Facebook Bug Made 14 Million Users’ Posts Public over 5 Days in May

1 minute read
| Editorial

A Facebook bug turned 14 million users posts into public posts over a 5 day period in May. CNN Money reported the bug was the result of an un-proclaimed Facebook test, and that Facebook then made all posts created by affected users into private posts. Without telling them. Because [Facebook].

Facebook announced the bug today and will be notifying affected users starting today.

Facebook CEO Mark Zuckerberg

Facebook CEO Mark Zuckerberg

“We recently found a bug that automatically suggested posting publicly when some people were creating their Facebook posts,” Erin Egan, Facebook’s chief privacy officer, said in a statement. “We have fixed this issue and starting today we are letting everyone affected know and asking them to review any posts they made during that time. To be clear, this bug did not impact anything people had posted before — and they could still choose their audience just as they always have.”

Facebook Bug Affects 14 Million Users

Here’s how it worked: Facebook was testing some new unannounced feature, or as I like to call it, experimenting on its users, As an unintended byproduct of this test, the members being experimented on had their default post status set to “public” from May 18th through May 22nd. Usually, your message status is whatever you chose last. Any user who noticed the “public” status and changed it to some form of private status would have posted as intended. Everyone else made their posts public.

Facebook noticed the problem and spent another five days making all posts by the affected users private—again, without telling us until today—regardless of their original intent (because Facebook wouldn’t know their original intent). Starting Thursday (today). affected users will get a message from Facebook asking them to review the affected posts.

And, get this, Facebook called today’s announcement—despite the many days that have elapsed since discovering and then correcting the problem—part of its new effort to be proactive and transparent.

Pretty cool, right?

7 Comments Add a comment

  1. wab95

    CNN Money reported the bug was the result of an un-proclaimed Facebook test, and that Facebook then made all posts created by affected users into private posts. Without telling them. Because [Facebook]…Facebook was testing some new unannounced feature, or as I like to call it, experimenting on its users, As an unintended byproduct of this test, the members being experimented on had their default post status set to “public” from May 18th through May 22nd.

    Bryan:

    Where to begin? So much content in one sentence. Oh, I know! How about FB’s reference to a ‘bug’? A bug? A bug is an anomaly, something unexpected, unintended and typically rare to the point of being a one-off. Clear? FB’s abuse and exposure of client data, or allowing it to be possessed without consent or notification by allowing it fo fall into the hands of, or outright giving it to, persons their clients never consented to share it with, is not an anomaly. This is SNAFU, “Situation Normal, All Flubbed Up’. In other words, this is a pattern of behaviour. So no, it’s not a bug; it’s a feature. Just like today’s beating from an abusive spouse or partner; however tearful and insistent that it was ‘a fluke’ and ‘will never happen again’, it’s not an anomaly, it’s not a bug, it’s a feature of the relationship (I cannot tell you how many times I’ve had this discussion with patients who, once I’ve tended to their wounds, insist that they want to give the guy – and it’s usually a guy – another chance, because ‘he said it’ll never happen again’). Put another way, FB’s relationship with their client base is abusive. FB is an abuser.

    What else? Oh, I know! How about “Facebook then made all posts created by affected users into private posts. Without telling them”? There are two violations here. The first is the violation of privacy; the second is the conduct of an action, experimental or otherwise, without the informed consent of a human subject. Let’s be clear. We (collective humanity) have held trials in courts of law and have convicted and punished people for experimenting or simply doing things to other human beings without their consent. Let’s put this in context. Experiments on humans is done by professionals who spend years in training and is supervised and regulated by bodies of independent agencies, themselves staffed by trained professionals. Human subjects trials are first peer-reviewed (if they are to be funded by competitive awards), then reviewed and approved, with or without modification, by an institutional review board or IRB, and if these are clinical trials, are overseen, start to finish, by a data safety monitoring board or DSMB, which has the responsibility and authority to review the data at anytime and recommend to the sponsoring institution that the study be stopped if deemed unsafe, in other words, if they believe that harm is, or may be, being done to humans. The primary objective is to protect the vulnerable, whose personal safety over-rides the imperative of scientific inquiry into bettering the common good.

    Now, one can argue that this latest FB SNAFU was an unintentional experiment, but it was an experiment – something was being tested, ie trialled, on real people and their actual data. A human subjects scientist would need to get institutional permission and go through review in order to do this. If they did not go through this process, and particularly if those data were compromised or human subjects otherwise harmed (bad things can happen to people when their personal information gets leaked), it would be considered scientific misconduct. They would lose their job, their licence, be subject to penalties, and perhaps lose their freedom to some well-earned jail time. Instead, we have FB’s gaggle of wanking punks, lacking in either training or oversight, serially violating this inviolable rule of consent with impunity. It’s time that they pay the price for violating these norms based on the Nuremberg Trials. What would constitute an appropriate punishment? What was FB’s annual revenue for 2017? Yes, that. It needs to hurt to be an effective deterrent against repeated offence.

    And we haven’t even touched on the violation of privacy, and arguably implicit confidentiality (privacy and confidentiality are distinct). But these are such universal values, even though their limits are being tested in courts of law, that their compromise and violation, whether intentional or accidental is a violation of trust equally deserving of punishment. Again, FB appears to skate free with impunity.

    I realise that TMO has a FB page or pages to which they invite their readership to engage in and support. I’d like to. I really would. However, this is akin to being invited by your mates to hang out…in a louse-infested brothel. In a shanty town. Rife with multi-drug resistant venereal diseases. In the middle of fetid dump chock full of rotting rubbish. Surrounded by an open cesspool. I love you guys…but I’ll pass.

    In the meantime, legislators worldwide need to hold FB not merely accountable, but impose meaningful penalties to deter future abuses, and protect the vulnerable.

Add a Comment

Log in to comment (TMO, Twitter, Facebook) or Register for a TMO Account