Facebook is currently in the process of making major changes to the platform and the way the company handles users’ data. The company has announced a number of policy changes and most recently the platform announced a new ‘Clear History’ button which would allow users to check which website and apps share information with the platform and delete all the shared information, just like the way they clear their browser history.
Despite the policy changes and new tools, Facebook’s employees have more control over their data, and other users’ data, than the users themselves. As a recent report from WSJ points out, when Facebook employees access the profile of fellow employees, the targets get an alert from the company. The alert, which is internally referred to as a ‘Sauron Alert’ based on the all-seeing eye from the Lord of the Rings universe, notifies employees that their profile has been accessed by someone else.
The fact that Facebook employees get such alerts which are not extended to the general users is quite ironic, especially at a time when Facebook is struggling to decide how much to disclose to users about how their data is handled. The report quotes a Facebook spokesperson who claims that the company had considered extending the feature to all users:
“In thinking about how we could do something similar for everyone, there are a number of important considerations that come into play – for example, how we can avoid tipping off bad actors or hindering our work to prevent real world harm in cases of abuse or other sensitive situations”.
While Facebook does alert users if they’ve been hacked, the platform doesn’t send alerts if an employee accesses their account. However, it’s worth noting that only a handful of Facebook employees have access to other users’ accounts and their activities are closely monitored by the platform.
Facebook has fired a number of employees for unauthorized access, including a recent account where a security engineer bragged about accessing user data on Tinder, which eventually led to his termination from the company. The employees have to have a concrete reason to access another user’s account and in cases where the reason isn’t justified, accessing another user’s account is a fireable offense.
