|
|
|
|
|
|
by dntrkv
54 days ago
|
|
|
> I was told that by default all user data is level 4, as in if you do anything without decent approval, you're insta fired. There are many stories about at least one person a month during boot camp accessing user data and getting escorted out of the building within hours. Given the size and nature of Meta's business, I would assume they would have better systems in place. SWEs should only have access to PII with explicit consent from users/customers e.g. support tickets. Especially someone going through boot camp. Do they have access to de-anonymized user data during training? Shit, at my last company I had to jump through so many hoops to access user data even with consent from the customer. |
|
|
They did when I was there. every time you got close to user data an "interstitial" would pop up asking you for a ticket number and justification. There were a bunch of tools that ran searching for people accessing user data.
For example in boot camp you'd create a page that pulled your profile details. this was to introduce the idea of "ents" (the API that manages the social graph) and mercurial. You could, if you wanted to then traverse your friend graph. as soon as you did that, it'd trigger one the automated rules and your account would be suspended and you'd be yeeted within hours.
The point was, if you were doing something legitimate it was fine, but if you stepped out of line, the automated systems would find out and fire you on the stop.
also as everything is done through remote dev boxes, _everything_ is recorded (along with all the files on your laptop, and the regular screenshots, plus all the browser history and keystrokes) Data exfiltraition is super hard, hence why there are hardly any "angry nerd extorts girl" type stories. Its not because meta isn't full of angry nerds, it because its really really difficult to get at user data without getting caught.