Looks like it's connected with the ad agency Evolution Bureau ("EVB") (clients: [1]), the same people who did the Office Depot-braded "Elf Yourself" sensation [2].
Why do I think it's EVB? This is the only other site on the same IP as manipulation.com, and manipulation.com is registered clearly to EVB. The agency's creative work is consistent with this project too.
It was Jason Zada (http://jasonzada.com/) a Commercial and Music Video director who may have one point been at EVB (and was the one who registered manipulation.com) but apparently he's now at Tool of North America.
Surprising, because I'd totally forgotten about it and really wanted to see what this was all about (after reading some of the comments here).
So I thought to myself 'ok, this once' knowing I'd be sticking my head out. It took me a minute or two to realize the cause and I thought that was a nice side-effect of solving this at the DNS layer, even when you're momentarily stupid this will still create enough of a barrier that you'll stop to think a bit longer.
I didn't know about the ghostery extension, so thanks to the person that posted that, that's another good solution.
FB has had its use for me (it found a bunch of long lost people), I haven't been back since.
i'm guessing that you actually have a bunch of other sites blocked in your hosts file, as well. on the assumption that you do, do you ever see any network performance issues related to this? i used to maintain a rather large hosts file for this purpose, but eventually gave it up because i suspected that it had started doing more harm than good.
Some of these hostnames are quite arcane to me (peace.facebook.com); did you get them from a list somewhere or did you identify each one of them yourself?
Good point. I'm pretty old school so the hosts file was my first line of defense. I didn't know about ghostery until this thread so that's installed now as well.
I saw a Second City improve last winter, and one of the better sketches exploited Facebook similarly, albeit in a more lighthearted and humorous way.
Prior to the performance they would find an audience member's Facebook page using their credit card or mailing address (presumably), and write a sketch based on the details extracted from his or her page.
They incorporated the lucky patron's inevitable reaction into the sketch under the pretense of reprimanding him for disrupting the show. After letting him squirm a bit under the spotlight, the punchline was projecting his Facebook page on the screen across the stage.
Indeed. So basically someone made a very high quality video of a creepy dude in a dark room creeping on Facebook and getting really mad. Then (with some special effects they used) they make it look like (almost perfectly) the guy is viewing your profile page, looking through your photos, and creeping on your friends. Then he maps your last known location on Google Maps, looks right at you, and drives over to your house.
not to mention that, in the car, he has a print out of your profile picture, and a screwdriver (or is it a box cutter) in his hand as he exits the car.
I'm betting its a lollipop in his hand. The video doesn't make it clear but the ending title screen shows a lollipop taped to something so I feel like that was a hint.
It's an example of how much personal data you actually leak through Facebook illustrated through a movie of a crazy serial killer browsing Facebook, with nicely done overlays of your actual personal data that the app pulled from you.
Serial killer? That's just your assumption, based on video editing. Remember the scene in Men in Black, where Will Smith is asked to shoot cardboard aliens and shoots a little girl instead?
HN Against Prejudice! :-)
(showed TakeThisLollipop to my gf, who freaked out and immediately deleted all fb apps... so prejudiced!)
Since when does "leak" equate to "explicitly grant permission to access"?
It is not like the app is getting information that some random hacker can access, at least if you have any privacy controls set on your Facebook profile.
Right, because Facebook would never change their privacy policies on a whim without giving users warning ahead of time. At least they probably won't. Anymore. Well, only if they really need to.
For me, this was rendered hilarious by some of the images people have tagged me in on Facebook that don't actually have me in them. Seeing the serial killer erotically stroke a picture of a T-Pain coffee mug is rather amusing.
That being said, is there any way I can be sure besides the disclaimer that this isn't actually saving/using my personal data outside of the video? I guess that's part of the point, that I really can't, though.
It's a facebook app. It asks your permission to access pretty much everything on your profile and when you finally accept it cuts to a fullscreen, high production video of an incredibly creepy actor on a computer in a really dingy room. It then cuts to the computer screen and shows the creepy guy scrolling through your profile page in a very realistic manner as well as clicking through some of your photo's and friends. The guy looks more and more irritated and angry and he goes and looks up your location on google maps (with mixed results, mine was relatively close).
It then cuts to him driving with a picture of your profile pic stuck to his dashboard, the whole time you get the feeling this guy is tracking you down with the intention of hurting you.
Really creepy and incredibly well done and surprisingly not obvious in terms of what they are promoting.
No idea to tell you the truth. This is probably one of those 'build the hype, keep people guessing' campaigns and eventually it will all come out.
There really was nothing in the clip that indicated any form of a product or brand. It could be a movie teaser or a teaser for a TV show and if it is, I for one will watch it.
It's extremely creepy -- I watched a video on YouTube rather than sharing my own data, but I can imagine it.
They should consider adding a "trigger" warning, though, so rape survivors and so on can realize they're signing up for something that may be extremely upsetting and has nothing to do with lollipops.
Dunno if they thought about it and don't want to ruin the surprise for people who'll have more expected responses; but it's unfortunately one of those things that's going to be passed around with no more description than "hey check this out it's very educational".
I had the same. I looked at it in chrome inspector and it turned out the reason was that I didn't allow the 2nd set of access rights, because it said it was optitional.
Why would anyone authorize Facebook access for a random site like this? No privacy policy, no about page, no terms. You have no idea what they're actually doing with your data.
That was amazing. You know its a joke.. but the production value is so high your can't help but be really creeped out by it. I have removed every app which I have signed up to from accessing my Facebook account. I have also bolted my front door.
This. It's very well done and all, but what is the point? That if you explicitly allow access to one specific application, that application will have access? Or is the creepy guy supposed to be the app developer?
A better idea (maybe not possible, I dunno) might have been to have different things happen based on your privacy settings. That would actually call people's attention to something they should care about, instead of just fear-mongering to everyone regardless.
If you care about your privacy settings and lock them down. you are (probably) not the target audience. And part of a minority anyway.
Speaking of which, how many of your FB friends would grant ~impersonation~ rights to an app without lots of thoughts? And - could that app then, using your _friend_ as proxy, play this particular game of fear with you?
One interesting thing about how this was designed, it for some reason doesn't get your location from your facebook profile. It uses your IP address, which led to hilarious results because while my facebook rightly says where I am, I was using a SOCKS proxy to access this in a different city and when it showed him looking at a map it showed the route to my SOCKS proxy instead of me.
I guess I'm safe and the crazy guy won't kill me :)
Not by IP, FWIW. I'm in Mountain View but the guy seemed to want to find me in Reykjavik, Iceland, where I'm from. (I moved to the Bay Area a month ago, but haven't update my FB)
This guy over here [1] claims the video tracked his last foursquare check-in. I'm guessing the location algorithm tries to find a best guess of where you might be — hence the inconsistent results.
I don't think the Facebook API allows you to find your location (although it is possible to retrieve your Facebook location by scraping the Security page for your current login session (which displays your location)).
Also, the location data that is displayed on that page is kind of inaccurate (it says I'm in another state).
I wonder if it would be possible to for the app to send you an sms (or even call you!) with some creepy "I'm outside, baby" message at the end of the movie.
It's nice that you can disallow the permissions granularly, for example, I didn't mind it accessing all my data, but posting AS me on facebook? No. Disabled. Happy days.
I'm not sure that it is, but now that you mention it I feel like this could actually be a REALLY effective viral media stunt for a new TV Show/Movie...
If you don't want sites like this to view your stuff, please also set the privacy setting for applications your friends use to a better one. Or else you would be next.
P.S. Since you connect to that application by yourself, that is pretty clear that they can read your friends list, your feed and post as you.
There isn't an "X5" postcode here, nor is it anywhere near where I was last time I did a location based update. The inaccurate google map thing is what made me lul.
I don't think I get it... when I let a facebook app access my facebook, it can... access my facebook and look at my pictures? anyone can look at my pictures, anyways. i'm missing something here
1) Of course, you _can_ allow everyone to see your pictures. That's not necessary though and one of the (many) privacy concerns this site seems to focus on. If you share your pictures, you share a HUGE amount of data. Ignore the passed out/joking stuff, you might tell me a lot about your place (expensive stuff in the background? pictures that show a street name?) and your habits (always going to his parents on weekends. currently on vacation). This is, in theory, very easily exploitable, for someone with a criminal mind and the balls to pull of a stunt.
2) Regarding Facebook apps: Well, don't allow those to access your data? You saw what this app did (and automatically, without a human involved). It can exploit the date your coughing up every day in ways that you probably didn't think about before.
Bottom line: If you're the 'share with everything and play any FB game' type this might not shock you, but others might wake up and stop being very careless with their own private data.
I think it's that you're giving them access based on a picture of a lollipop, while having absolutely no idea who you're giving that access to. Never take candy from strangers.
Why do I think it's EVB? This is the only other site on the same IP as manipulation.com, and manipulation.com is registered clearly to EVB. The agency's creative work is consistent with this project too.
[1] http://evb.com/work/ [2] http://elf.evb-archive.com/