Purported Interview With Facebook Employee Details Use Of 'Master Password'

Earlier today, The Rumpus published a very revealing interview with someone claiming to be a Facebook employee. The interview covers a variety of subjects, including privacy restrictions at the world’s largest social network and some of the technological hurdles the site has to deal with. The biggest revelations? That Facebook collects more data about your habits than you may realize, and that there was once a ‘master password’ that would grant employees access to anyone’s Facebook profile — a password that some employees abused.

The interview wasn’t authorized by Facebook, and there are many who are doubting its authenticity. We’ve heard some rumors that the interview is legit, and The Rumpus’ editor stands behind it. For what it’s worth, much of it rings true to me — none of the ‘facts’ revealed are surprising or difficult to believe. Here are some of the highlights:

  • Facebook is recording data on everything you do on the site. Everything. And not just the messages you’ve written and received either: it knows how many times you’ve clicked on your friend’s profile, which photos you’ve viewed, and more. Using this data it can establish who your best friends are, which helps it generate interesting stories in your News Feed. According to the interview, this data has recently been used to streamline search (your best friends show up first as your type in your query, rather than an alphabetical list).
  • There was a master password that granted Facebook employees access to any account, if they knew it. The interviewee describes a password that would allow a Facebook employee to view anyone’s profile simply by typing in their unique user ID and the password (the password itself was a variation on ‘Chuck Norris’). This password was used primarily for engineering purposes, but other employees could find it “if they knew where to look”. To use the password, you would have to be accessing Facebook from the company’s ISP (in other words, there was no risk of it leaking to the web at large). The employee says that this power has been abused on at least two occasions, explaining that she is aware of two relating firings.
  • The employee says that even the use of a master password is unneeded if you’re looking to access private data, because employees can simply query the database:

    See, the thing is — and I don’t know how much you know about it — it’s all stored in a database on the backend. Literally everything. Your messages are stored in a database, whether deleted or not. So we can just query the database, and easily look at it without every logging into your account. That’s what most people don’t understand.

  • Finally, while the interviewee says the ‘master password’ has been deprecated, employees can still access your profile through a special tool, but they need to provide a reason for why they’re doing it. If they get audited down the line and fail to provide an explanation, they can be fired.

The rest of the interview is well worth reading. It covers Facebook’s international expansion, the efforts of one developer to create ‘Hyper-PHP”, and more.

Could the whole interview be a hoax? Sure. The interviewee apparently got some of their stats wrong, but frankly I doubt many Facebook employees can spout off the site’s membership and data storage figures off the top of their head. Here’s the statement Facebook gave us:

“This piece contains the kind of inaccuracies and misrepresentations you would expect from something sourced “anonymously”, and we’ll leave it at that.”

Reading between the lines, if Facebook was able flatly deny the claims made in the interview I suspect they would have. Instead it is trying to undermine the credibility of the article without pointing out any facts that were incorrect. And even if the interview itself is fake, I still think much of what was discussed rings true.

I’ve heard multiple times that Facebook employees can access your profile for security reasons, and they face the threat of being fired should they abuse that privilege. And it wouldn’t surprise me at all if the restrictions around these tools were much laxer a few years ago. These ‘Big Brother’ tools are very common at the social sites around the web, so Facebook would hardly be an anomaly in this case.

One final note: if the interview is legitimate, I suspect many of the facts were fabricated to conceal the identity of the interviewee. The article’s author, Phil Wong, has apparently only contributed a single post to The Rumpus (he may well not exist). The article says that Wong visited Facebook headquarters, which means that the company would certainly have a record of who he was there to visit, which would likely reveal the source’s identity. If the interview ever took place, Wong has either done a bad job covering his tracks or some of these details have been made up.