Connect with us


Exclusive extract: how Facebook’s engineers spied on women



An Ugly Truth: Inside Facebook’s Battle for Domination is a behind-the-scenes exposé by journalists Sheera Frenkel and Cecilia Kang that offers the definitive account of Facebook’s fall from grace. In this exclusive extract, they show how engineers would access users’ private information – including women they were dating – for over a decade

It was late at night, hours after his colleagues at Menlo Park had left the office, when the Facebook engineer felt pulled back to his laptop. He had enjoyed a few beers. Part of the reason, he thought, that his resolve was crumbling. He knew that with just a few taps at his keyboard, he could access the Facebook profile of a woman he had gone on a date with a few days ago. The date had gone well, in his opinion, but she had stopped answering his messages 24 hours after they parted ways. All he wanted to do was peek at her Facebook page to satisfy his curiosity, to see if maybe she had gotten sick, gone on vacation, or lost her dog – anything that would explain why she was not interested in a second date.

He logged on to his laptop and, using his access to Facebook’s stream of data on all its users, searched for his date. He knew enough details – first and last name, place of birth, and university – that finding her took only a few minutes. Facebook’s internal systems had a rich repository of information, including years of private conversations with friends over Facebook Messenger, events attended, photographs uploaded (including those she had deleted), and posts she had commented or clicked on. He saw the categories in which Facebook had placed her for advertisers: the company had decided that she was in her thirties, was politically left of centre, and led an active lifestyle. She had a wide range of interests, from a love of dogs to holidays in Southeast Asia. And through the Facebook app that she had installed on her phone, he saw her real-time location. It was more information than the engineer could possibly have gotten over the course of a dozen dinners.

See also  Facebook Apologizes After A.I. Puts 'Primates' Label on Video of Black Men - The New York Times

Facebook’s managers stressed to their employees that anyone discovered taking advantage of their access to data for personal means, to look up a friend’s account or that of a family member, would be immediately fired. But the managers also knew there were no safeguards in place. The system had been designed to be open, transparent, and accessible to all employees. It was part of Zuckerberg’s founding ethos to cut away the red tape that slowed down engineers and prevented them from producing fast, independent work. This rule had been put in place when Facebook had fewer than one hundred employees. Yet, years later, with thousands of engineers across the company, nobody had revisited the practice. There was nothing but the goodwill of the employees themselves to stop them from abusing their access to users’ private information.

During a period spanning January 2014 to August 2015, the engineer who looked up his onetime date was just one of 52 Facebook employees fired for exploiting their access to user data. Men who looked up the Facebook profiles of women they were interested in made up the vast majority of engineers who abused their privileges. Most did little more than look up users’ information. But a few took it much further. One engineer used the data to confront a woman who had travelled with him on a European holiday; the two had gotten into a fight during the trip, and the engineer tracked her to her new hotel after she left the room they had been sharing. Another engineer accessed a woman’s Facebook page before they had even gone on a first date. He saw that she regularly visited Dolores Park, in San Francisco, and he found her there one day, enjoying the sun with her friends.

free widgets for website

The fired engineers had used work laptops to look up specific accounts, and this unusual activity had triggered Facebook’s systems and alerted the engineers’ managers to their transgressions. Those employees were the ones who were found out after the fact. It was unknown how many others had gone undetected.

See also  Introducing Facebook Viewpoints

The problem was brought to Mark Zuckerberg’s attention for the first time in September 2015, three months after the arrival of Alex Stamos, Facebook’s new chief security officer. Gathered in the CEO’s conference room, “the Aquarium”, Zuckerberg’s top executives had braced themselves for potentially bad news: Stamos had a reputation for blunt speech and high standards. One of the first objectives he had set out when he was hired that summer was a comprehensive evaluation of Facebook’s current state of security. It would be the first such assessment ever completed by an outsider.

Among themselves, the executives whispered that it was impossible to make a thorough assessment within such a short period of time and that whatever report Stamos delivered would surely flag superficial problems and give the new head of security some easy wins at the start of his tenure. Everyone’s life would be easier if Stamos assumed the posture of boundless optimism that pervaded Facebook’s top ranks. The company had never been doing better, with ads recently expanded on Instagram and a new milestone of a billion users logging on to the platform every day.

Instead, Stamos had come armed with a presentation that detailed problems across Facebook’s core products, workforce, and company structure. The organisation was devoting too much of its security efforts to protecting its website, while its apps, including Instagram and WhatsApp, were being largely ignored, he told the group. Facebook had not made headway on its promises to encrypt user data at its centres – unlike Yahoo, Stamos’s previous employer. Facebook’s security responsibilities were scattered across the company, and according to the report Stamos presented, the company was “not technically or culturally prepared to play against” its current level of adversary.

Worst of all, Stamos told them, was that despite firing dozens of employees over the last eighteen months for abusing their access, Facebook was doing nothing to solve or prevent what was clearly a systemic problem. In a chart, he highlighted how nearly every month, engineers had exploited the tools designed to give them easy access to data for building new products, to violate the privacy of Facebook users and infiltrate their lives. If the public knew about these transgressions, they would be outraged: for over a decade, thousands of Facebook’s engineers had been freely accessing users’ private data. The cases Stamos highlighted were only the ones the company knew about. Hundreds more may have slipped under the radar, he warned.

free widgets for website

Zuckerberg was clearly taken aback by the figures, and upset that the issue had not been brought to his attention sooner. “Everybody in engineering management knew there were incidents where employees had inappropriately managed data. Nobody had pulled it into one place, and they were surprised at the volume of engineers who had abused data,” Stamos recalled. Why hadn’t anyone thought to reassess the system that gave engineers access to user data, Zuckerberg asked. No one in the room pointed out that it was a system that he himself had designed and implemented. Over the years, his employees had suggested alternative ways of structuring data retention, to no avail. “At various times in Facebook’s history there were paths we could have taken, decisions we could have made, which would have limited, or even cut back on, the user data we were collecting,” said one longtime employee. “But that was antithetical to Mark’s DNA. Even before we took those options to him, we knew it wasn’t a path he would choose.”

See also  Judge approves $650M Facebook privacy lawsuit settlement

One executive was noticeably absent from the September 2015 meeting. Only four months had passed since the death of Sheryl Sandberg’s husband. Security was Sandberg’s responsibility, and Stamos technically fell under her purview. But she had never suggested, nor been consulted about, the sweeping changes he was proposing. Stamos prevailed that day, but he made several powerful enemies.

*Read an interview with the authors here

This exclusive extract is from An Ugly Truth: Inside Facebook’s Battle for Domination by Sheera Frankel and Cecilia Kang (The Bridge Street Press). RRP £20. Buy now for £16.99 at or call 0844 871 1514

Read More

free widgets for website
Continue Reading
Advertisement free widgets for website
Click to comment

Leave a Reply

Your email address will not be published.


Introducing Facebook Graph API v18.0 and Marketing API v18.0





Today, we are releasing Facebook Graph API v18.0 and Marketing API v18.0. As part of this release, we are highlighting changes below that we believe are relevant to parts of our developer community. These changes include announcements, product updates, and notifications on deprecations that we believe are relevant to your application(s)’ integration with our platform.

For a complete list of all changes and their details, please visit our changelog.

General Updates

Consolidation of Audience Location Status Options for Location Targeting

As previously announced in May 2023, we have consolidated Audience Location Status to our current default option of “People living in or recently in this location” when choosing the type of audience to reach within their Location Targeting selections. This update reflects a consolidation of other previously available options and removal of our “People traveling in this location” option.

We are making this change as part of our ongoing efforts to deliver more value to businesses, simplify our ads system, and streamline our targeting options in order to increase performance efficiency and remove options that have low usage.

This update will apply to new or duplicated campaigns. Existing campaigns created prior to launch will not be entered in this new experience unless they are in draft mode or duplicated.

free widgets for website

Add “add_security_recommendation” and “code_expiration_minutes” to WA Message Templates API

Earlier this year, we released WhatsApp’s authentication solution which enabled creating and sending authentication templates with native buttons and preset authentication messages. With the release of Graph API v18, we’re making improvements to the retrieval of authentication templates, making the end-to-end authentication template process easier for BSPs and businesses.

With Graph API v18, BSPs and businesses can have better visibility into preset authentication message template content after creation. Specifically, payloads will return preset content configuration options, in addition to the text used by WhatsApp. This improvement can enable BSPs and businesses to build “edit” UIs for authentication templates that can be constructed on top of the API.

See also  Enforcing Against Manipulated Media

Note that errors may occur when upgrading to Graph API v18 if BSPs or businesses are taking the entire response from the GET request and providing it back to the POST request to update templates. To resolve, the body/header/footer text fields should be dropped before passing back into the API.

Re-launching dev docs and changelogs for creating Call Ads

  • Facebook Reels Placement for Call Ads

    Meta is releasing the ability to deliver Call Ads through the Facebook Reels platform. Call ads allow users to call businesses in the moment of consideration when they view an ad, and help businesses drive more complex discussions with interested users. This is an opportunity for businesses to advertise with call ads based on peoples’ real-time behavior on Facebook. Under the Ad set Level within Ads Manager, businesses can choose to add “Facebook Reels” Under the Placements section.
  • Re-Launching Call Ads via API

    On September 12, 2023, we’re providing updated guidance on how to create Call Ads via the API. We are introducing documentation solely for Call Ads, so that 3P developers can more easily create Call Ads’ campaigns and know how to view insights about their ongoing call ad campaigns, including call-related metrics. In the future, we also plan to support Call Add-ons via our API platform. Developers should have access to the general permissions necessary to create general ads in order to create Call Ads via the API platform.

    Please refer to developer documentation for additional information.

Deprecations & Breaking Changes

Graph API changes for user granular permission feature

We are updating two graph API endpoints for WhatsAppBusinessAccount. These endpoints are as follows:

  • Retrieve message templates associated with WhatsAppBusiness Account
  • Retrieve phone numbers associated with WhatsAppBusiness Account

With v18, we are rolling out a new feature “user granular permission”. All existing users who are already added to WhatsAppBusinessAccount will be backfilled and will continue to have access (no impact).

The admin has the flexibility to change these permissions. If the admin changes the permission and removes access to view message templates or phone numbers for one of their users, that specific user will start getting an error message saying you do not have permission to view message templates or phone numbers on all versions v18 and older.

free widgets for website

Deprecate legacy metrics naming for IG Media and User Insights

Starting on September 12, Instagram will remove duplicative and legacy, insights metrics from the Instagram Graph API in order to share a single source of metrics to our developers.

This new upgrade reduces any confusion as well as increases the reliability and quality of our reporting.

After 90 days of this launch (i.e. December 11, 2023), we will remove all these duplicative and legacy insights metrics from the Instagram Graph API on all versions in order to be more consistent with the Instagram app.

We appreciate all the feedback that we’ve received from our developer community, and look forward to continuing to work together.

Please review the media insights and user insights developer documentation to learn more.

free widgets for website

Deprecate all Facebook Wi-Fi v1 and Facebook Wi-Fi v2 endpoints

Facebook Wi-Fi was designed to improve the experience of connecting to Wi-Fi hotspots at businesses. It allowed a merchant’s customers to get free Wi-Fi simply by checking in on Facebook. It also allowed merchants to control who could use their Wi-Fi and for how long, and integrated with ads to enable targeting to customers who had used the merchant’s Wi-Fi. This product was deprecated on June 12, 2023. As the partner notice period has ended, all endpoints used by Facebook Wi-Fi v1 and Facebook Wi-Fi v2 have been deprecated and removed.

API Version Deprecations:

As part of Facebook’s versioning schedule for Graph API and Marketing API, please note the upcoming deprecations:

Graph API

  • September 14, 2023: Graph API v11.0 will be deprecated and removed from the platform
  • February 8, 2024: Graph API v12.0 will be deprecated and removed from the platform
  • May 28, 2024: Graph API v13.0 will be deprecated and removed from the platform

Marketing API

  • September 20, 2023: Marketing API v14.0 will be deprecated and removed from the platform
  • September 20, 2023: Marketing API v15.0 will be deprecated and removed from the platform
  • February 06, 2024: Marketing API v16.0 will be deprecated and removed from the platform

To avoid disruption to your business, we recommend migrating all calls to the latest API version that launched today.

Facebook Platform SDK

As part of our 2-year deprecation schedule for Platform SDKs, please note the upcoming deprecations and sunsets:

  • October 2023: Facebook Platform SDK v11.0 or below will be sunset
  • February 2024: Facebook Platform SDK v12.0 or below will be sunset

First seen at

See also  Facebook Marketing: Promote your Facebook Page and Posts
Continue Reading


Allowing Users to Promote Stories as Ads (via Marketing API)





Before today (August 28, 2023), advertisers could not promote images and/or videos used in Instagram Stories as ads via the Instagram Marketing API. This process created unwanted friction for our partners and their customers.

After consistently hearing about this pain point from our developer community, we have removed this unwanted friction for advertisers and now allow users to seamlessly promote their image and/or video media used in Instagram Stories as ads via the Instagram Marketing API as of August 28, 2023.

We appreciate all the feedback received from our developer community, and hope to continue improving your experience.

Please review the developer documentation to learn more.

First seen at

free widgets for website
See also  Dennis Okari's Facebook account hacked.
Continue Reading


Launching second release of Facebook Reels API: An enterprise solution for desktop and web publishers





We’re excited to announce that the second release of FB Reels API is now publicly available for third-party developers. FB Reels API enables users of third-party platforms to share Reels directly to public Facebook Pages and the New Pages Experience.

FB Reels API has grown significantly since the first release in September 2022. The new version of the APIs now support custom thumbnails, automatic music tagging, tagging collaborators, longer format of reels and better error handling.

FB Reels API will also support scheduling and draft capability to allow creators to take advantage of tools provided either by Meta or by our partners. Based on the feedback we received from our partners, we’ll now provide additional audio insights via the Audio Recommendations API and reels performance metrics via the Insights API.

Our goal in the next couple of releases is to continue to make it easier for creators to develop quality content by adding features like early copyright detection and A/B testing. We’re also excited to start working on enhanced creation features like Video clipping- so stay tuned to hear more about those features in the future.


If you are a developer interested in integrating with the Facebook Reels API, please refer to the Developer Documents for more info.

free widgets for website

Not sure if this product is for you? Check out our entire suite of sharing offerings.

Tune in to Product @scale event to learn more about FB Video APIs and hear from some of our customers.

First seen at

See also  Facebook releases latest Community Standard Enforcement report
Continue Reading