I'm excited about this. Facebook has aggressively evolved its Security org over the years and they have given security a whole new level of focus in the past few years. I was there for 8.5 years and watched them grow and reinvent themselves a few times. I think FB's Security team is one of its crown jewels and it's great to see Alex joining FB. This will shake things up further and will likely lead to more great things.
Alex is a great guy (from a security point of view). But I wonder how 1 guy can change how X employees develop applications securely. Replace X by the number of facebook employee.
Really, I wonder how one guy can change how a company can develop secure applications
My immediate reaction is, if they hire someone that has great security knowledge, they'll be better placed to compromise mine; their business model seems to be pillaging my data and selling ads, same with Google.
If by security you mean the organization that gives data to the police willy-nilly and not any sort of org dedicated to protecting user data. FB has no security (user data) ; no org, no culture, barely any tooling, and no corporate intent.
Respectfully, you don't sound very well informed and your reply is pretty emotional and negative. Did you actually work on or with FB's Security team? If so, when?
It's irrelevant if you worked on the team. Facebook is a profiling tool. Its users have traded their privacy for convenience. Please tell me that Facebook doesn't track people using the Facebook banners/IP address combinations... or better yet, tell me that Facebook isn't the ONLY one that does it as a justification for selling people's personal data.
Facebook is only worth 100bn because it sells peoples' personal information.
Am I jaded? Not at all. I am a realist. Facebook is primarily a monitoring tool that monetises itself on selling people's personal information.
> "Facebook is only worth 100bn because it sells peoples' person information"
What does that have to do with the security that Facebook has put in place to protect this info so only they can sell it? These seem like orthogonal discussions. You're arriving at the conclusion that Facebook security sucks because it sells peoples' data. That is an illogical argument.
