Forgot your password?
typodupeerror
Privacy It's funny.  Laugh. Social Networks The Internet Your Rights Online

Who Is Downloading the Torrented Facebook Files? 142

Posted by Soulskill
from the not-just-santa dept.
eldavojohn writes "Gizmodo's got an interesting scoop on a list of IPs acquired from Peer Block revealing who is downloading the Facebook user data torrented this week: Apple, the Church of Scientology, Disney, Intel, IBM and several major government contractors just to name a few. The article notes that this doesn't mean it's sanctioned by these companies or even known to be happening, but the IP addresses of requests coming to one of the users' machines match to lists of IP blocks for each company."
This discussion has been archived. No new comments can be posted.

Who Is Downloading the Torrented Facebook Files?

Comments Filter:
  • by FuckingNickName (1362625) on Saturday July 31, 2010 @09:23AM (#33094868) Journal

    On an average popular torrent, are these companies also listed?

    • by Anonymous Coward on Saturday July 31, 2010 @09:35AM (#33094932)

      I bet they are.

      At the company I worked for the IT department had a machine which was always on and whose only purpose was to download files like that over BitTorrent. Of course only a few people inside IT knew about this machine.

      The company had about 10'000 employees. I guess a company like Intel (which has around 80'000 employees) downloading some random file over BitTorrent is absolutely nothing special.

      • Re: (Score:3, Interesting)

        I'm surprised any employee gets away with that.

        On my job, about five years ago, I installed torrent to grab some Doctor Who audio files to relieve the boredom, and the next day I came-in to discover my computer missing. They thought I had some kind of virus, wiped the drive, and handed it back to me a day later.

         

        • by toddestan (632714)

          Well, did you get away with it (in the sense that they actually did think it was a virus), or did they figure out that you had purposely installed a torrent client and reprimanded you for it?

      • by linzeal (197905) on Saturday July 31, 2010 @11:01AM (#33095390) Homepage Journal
        Try it at Intel, you will be walked out of the door in 30 minutes. What kind of IT department would expose the company to liabilities like that ?
        • by PinkyGigglebrain (730753) on Saturday July 31, 2010 @11:55AM (#33095668)
          Which highlights the point that whoever is downloading the torrent at Intel must be doing so with authorization.

          As to your question of "what kind of IT department ..." I can answer that one. Last place I worked as IT manager, but not by my choice, I wanted to lock the firewall down and block everything but web, email and a VPN port. I was overridden by the Boss, seems one of the guy in the machine shop (who also did the IT support before me, Goddess! what a mess!) had been downloading torrents of MS Office, Solidworks, MasterCam, Win XP and just about every software app they had in the office. Every time I tried to bring up the issue and try to get auth to start getting licenses I was told it would be too expensive. This was during the same time that the boss/owner took $400,000 out of the company accounts to buy a new house, he was also laying people off because their wasn't enough work for them.

          When the employee count got down to 25 I was laid off too on the premise that they didn't think they needed a full time IT department, the guy from the machine shop was going to babysit the network again. Thing that pisses me off if as long as he doesn't fuck with it will run smoothly until a hardware failure. I had set everything up to be just about idiot proof. Makes me think I did my job too well but its the only way I know how to do things.
          • by ooshna (1654125)
            Should have turned his ass in for the money. I think Microsoft has a rewards for whistle blowers in businesses.
            • I thought about it but its not my style.

              However, I am not averse to answering any questions the BSA may ask as long as it doesn't compromise my NDA and security ethics, so nothing about the network config or engineering projects the company worked on while I there. The software isn't covered in that.
              • by RockDoctor (15477)

                However, I am not averse to answering any questions the BSA may ask as long as it doesn't compromise my NDA and security ethics,

                In your jurisdiction, does having signed an NDA over something (e.g., the existence of an illegal activity within your company) protect you from criminal prosecution for active or passive participation in the crime itself?
                I suspect that if you tried that argument in court over here [note], you'd find that the charges laid against you - of "Conspiracy", or "attempting to defeat the

          • by JWSmythe (446288) <jwsmythe@jws[ ]he.com ['myt' in gap]> on Saturday July 31, 2010 @03:23PM (#33096930) Homepage Journal

            had set everything up to be just about idiot proof. Makes me think I did my job too well but its the only way I know how to do things.

                That's the best way to do it. It makes your job easier while you're there. As we've learned, there is no company loyalty. They expect us (the employees) to be loyal to the company, but when the time comes to save money, they aren't loyal to us.

                Don't worry, I'm sure he took your nicely configured system, and managed to mangle it in horrendous ways.

                The last real big place that I worked, I had everything running like clockwork. It looked like it was easy, because I did it so well. Within a month of them letting me go ungracefully, people started dropping me emails saying there were problems. They weren't related to the company, they just knew I ran everything. My only answer for them was "They fired me. I don't care. If they want me to fix it, I'd only go back with a huge raise and a bulletproof contract on my terms." They fixed problems. They made worse problems. Still, a few years later, I get the occasional email "their site is down.", which always gets the same response, "I don't care." :) The day they stopped paying me was the day I stopped caring. I do miss that job though. There's a certain feeling of accomplishment to have a well tuned machine running like clockwork.

                The thing in both of our cases is, we know they cut us loose because someone else said they could do it for a fraction of our price. And for that, we know they got someone with a fraction of our ability.

            • The guy hated doing IT related stuff, he just wanted to be run the CNC mills. I doubt he has even bothered to change the root password on the servers much less update the backup scripts. Unless both of the disks (RAID 1) on the main server crash I doubt they will even know if the backups are valid.
        • by LoRdTAW (99712)

          Are you 100% positive about that? Maybe that is true for non-it staff but what about IT? As another poster mentioned above, a few IT guys could have a box or even a virtual machine buried somewhere for torrents or other stuff.

          Years ago at college I worked in the tech building IT department. They watched the computer labs like a hawk. But they were pretty lax about who worked in the office. I setup a computer in a back room and hooked it to the network and ran a Half-life death match server on it. They had n

          • by c0mpliant (1516433) on Saturday July 31, 2010 @01:28PM (#33096264)

            Just because an IT department is strict does not mean the IT guys themselves are. Many feel they are above the law.

            You're right, which is why its usually a good idea to isolate your IT Security team from the IT department at large. Don't give them access to implement policy, just make it and monitor for abuses.

            • Good luck having your IT security inspect the data within an encrypted tunnel or VPN connection to the outside.

      • Nope - and there's a reason for it: Shellshock.

        I've previously worked at Intel, and got to watch the headcount slaughters of 2007 and early 2008... (hint: that ~80k headcount used to be ~115k). Fortunately on my end, I got to watch it from afar... my friends got to see it up close and personal.

        After seeing their own peers get laid off and either sent to the Pool (if lucky) or straight to unemployment (if not)? The survivors were too busy trying to justify their continued employment (most still are, though I

      • Re: (Score:3, Interesting)

        by stephanruby (542433)

        At a major corporation I used to worked for, the PR director used to purchase all the WetFeet [wetfeet.com] reports and FuckedCompanies.com alerts (in addition to the more traditional news clipping service related to our company). If anonymous people within your company are going to be publishing internal gossip/information about your company, and if your job is Public Relations, you might as well try to do your due diligence and try to be the first one to see what they're saying about you. I suspect that in the case of

        • by yuhong (1378501)
          And IMO that is all pretty OK if it is all public information. What is really bad IMO is firing people based on these kind of information, that should change to direct response if possible.
          • by yuhong (1378501)
            Unless it is something serious like a NDA breach.
          • There is the case of that one Intel employee who collected and stole millions of dollars worth of gold from their fab plant, he was stealing only the remnants of gold by-products from the manufacturing process apparently, that guy was placed under investigation for no other reason than driving too nice a car, but he wasn't fired. The guy resigned. The former spooks at Intel gave him stellar recommendations and helped him get the same job at AMD. That employee was the exception rather than the rule. Intel do

  • Not Really News (Score:5, Insightful)

    by CheshireCatCO (185193) on Saturday July 31, 2010 @09:26AM (#33094882) Homepage

    Looking over the long list of companies, you see what amounts to a list of large employers. Since we can't know if the downloading was an individual or a company decision, this tells us exactly nothing. There's no story here because there's no useful information.

    Heck, if I were a company that wanted that torrent, I'd get someone to download it at home and walk it in to our office. Companies aren't always that foresighted, of course, but they're also not generally stupid if they're successful.

    (It's like noting that an IP from the NSA checks Slashdot. It could be Slashdot being monitored or, more likely, it could be a random employee just posting.)

    • Re:Not Really News (Score:4, Interesting)

      by bsDaemon (87307) on Saturday July 31, 2010 @09:34AM (#33094920)

      Or, it could be a random NSA employee posting to provide a cover of plausible deniability to the monitoring! But seriously, the only thing the torrent does is make the information more easily obtained at one go. You can still click through the whole database and get all the information at http://facebook.com/directory [facebook.com]. I really don't see where any actual news is involved in this story, even from the beginning.

      • Re: (Score:3, Interesting)

        by Darkness404 (1287218)
        Exactly, so someone made a crawler to get publicly available information. This is not news at all anymore than its news that someone could do a google search and use web scrapers to make a profile of any /. user.
      • Re: (Score:2, Interesting)

        by AHuxley (892839)
        The NSA is the net in the USA, they dont have to sneak around as they just mirror it all off or have contractors do it for them.
        24/7, searching, connecting in real time.
        As for the rest, could be workers seeing the info and requesting it at work for reading, sorting at home?
        For unique interests its a win, search for users with as anti war, anti cult, anti rodent sweatshops interest.
        Befriend, turn, wipe, passive monitor, take over, re direct, mis direct or clone with a few twists. That might be the real
        • by bsDaemon (87307)

          I wouldn't have modded you troll if for no other reason than your post is pretty in character with your username's namesake. But I'm pretty sure you weren't trying to be funny either.

      • You can still click through the whole database and get all the information at http://facebook.com/directory [facebook.com].

        That's not entirely true. Scraping the link provided won't give you data from people who have turned off public search listings, so the torrent is potentially more useful...
        Note: This only includes people who have Public Search Listings available on Facebook. Anyone can opt out of appearing here by changing their Search privacy settings.

        • by bsDaemon (87307)

          The original story when the torrent was first released indicated that the so-called "hack" was merely scraping the publicly listed information of people with search listings turned on. So the torrent is just convenient, not useful.

          • by micheas (231635)

            The original story when the torrent was first released indicated that the so-called "hack" was merely scraping the publicly listed information of people with search listings turned on. So the torrent is just convenient, not useful.

            The issue is that a lot of people tightened up their privacy settings about two months ago. so being slightly dated might be a lot more useful.

    • Ah. That's exactly what they want you to think ;)
    • Heck, if I were a company that wanted that torrent, I'd get someone to download it at home and walk it in to our office. .

      Why? There's nothing wrong with what they're doing.

      People put their lives up for public view. And if you made you profile private or whatever, then that's an issue with FB and not with these companies.

      This is not different than reading someone's published autobiography.

      • Eh, my profile is semi-private. But then again, don't use my real name, there are no pictures of me on there, and I DGAF if fake info gets scrapped, mined and sold. More power to them.
      • I didn't say there was anything wrong with it. But just because something is legally and morally alright, it doesn't mean you want everyone knowing you're doing it. With grabbing profile information like that, one can easily imagine a PR nightmare (especially given recent, related events), so why even chance it?

      • Why? There's nothing wrong with what they're doing

        The fact that this is being discussed on Slashdot illustrates that you are wrong about this. At the very least, it prompts a lot of speculation as to what those companies want with that data. Many are going to offer theories that postulate the companies are going to use it for non-nice things. This means the companies are going to have to devote some resources to trying to minimize the damage from such speculation and rumors. All of which could be avoided if they had just had someone download it over their

    • by alphatel (1450715) *
      Or it could be that Slashdot is really the NSA!
    • The NSA doesn't surf slashdot. They get all the relevant information they are looking from when they do their daily deep scan/copy of your computer.
  • I would not be terribly surprised if the organizations that were listed had instructed their employees to download this torrent. IBM, for example, is interested in data mining, and this is a nice data set for testing algorithms on. Scientology probably wants to track current and former members, and is just grabbing anything that will help them in that effort.

    Of course, as others pointed out, there is no indication that this is not just routine; it would be nice to know if other popular torrents were al
    • Re: (Score:2, Informative)

      Most of the traffic PeerBlock blocks is false positives. It blocks huge ranges of IP addresses, YOU could be on one of their lists. The Gizmodo article says "it should be mostly accurate". Lol.

      It used to be called PeerGuardian, remember? The "lucky talisman" app that stops teh RIAA catching you? What a load of balls.
    • by WrongSizeGlass (838941) on Saturday July 31, 2010 @09:52AM (#33095004)

      I would not be terribly surprised if the organizations that were listed had instructed their employees to download this torrent.

      If a company sanctioned it (and that is purely an assumption) they could be looking for info on their own employees.

      • If a company sanctioned it (and that is purely an assumption) they could be looking for info on their own employees.

        It would be entirely reasonable for any company doing e-commerce to download these files, and check which usernames/passwords match their own data.
        For example, if there was a facebook user with username gnasher719 and password imsoclever, and Apple found there is an iTunes account with the same username and password, it would be a good idea to put some kind of clamp on that account before someone starts downloading expensive iPhone apps using my account information. Same with Paypal, eBay and so on.

        Loo

        • ...except the file doesn't contain passwords, so it would be useless for what you're suggesting.

          I'm not aware of any law prohibiting companies from looking around on the web to see what they're employees are doing. Problems may arise based on how they use the data. e.g. firing someone for things they do in their personal lives that have no bearing on their job or their employer.

    • by metamatic (202216)

      Well, IBM prohibits BitTorrent use by employees on IBM computers, so I'm doubtful that the IBM download is sanctioned. The person responsible will probably be hearing from the IT department, now that so much attention has been drawn to it.

      [Opinions mine, not IBM's.]

  • I was... but then I gave up, because I don't really care. Especially about names and IDs. Hmm, I wonder if I'm in there?
  • by Voulnet (1630793)
    If the profiles are private does that mean it is illegal to exchange them in public? Does that mean the downloading or uploading parties are subject to prosecution for spying on private information that was collected illegally?
    • by Darkness404 (1287218) on Saturday July 31, 2010 @09:38AM (#33094940)
      See the thing is the profiles were all public someone just made a web crawler to create it then put it up as a torrent download. No privacy was violated that wouldn't be with a normal search.
      • by Anonymous Coward on Saturday July 31, 2010 @10:01AM (#33095048)

        Actually, the profiles were all private, and then facebook changed the default privacy settings to make them public and 100 million chumps didn't know/care enough about their privacy to change things.

        • Re: (Score:3, Informative)

          by nschubach (922175)

          I just downloaded this package, and all it has a lists of names and URLs to Facebook profiles. If they users made their profile private, you're not going to get anything more than their name.

    • by brasselv (1471265) on Saturday July 31, 2010 @09:45AM (#33094976)

      The profiles are NOT private, nor there is anything "hacked" here.

      This archive contains only the information that users made publicly available (consciously or not) - this stuff was just crawled from the web and put together in one large file.

      There is no news here... if I were Apple or Cisco, I would crawl this public info myself, rather than relying on some dude that posted it on a torrent...

    • by gurps_npc (621217)
      Is there any information on Facebook that a reasonable person would Really consider to be 'private'? It's sort of like telling the town gossip something and adding "of course, this is in the strictest confidence". When I teach kids to use the internet, the first thing I tell them is that every web site lies a little bit about their privacy. If they say nothing worse than Y will be done, assume Yx2. Face book is a prime reason for this rule
  • by kamukwam (652361)
    I am confused. The title says 'Who is Downloading the Torrented Facebook Files?'. So I was guessing they didn't know and were coming to Slashdot to ask if anyone knew.

    But no, they already know it! So why bother and ask us anyway??

    I don't get it.

  • This torrent doesn't contain sensitive private information. It's just a very long list of names. That's it! Who cares who downloads a phone book without phone numbers?
  • Why wouldn't those companies download that info? The information is legal because it was publicly available and it's a measly 3GB download. Even if they get just a tiny bit of market/consumer insight from this data, it was well worth spending the short amount of time downloading the data.
    • by cpghost (719344)

      Why wouldn't those companies download that info?

      Because some random dude downloaded the torrent at the time? Let's see: one of the companies is German Telekom. That's the biggest ISP in Germany. Just because they're there, doesn't mean anything at all: it's most likely some of their customers who read the previous Slashdot article and fetched the torrent right away. The same for the other companies. There's nothing to see there, move along.

  • Program limitations (Score:2, Interesting)

    by SunSpot505 (1356127)
    I would question whether many people other than a major corp have the resources to work with that large a data set. It's not like Joe Schmoe can open that in Excel. Even if Joe could get it open, running any kind of query, even on indexed fields, would take forever. It can take up to 20 minutes for my quadcore to do a sort on our 300k record 200 field database.

    Corporations seem like a much more likely consumer of this data than anyone else. I'm thinking about downloading it just to see... I'll let yo
    • If a quad core system is taking 20 minutes to build an index on a table with 300 000 rows and any sane key, something is very seriously wrong.
    • Re: (Score:3, Interesting)

      I think the problem there is the use of Excel; I'm just going to quickly peruse the data with grep to see how many instances of my name are in there. It will take a while because of the size of the data set, sure, but I can just leave it running in the background while I do something else (since the work is done on a line-by-line basis and won't load the entire file into memory).
    • by hawks5999 (588198)
      A full 20 seconds? How do you stand it?
    • by crow_t_robot (528562) on Saturday July 31, 2010 @10:32AM (#33095196)
      Do you really manage a database that large in Excel? Does your computer shit parts of its motherboard out of its optical disk drive every time you open the file?
    • by Wingnut64 (446382)

      Corporations seem like a much more likely consumer of this data than anyone else. I'm thinking about downloading it just to see... I'll let you know how the sort time goes....

      (un)fortunately, it's already sorted for you.

      The bulk of the torrent is a 1.29GB bzip2'ed .txt file, which decompresses to ~9.7GB. It contains 170,879,859 rows. Took 7 hours to load that into a MySQL database. I basically only grabbed this to learn about database performance.

      I pity both Windows Notepad, and the poor fool who unzips and doubleclicks it without thinking :)

      • by yuhong (1378501)
        And even Excel 2007/2010 is limited to 1048576 rows.
      • by daveime (1253762)

        If you are loading a big table in MySQL with a ton of rows and indexes, foreign keys etc ...

        Load the table structure first.
        Disable indexes.
        Load the table data.
        Enable indexes.

        If you don't he'll be updating the index sorting and stats once for every row inserted, rather than doing one pass at the end on the whole dataset. It can make the difference between taking 7 hours to load, and perhaps 90 minutes.

      • by daveime (1253762)

        Oh, and if you have 2 hard disks, you can also get a huge performance boost by telling MySQL to store the table and index files (MYI and MYD if you're using MyISAM tables) on one disk, and the transaction logs etc on the other disk. Saves you a large amount of disk thrashing.

        And don't use InnoDB tables for this data ... it's reference data, you're not going to need transactions and rollbacks etc, as you're unlikely to be writing anything ... it'll probably be 100% read only access.

    • by kramulous (977841)

      It is not really that big. You should be able to process that stuff on commodity hardware easily enough. I imagine the big bottleneck will be with the IO. Pretty easy to stripe some disks.

      Quad core with well written code would buzz that tower fairly easily. Only talking about a few gigs of compressed data here.

      I would use directory structures with an info file in each to store this information. That would be my database.

  • Tormented (Score:3, Funny)

    by kamukwam (652361) on Saturday July 31, 2010 @09:49AM (#33094996) Journal
    What is a tormented Facebook file??
    • by Fumus (1258966)

      I'm going to patent Facebook: Torment as soon as I figure out a nice plot for the game.

      • The plot is simple : this guy wakes up with amnesia, doesn't remember who he is. So, he starts browsing through millions of Facebook profiles to figure out his identity. Along the way, he becomes friend with a flying, talking skull (hey, the guy got bored after browsing through a few tens of thousands of profile so he started doing mushrooms) and together they get into some wacky adventures.
  • When they pull crap like "we just reset/changed/added some protection settings, everything you had guarded is now wide open, kthxbye!", especially when it is a blatant attempt to further their own business plan, and then someone sucks all the data off and makes it available like this entity did?

    The old "permission change without warning" has happened with Yahoo and FB that I know of.

    YA, TOS probably state they can do whatever they want, but with TOS like that there has to be a fine line crossed somewhere ev

    • When they pull crap like "we just reset/changed/added some protection settings, everything you had guarded is now wide open, kthxbye!", especially when it is a blatant attempt to further their own business plan, and then someone sucks all the data off and makes it available like this entity did?

      The old "permission change without warning" has happened with Yahoo and FB that I know of.

      YA, TOS probably state they can do whatever they want, but with TOS like that there has to be a fine line crossed somewhere eventually that lands them in hot water.

      Well, if they continue to make themselves dangerous they're going to find the number of users will fall off. Everyone I know that was a big Facebook user isn't anymore. Partly my doing, I suppose, I just mentioned that Facebook isn't as careful with your personal data as they could be, and let them Google more if it concerned them. Just type "how do I cancel" into Google and don't even press Enter ... the very top of the suggestions list is "How do I cancel my Facebook account." Seems a lot of people are in

  • Really, these are publicly posted profiles, you can download them yourself. Its now news, move on!
    • Re: (Score:1, Informative)

      by Anonymous Coward
      The profiles aren't in the torrent. Only the user names and the profile number. Nothing else.
  • the same companies that object to torrent and other tools because it allows ppl to download their information, are now using these same tools to obtain information about citizens. Oh, the irony.
  • Who is downloading the list of IPs of people who are downloading the list of Facebook profiles?

    It's like a recursive privacy wank! :D

  • As a researcher, it will make my life easier in case I move on to studying Facebook. Everything in there is publicly available.

    According to the README file, the download contains the following:

    The script used to generate these files (v1)
    The script that will be used for the second pass (v2)
    The full URLs to every profile
    All names, including duplicates
    All names, no duplicates
    All names, no duplicates but with a count
    All first names (with count)
    All last names (with count)
    All first initial last name (with count)
    A

  • Now that they're using the blind ultimate evil that is BitTorrent.
  • "Apple, the Church of Scientology, Disney, Intel, IBM and several major government contractors " You can merge the first two, they're the same aren't they? :)
  • The better question is "who cares?" In what possible way does this bit of information make a difference to any of our lives.
  • I would bet that most large companies that sell software/media probably download any or all large sized torrents for the sake of piracy to find out what warez are being shared.
  • by Teun (17872)

    "Apple, the Church of Scientology, Disney, Intel, IBM and several major government contractors just to name a few. The article notes that this doesn't mean it's sanctioned by these companies or even known to be happening, but the IP addresses of requests coming to one of the users' machines match to lists of IP blocks for each company."

    Scientology a company, very insightful eldavojohn :)

  • Seriously, people. There is a war raging out there that no one is paying attention to. We are the fodder and the collateral as well as the valuable resource being contested over. The irony is that we could stop it if we wanted to. By just saying "no you cannot have my information" and moving along past all the smoke & mirrors, moving on to alternatives that are not as illusory, ambiguous or untrustworthy as the sites that are currently being heavily promoted and then dumped for another with a NEW color
  • I downloaded them to see if I or my friends' infos are floating around out there.

Information is the inverse of entropy.

Working...