understand how it happens if they didn't have strong monitoring and system ownership.
This is almost certainly the result of accidentally letting the passwords get into the logging infrastructure.
Considering how old Facebook is…. They probably never bothered to upgrade the authentication system because “if it ain’t broke, don’t fix it” and it didn’t matter to their revenue.
Password hashing has been standard practice far longer than Facebook has existed. Even by 2004's awful, 'archaic' standards.
load more comments
(1 replies)
Facebook is huge and has very diverse teams/departments. It's absolutely possible the guys who know what security is, and the guys who build app xyz are in different departments, countries, continents.
The capitalists want us to believe otherwise, but large corporations are just as convoluted and inefficient as a planned economy.
Have you ever worked for government IT? Most of it is ages behind private sector.
I work in the private sector and our most essential systems run on Windows Server 2012. Because the installed applications can't be migrated to anything else. After a reboot, there's 21 scripts that need to be run in a specific order (with admin rights) to get the app running again. The frontend is an http webpage that's open to the world.
The supplier of the software is a huge global corporation, market leader in their field.
load more comments
(3 replies)
The difference is even this pittance of a fine wouldn't happen in a planned economy - it would be like the planners fining themselves.
What we're seeing here is a result of the amoral "beastly" types concentrating power. What you're suggesting is to intentionally concentrate that power from the start.
Facebook is a great example of democracy - the billions of people using it have effectively (in their voluntary ignorance) voted for it to be like this. These are the same people who would vote for policies in a pure democracy.
And you're ignoring what happens in the SMB space, where people aren't part of the corrupt circle.
You're welcome to start a small community anywhere in the US with a planned economy, as proof of concept.
You could call it.... A commune, to indicate its goals.
Of not more. At least government gives some amount of insight and a chain of responsibility. Corporations are opaque and responsibility ends in an understaffed, underpaid "support" line.
They are still on the old system of writing them down on paper XD
old system of writing them down on paper
That's harder to steal/hack by someone across the globe.
Glad I deleted mine in 2018 and use a password manager (KeepassDX). Only socials I have are Lemmy, Mastodon (rarely used), and Nostr. If it aint FOSS I avoid if at all possible.
All fines should be percentage of income instead of some arbitrary number.
Shoulda coulda woulda.
My aunt recently gave me a good advice, and a person in one chat with, I suspect, very interesting expertise gave the same advice in different form.
Emotions harm reason, and propaganda is not just directed at suppressing or increasing the emotion. It's directed at making you emotional when you should be patient, and apathetic when you should be emotional, and act when you should wait, and wait when you should act.
It can easily work since everyone feels their fight of their day to be unique. But it's not, and more than that - you can always look a few years back and remember that not only was it predicted, but you yourself predicted it.
By all this smartassery I meant - people making the laws don't want them to work as we do, and they have sterilized the field. Think further.
load more comments
(2 replies)
And collected from shareholder payouts.
They also need to remove the limited liability from companies for intentional illegal activities.
illegal business practices should be charged to the people involved instead of the company. The executives who made the decision to break the law lose personal assets.
Otherwise the shitheads just pass the company losses onto the employees: no raises, hiring freezes, layoffs, reduction in benefits, etc...
100%. We need more personal liability for the evils of big business, not less
Intentional? Better use Negligent. It's hard to prove intent; knowledge of something going on is much easier to prove.
Why would the regime ever hurt itself tho?