Categories
Daily dose

Facebook voice messages transcribed by contractors

Have you ever sent a voice message through Facebook Messenger? If so, there’s a great chance that someone else might have listened to it and even made a transcription. That’s right, someone else has heard and written down those words you intended only for your friend, family or special someone. Bloomberg reports that Facebook has hired contractors to transcribe voice messages sent through its Messenger app/service.

While Facebook uses AI to mine or analyze our chat conversations in Messenger for information so that it can serve ads, give suggestions like canned responses or what emoji to reply with, it’s clear that it’s not yet good enough to analyze voice messages.

Their solution is simple – outsource it to contractors and have their workers literally listen to the voice messages and transcribe it for the AI to digest. Simple yet has ‘invasion of privacy’ written all over it. In red.

Is Facebook allowed to do this? It seems we have given it our permission to do so:

The Facebook data-use policy, revised last year to make it more understandable for the public, includes no mention of audio. It does, however, say Facebook will collect “content, communications and other information you provide” when users “message or communicate with others.”
Facebook says its “systems automatically process content and communications you and others provide to analyze context and what’s in them.” It includes no mention of other human beings screening the content. In a list of “types of third parties we share information with,” Facebook doesn’t mention a transcription team, but vaguely refers to “vendors and service providers who support our business” by “analyzing how our products are used.”

Facebook Paid Contractors to Transcribe Users’ Audio Chats by Sara Frier, Bloomberg.com

Other companies like Amazon, Google and Apple have done the same in order to improve their AI services Alexa, Google Assistant and Siri respectively but has stopped the practice after they got criticized for it. Facebook has also recently stopped it as well, for now.

I’m not yet sure how this sits with privacy laws in each country around the world. In the Philippines our own Data Privacy Act is quite stringent with this regard and will be the subject of a follow up to this post. In the meantime, bear in mind that the next time you send another voice message in Messenger, someone else could listen to it at any time and most likely, without you knowing.

Categories
Daily dose

Facebook passwords stored in plaintext – change it now

Have you changed your Facebook & Instagram password lately? If not it’s time to do so now. News has gone viral that Facebook has stored millions of passwords in plain text format making it readily accessible to its thousands of employees for a long time now.

Krebs on Security got hold of a Facebook employee and here are the basics:

  • Facebook employees built applications that logged unencrypted password data for Facebook users and stored it in plain text on internal company servers.
  • So far, it’s estimated that 200 and 600 million Facebook users had their account passwords stored in plaint text and searchable by Facebook employees.

It’s very basic that for services like Facebook, user account passwords are stored in a secure way – passwords are scrambled using cryptography aka hashing then stored in its servers. Once hashed, the passwords are virtually impossible to crack even with a powerful computer.

What Facebook discovered is that passwords were stored without being scrambled or hashed. This is like typing your Facebook account password in a text file using Notepad. Naming the file ‘FACEBOOK PASSWORD’ then saving it on a share folder. If you want to go offline, it’s like writing down your Facebook password on a sticky note then putting it on the fridge door.

Fortunately, for now, Facebook has found no indication that the passwords were abused by its employees nor has it been accessed outside its network. Either way, the best thing to do now is change your Facebook and Instagram passwords. And for goodness’ sake don’t save it on your computer or device. Use a password manager app if you’re having trouble remembering your password for each social media account.

Remember, it’s better to be safe than sorry.

Featured image by Mark Burnett