Unethical Website of the Month: Lovely-Faces.Com

If the Guinness World Record for smugness and arrogance-holding creators of Lovely-Faces.com’s “logic” became acceptable, kidnapping President Obama would be a dandy way to demonstrate that the Secret Service was incompetent, and triggering a “fire sale” crash of technology-based U.S. systems would be a fine way to show that they are insufficiently protected. Paolo Cirio, a media artist, and Alessandro Ludovico, media critic and editor-in- chief of Neural magazine, claim that their goal of showing how Facebook makes identity theft too easy justifies their means of proving it:  stealing 250,000 Facebook member profiles and organizing them into a new dating site—without the members’ permission, of course.

Yes, it’s true: you may be one of the lucky Facebook members to have your name, location and photos scraped from Facebook and placed into a personality category using a facial recognition algorithm, so online lonely hearts can search for you in your general area.

The fact that you didn’t agree to be featured on Lovely-Faces? It’s all Facebook’s fault, say the site’s creators:

“Facebook, an endlessly cool place for so many people, becomes at the same time a goldmine for identity theft and dating — unfortunately, without the user’s control. But that’s the very nature of Facebook and social media in general. If we start to play with the concepts of identity theft and dating, we should be able to unveil how fragile a virtual identity given to a proprietary platform can be. And how fragile enormous capitalization based on exploiting social systems can be. And it’ll eventually mutate, from a plausible translation of real identities into virtual management, to something just for fun, with no assumed guarantee of trust, crumbling the whole market evaluation hysteria that surrounds the crowded, and much hyped, online social platforms.”

Translation: “We are utter, irredeemable jerks. Gaze upon us and tremble in awe!”

If these guys don’t like Facebook and social networking, let them convince people to do something else, the old-fashioned, ethical way—by making a convincing argument, or providing something better. Their methodology is a variety of terrorism, proving a point by harming innocent people, and setting out to unilaterally destroy what belongs to someone else. Millions of people use and enjoy Facebook, despite its flaws, and the social network’s $50 billion value reflects that and the ingeniousness of its creators. Cirio and Ludovico have no right to interfere.

Facebook’s terms of service require those who want to collect data from its pages to apply for permission, which Cirio and Ludovic did not do. The two uber-jerks say they will take down a user’s profile if a person asks. They shouldn’t have to ask. The site’s inventors seem to believe that because Lovely-Faces is designed to enlighten (that is, give its clever creators publicity and promote their ideas by exploiting thousands of unwilling “volunteers”) rather than profit, everyone should be grateful for their prank.

No, we shouldn’t. The website embodies the worst of ethical thinking: taking the identities of others for their own purposes (a Golden Rule breach), using other human beings to advance their own agenda (a Kantian no-no) and asserting that their ends justify abusing 250,000 Facebook users, which is irresponsible utilitarianism. As with all those who wield rationalizations like machetes, the Lovely-Faces inventors are getting support from similarly ethics-challenged  parties. Ryan Singel of Wired, for example, thinks the two have an “excellent defense” when Facebook’s lawyers attack, because Mark Zuckerberg created Facebook itself by unauthorized scraping personal data from another site. This is  known on Ethics Alarms as the “tit for tat excuse” and to your mother as “two wrongs don’t make a right.”

They do not. Neither law nor ethics works that way: it’s what you have done that matters, not the karma of the one you do it to. Then there are the 250,000 Facebook users whose identities and data are being used without permission. They are just collateral damage to Cirio and Ludovico, who know what is best for us, which in their warped value system justifies their stunt.

People who reason like this are unethical, arrogant, and dangerous, and the undeniable fact that Mark Zuckerberg was a jerk too doesn’t change that fact on bit.

5 thoughts on “Unethical Website of the Month: Lovely-Faces.Com

  1. The only thing unethical was starting up the website. Everything else is not only standard in the software world, but also necessary. If we didn’t have people performing proof of concept attacks on systems on their own, we’d never know which systems are vulnerable. Only the bad guys would get in, and the “good guys” wouldn’t tell anyone, if they even knew. Without the people beind lovely-faces, developers don’t write secure code. It’s not that they don’t want to, it’s that security is expensive, and management doesn’t want to pay for it. Without vulnerabilities being made public, the bottom line beats security every day of the week. On this, I actually have real credentials.

    Now if cirio and ludvico were being good black hats, they would have told facebook about the issue, given them the necessary time to fix it, and then presented a paper on what they figured out how to do. On the other hand, if this was a known flaw in facebook that just wasn’t getting fixed, some shock and awe may have been necessary. Unfortunately, they chose to victimize innocents, and that part was clearly unethical.

    • Firesheep mainstreamed something that was previously only doable by people with some skill and a copy of ethereal (or a million other legit sniffer tools). These were all vulnerabilites that each site has known about for years, and refused to fix. Redirecting an encrypted link to an unencrypted one? At that point, it’s obvious you know you are not secure. Does anyone remember what a big deal it was when google starting allowing full ssl? It was a happy day.

      Was releasing this tool an ethical nono? It’s borderline, but I’d say no. All firesheep really does is put a friendly user interface on existing open source technologies. This isn’t a bomb they dropped, and they didn’t violate anyone’s privacy.

      What’s surprising is how relatively little attention has been drawn to firesheep. It’s considerably more damaging than the vulnerability behind lovely-faces (that just pulls data someone provided, this allows you to become that someone), but it hasn’t gotten as much press.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.