• Embed Doc
  • Copy Link
  • Readcast
  • Collections
  • CommentGo Back
Download
 
 
Appendix 1
 Facebook Technical Analysis Report
Prepared for the Data Protection Commissioner
By Dave O’Reilly
 16th December 2011
 
 153
1. Introduction
The purpose of this document is to provide a technical analysis of certain aspects of Facebook’s
architecture, infrastructure and functionality. The focus of this report is on how the variousfeatures that were studied operate.Wherever possible, sources of evidence have been sought and experiments carried out to validatethat the features perform as described.Every effort has been made to make the test results produced in this report as repeatable aspossible.Unless otherwise mentioned, all tests were performed in a newly installed, fully patched WindowsXP virtual machine with anti-virus software installed. All browsing was carried out using thedefault configuration of Internet Explorer 8 (Version: 8.0.6001.18702). A snapshot of the newlyinstalled virtual machine state was taken and the snapshot was restored before each testdescribed within this document, except where explicitly explained otherwise.New test Facebook accounts were created as required.In order to verify certain claims, aspects of the Facebook source code have been examined. Sourcecode examination took place by examining the content of the Facebook source code repository. Allexaminations were carried out on the trunk of the repository, representing the currently deployedcode base.The code examined was PHP, which is compiled into C++ binaries for deployment.
 
 154
2. Contact Importing
2.1 Background
When a user creates a Facebook account, they have the opportunity to import their contacts froma range of email service provider
s into Facebook. It is possible that the user’s contacts will include
both users and non-users of Facebook. As well as sending friend requests to existing Facebookusers, the user performing the contact import has the opportunity to invite the non-users to joinFacebook and become friends.If the user sends an invitation to a non-user, this will cause the non-user to receive an email fromFacebook containing a link that will allow the non-user to create a Facebook account.The non-user can ignore this email if they do not want to join Facebook. A link is provided in theinvitation email that allows the non-user to choose to opt out of receiving subsequent invitationrequests from Facebook.It is possible that a second Facebook user could import the same non-user email address.Assuming that the non-user does not choose to opt out of receiving invitations, a second invitationcould be sent to the non-user by the second Facebook user. The second (and subsequent)invitations may include reference to other Facebook users that the non-user may know.
2.2 Storage and Removal of Contact Data
The data structures within which imported contact information is stored have been reviewed. Nodistinction was apparent in the storage structures based on whether the contact information wasthat of an existing Facebook user or a non-Facebook user. These data structures are not the same
as the data structures used to store a Facebook user’s profile.
 The imported contact information appears to be stored in the following way(s):
 
Each time a user performs an import, the imported data is added to an array of imports,one entry for each set of imported data. Each entry in this array consists of a data structurecontaining an array of the contact names and a corresponding array of the contact email
addresses. This information is associated with the importing user’s Facebook account.
 
 
A data structure consisting of a hash of the email address of the imported contact and astring consisting of a comma separated list of Facebook user IDs for users that haveimported that particular email address.
 
The contact information is stored in the data structure representing the user’s address
book.
 
The contact information is also stored in the data structure representing the user’s phone
book.No other techniques for the storage of contact information about non-Facebook users have beenidentified.By examining the source code it has been confirmed that upon receipt of a user request to removeall imported contact data, the following steps are carried out:
of 00

Leave a Comment

You must be to leave a comment.
Submit
Characters: ...
You must be to leave a comment.
Submit
Characters: ...