Facebook are looking at your account, without asking
And so, to one Facebook user who paid a visit to the social network's offices in Los Angeles, who saw something that gave him the willies, and will prompt some of you to pop your tinfoil hats on and start shouting "TOLD YOU SO!"
Making, ironically, a post on Facebook itself, Paavo Siljamäki noted that a Facebook engineer logged straight into his account, but without using a password.
He said: "Popped to Facebook offices in LA, the nice people there were giving us good advice on how to use Facebook better. I was then asked if i'm ok for them to look at my profile, i said 'sure'. A Facebook engineer can then log in directly as me on Facebook seeing all my private content without asking me for the password."
"Just made me wonder how many of Facebook's staff have this kind of 'master' access to anyone's account? What are the rules on who and when they can access our private content and how would we know if someone did? (My facebook did not notify me that someone else accessed my private profile)."
Over at NakedSecurity (not as fun as it sounds), they asked FB about this, and got this reply: "We have rigorous administrative, physical, and technical controls in place to restrict employee access to user data. Our controls have been evaluated by independent third parties and confirmed multiple times by the Irish Data Protection Commissioner's Office as part of their audit of our practices."
"Access is tiered and limited by job function, and designated employees may only access the amount of information that's necessary to carry out their job responsibilities, such as responding to bug reports or account support inquiries. Two separate systems are in place to detect suspicious patterns of behaviour, and these systems produce reports once per week which are reviewed by two independent security teams."
"We have a zero tolerance approach to abuse, and improper behavior results in termination."
So there you have it. Some will argue that this is Facebook accessing the innards of your profile like a bank accessing your current account or whatever, while others will see this as a flagrant abuse of power by a company who already has a chequered history.
Should we be asking more questions regarding matters like this, or do we just accept that, posting things online is our deal with the devil and that nothing is private?