100 million Facebook profiles is what Canadian security researcher Ron Bowes says he has collected from Facebook and published to some P2P sites.

Once again people rise in anger at Facebook, accusing it of not properly protecting their account information. Oh what evil creatures could cause such horror…


This man created a crawler that harvested information on 100 million Facebook accounts. There is no mention of a hack, or any privileged information being discovered. Just information that was already there… Probably already accessed and processed by every search engine in existence.

Facebook is a social network site. Hell, it is The Social Network site, and the most common trait of a social network site is to promote contacts between people. That means there has to be some amount of information visible for every user. How else can we know if Johnny User is really the guy or gal we want to befriend? I have a Facebook account and I have protected some of my information, but short of deleting my account there is always some information available.(1) My name, my picture if I have one uploaded, and any other information I did not choose to protect, will be visible.

If Mr Ron Bowes, or anyone else comes along and finds that information about me, it’s not a hack, not a security flaw, just the normal process of checking out someone’s account. It’s been done millions of times every day. I do it sometimes. Facebook even suggests we do it. It presents us with 2 or 3 profiles we might be interested in. Clicking on these users gets us access to their profile. Depending on their privacy settings we can see some information about these accounts. At the very minimum we can see their name, and little else, if they have their privacy settings set that way, or if they haven’t bothered, we can see most of their information, with fotos, and videos and whatever else they’ve uploaded. Nothing surprising there…

The only added value for Mr Ron Bowes is that he automated the process… No big deal.

And then he published that info. Here is the big problem. Did he have a right to publish that data? I don’t think so, and even if he did I still think he shouldn’t have done it. Of course I know nothing of Mr. Bowes intentions, or motives, but still it’s debatable.

Let’s face it, Facebook doesn’t have a good rep when it comes to security, but let’s not exaggerate our criticism. Let’s save it for matters that really matter, not some nonsense like this.


(1) There are allegations that Facebook does not delete accounts and maintains user data even when the user has asked his account to be deleted. This is much more serious that the above “problem”, because if these allegations are true, it means data is being kept against the user’s wishes. Dangerous and probably illegal…