Information security is too important: Facebook can log in to a user account without a password.

In the past two years, Facebook has been questioned by outsiders. For example, during the US presidential election, the information released by users was neglected, causing Russian agencies to use Facebook to spread fake information, interfering with American public opinion and US elections. Facebook A large number of related user accounts and a large amount of publicity information have been announced. Facebook has also been accused of spreading online fake news, misleading US users and voters.

Facebook's privacy is now double-standard, and employee privacy protection is better than ordinary users.

Beijing time on May 4 morning news, according to the US "Wall Street Journal" website quoted informed sources, Facebook has double standards on user privacy issues, the company's internal employees are subject to higher privacy protection than ordinary users - a small number of Facebook employees Have access to the user's profile without the user's knowledge, but if the Facebook employee accesses another employee's profile, the visited employee will receive a reminder.

Inside Facebook, reminders to access personal information between employees are often referred to as "Sorren Alerts" - Sauron is a character in the movie "Lord of the Rings", a character with an innocent eye, this eye can always Be vigilant and look into the distance. But Facebook has not offered similar privacy protections to 2 billion regular users.

Such double standards are unacceptable. Why are employees protected more than ordinary users? It is also because of this double standard that Facebook is in a problem and it is difficult for them to tell users how the company uses user data. If Facebook wants to solve this problem completely, they must make a lot of changes to their platform.

A spokesperson for the company said that Facebook is currently engaged in internal discussions, the topic of the discussion is whether this reminder should be open to all users. The spokesperson then said: "When considering providing similar functionality to all users, there are many other important things that we need to consider. For example, how to prevent this feature from being abused."

Facebook's system is indeed being abused: Earlier this week, a Facebook employee tweeted a female user on a dating app to see the privacy of Facebook users. The employee was subsequently fired.

Alex Stamos, Facebook's chief security officer, said of the incident: "Any employee who abuses these controls will be fired."

If the user's profile is obtained by an outsider, Facebook will alert the user, but when Facebook's own employees do so, the user knows nothing. A spokesperson for the company said: "When unidentified logins from other users occur, or when we detect suspicious behavior, anyone will be alerted."

Some current and former Facebook employees revealed that only a small percentage of people can log in to their Facebook accounts without a password, and most of them are members of the security team. And the permissions and behavior of these people are strictly monitored.

According to one source, these employees have some privileges, and they can see information that appears to the average user as “personal privacy,” such as photos and articles that are only open to friends, unencrypted private messages, and so on.

Facebook officials and former employees of the company have said that employees with this authority can access other people's accounts to troubleshoot technical errors, test new features, or work with government agencies to investigate possible criminal incidents.

A number of former employees revealed that when employees use internal software to access user profiles, they must give reasonable reasons. Afterwards, managers will read the explanations given by them. Usually, employees who use this permission can submit written documents. Application.

A former employee said that in recent years, several Facebook employees have been fired for improperly using this permission to access user data. Any unauthorized access to user data may be the reason for the employee's dismissal, even if the employee is accessing information about his or her spouse or underage children.

However, unlike ordinary users, when a Facebook engineer accesses information about a company employee, the employee receives a reminder.

According to one source, Facebook has created this internal reminder system because Facebook engineers often need to use employee data to test future products or fix technical problems. In 2015, the official name of the tool was changed to "Security Watchdog", but Facebook employees are still more willing to call it "Solon Alert."

This notification system, built specifically for Facebook employees, has been around for many years, and when engineers access their accounts, employees often receive an email or a Facebook page reminder. After receiving the notification, the employee can use an internal bug reporting system or contact the company's security team to ask why the account was accessed.

Legislators, Facebook users and others have expressed concern and dissatisfaction with Facebook. They believe that the company's policies are not rigorous in collecting large amounts of data from users and processing them.

In response to these questions, Facebook provides users with more information about what data they are tracking. And the company also allows users to remove this data. The company redesigned their apps to try to make it easier for users to see which data they are tracking by Facebook and allow users to stop sharing data. This week, the company's CEO Mark Zuckerberg announced that the company will provide users with a tool to view and delete web activity data tracked by Facebook.

But in terms of transparency, Facebook is not doing enough. As for Facebook's understanding of users, ordinary users still have no way of knowing.

Three years ago, Paavo Siljamäki, the director of the record company Anjunabeats and dance group Meet & Beyond, said on his Facebook that when he visited the company's Los Angeles office, a Facebook engineer logged in. His account. Sjamaqi said that although he allowed the engineer to do so, he did not provide the engineer with his own login and login password.

Sjamaqi said: "A Facebook engineer can log in to my Facebook account directly as me and see all my private content, and he does not need to ask me for the account name and password. I can't help but think, there is How many Facebook employees always have this permission, allowing them to log in to anyone's account."

At that time, Facebook responded that they would very strictly monitor the use of all those who have such control, so as to prevent this permission from being abused. Some media tried to contact Sjamaqi this week, but he did not respond to it.

The employee who was fired this week is one of the employees with this permission. On Sunday, security expert Jackie Stokes unveiled the Facebook employee on Twitter. Stokes sent a screenshot of a conversation between a woman and the Facebook engineer.

The engineer told the woman that his work included tracking hackers and identifying the identity of the hacker. Stokes revealed in the interview that the woman said to her: "I am scared. I think she can find my information." The woman refused the interview request.

After Stokes published the tweet, Facebook employees, including the Chief Security Officer, contacted her.