Chuck Norris and Facebook privacy

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Chuck NorrisControversy has stirred up on the internet regarding an interview posted on The Rumpus website with what is claimed to be an anonymous Facebook employee.

The interview claims that Facebook tracks every move you make on the social networking website. In other words, every time you look at a friend’s profile, send a poke, or take any other action on Facebook, the action is recorded.

From this data, Facebook could – potentially – be able to determine which of your friends you interact with the most, whose photo galleries you check the most often, etc. You can probably imagine the possible privacy implications of this.

And you thought there might be a lot of CCTV cameras in your town..

Sign up to our free newsletter.
Security news, advice, and tips.

In addition, it was alleged in the interview that a universal master password existed that allowed Facebook employees to log into any user’s profile. And what was that password? A corruption of the phrase “Chuck Norris”, the cult action movie star.

Transcript from interview with alleged Facebook employee

In other words, if we are to believe the interview, the master password could have been something like:

{hu[k N0rr15

Lets assume for the purposes of this discussion that the “Chuck Norris” claim is true. Is this a cause for concern?

Well, I would worry if such a powerful, single universal password was available to multiple employees for a period of time. Yes, it’s good that its use was restricted so it could only be used from the company’s own computers (or IP range) to prevent it from being used by third parties – but surely there should be different passwords for different employees – making it easy to remove access rights to workers who no longer needed the ability to log into any user’s account, and to make it easier to log precisely who accessed the account rather than just “Chuck Norris”.

From the sound of things, Chuck Norris can no longer log into your Facebook account (if the claims in the interview were ever true at all). And we can only hope that there is greater control today over what Facebook staff can do and see in regards to individuals’ accounts, as the potential for abuse is high. I would also hope that there’s an official process that Facebook staffers need to go through to seek permission to access a particular user’s profile, rather than being left to the individual worker to decide.

But ultimately there’s a warning for all of us here.

The more information you share with the internet the more data you are potentially handing over for others to see. The recent changes to Facebook’s privacy settings, made clear that the company’s philosophy is leaning much more heavily towards encouraging users to allow their personal information to be shared with everybody on the internet, not just their approved friends.

Oh, and once information is shared with everybody on the internet – that actually means “everybody forever”. Don’t forget that.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.