At Facebook's Hacker Party, Can't We All Just Be Friends?
Image: Jon of Bitquark

FYI.

This story is over 5 years old.

Tech

At Facebook's Hacker Party, Can't We All Just Be Friends?

At a Vegas pool party, checking in on Facebook's relationship with the hacker set (it's complicated).

A strong desert wind is blowing my hair into my face and taking the breath right out of my lungs, and I am hurrying toward the Las Vegas Strip, because it is Friday night at Def Con, the giant hacker conference, and I have finagled an invitation to one of the evening's most exclusive events, and its most controversial: the Facebook party.

The fête is being hosted at a splashy nightclub called Surrender Beach at the Wynn Encore, and the doors for entry open at 10:30pm and close firmly at midnight. I've been told to "dress to impress," so I'm overdressed where I am now, on the 6th floor pool patio at Palms Palace, at a party called Queercon, an annual event that started as a small gathering of LGBT hackers and has become one of the official Def Con parties. I was invited to this party by a bunch of straight guys, veterans who told me it was going to be the most important social event of the conference.

Advertisement

Pretty much everyone else in sight is wearing either a black t-shirt ("Information Security Kept Me Out of Prison") or no shirt and jean shorts. I'm wearing an iridescent blue skirt set. Facebook blue, even. Hey, it's Vegas. And more importantly, it's Def Con, where you can wear whatever the hell you want and you might get trolled, but you'll never be really judged.

Queercon. Photo by anonymous

When I arrive at the Facebook event, which, like many company parties here, is geared toward wooing the hackerati, a woman dressed in white meets me by the velvet rope and escorts me past a line of drunken people waiting for entry into one of the other clubs. I follow her into the pool area, which Facebook has commandeered for the night. I'm excited. Will it be lavish and Gatsby-esque? I can't quite see yet, because immediately inside, I'm met by a PR representative for the company. He explains to me how much security engineering the complicated Facebook systems require.

Read More: How Not To Get Hacked At The World's Preeminent Hacker Conference

"Every time someone looks at your page, there are all these checks that need to take place." If you've set your posts to be visible to all of your friends except for one person, you're going to be pretty mad if they show up in that person's newsfeed. And there are teams of engineers who are making sure that's not going to happen.

He's nice but formal, answering my questions about Facebook and privacy and security with statements that seem culled from a press release. This is not surprising, but on some irrational level, I feel like the intimacy between me and the web site he works for should make us… friends. I joined Facebook in 2004, when it was still a novelty on college campuses. Surely that makes me different from the hordes of others who've joined since, right? My User ID says I am Facebook user number 301,636, which makes me something of an early adopter among the estimated 1.32 billion people said to log in at least once a month, right?

Advertisement

My PR host and would-be friend wraps up his discussion with me by saying that Facebook has a privacy team that is growing all the time. "We've built up our privacy team a lot in the past year. It's a priority for us to stay engaged with the community—like Def Con."

The conference has grown tremendously in its 22 years, as hacking has evolved from being a hobby for intelligent kids with an anti-authoritarian bent into the giant, highly-profitable information security industry. Many of the attendees, who started out as teenagers hacking vending machines, arcades games, and long-distance calls, now hold lucrative jobs working at security firms as in-house "penetration testers,"   hacking major corporations in order to find out what the vulnerabilities are and fix them.

As Def Con's founder, Jeff Moss (he goes by the handle Dark Tangent), says: "Twenty years ago, I said if you work for the man, you're an idiot and a loser. Ten years ago, if you don't, you're a loser. And now, I'm the man."

Though Def Con is considerably less political than other, smaller hacker conferences like HOPE, the politics are still vigorous. For a time, the National Security Agency itself had an official presence at Def Con. In an address to the convention in 2012, Gen. Keith Alexander, the head of the NSA promised that the NSA did not collect data on Americans. After the Snowden revelations last July, Moss posted a note on the Def Con website that began, "Feds, we need some time apart." The government's cyber generals were now effectively banned from one of their biggest recruitment fishtanks.

Advertisement

Despite that conspicuous absence, I'm told that this is the biggest recruiting year ever. Google is here. Dropbox is here. Even Nike is here. And of course Facebook is here, and throwing this party, which is notable because not a day seems to pass without some article being published—and circulated on Facebook, natch—accusing Facebook of abusing the private information of its one billion users.

"Facebook throwing a party at Def Con is kind of like the NSA throwing a party at Def Con," a programmer from San Francisco will tell me, summing up the general mood.

"Facebook thinks I'm in Russia right now, because that's what I told them," another attendee, from Texas, tells me. That's about how much information about him he wanted the company to have.

Little booklets are being handed out at the party, explaining the Facebook "bug bounty." If you find something wrong with Facebook's system and responsibly report it, they will pay you cash. "Our minimum reward is $500, but the sky is the limit." Individual researchers have earned over $150,000, according to the booklet.

A little later at the party, an executive for a large internet security firm clarifies that this isn't just a recruiting event. "There's a whole bunch of people in the world who think Facebook is creepy, and this event is about building trust. They're encouraging a lobbyist-type of mentality."

He points out that some of the top people at the organizations that defend privacy are in attendance, including activists and lawyers from the ACLU and the Electronic Frontier Foundation. (In July, the EFF released a free browser tool, Privacy Badger, designed to thwart the tracking of internet users through Facebook and other systems.) "The people are here who are going to write the law on surveillance," he says. It's not evident that Facebook has convinced those people that they're all right, but one thing is true: "They got people to come. There are a lot of people who are privacy advocates who are here."

Advertisement

Surprisingly, though, there's no food or swag. Later, I will hear complaints among some of the guests that the Grey Goose is only mid-shelf. The party consists of many pool cabanas, each of which have their own balcony and their own DIY bar: carafes of mixers and bottles of booze sit on the table next to plastic glasses, where guests mix their own drinks. My first, admittedly paranoid thought when I see this arrangement: roofies. Or, in the spirit of a hacker conference: someone playfully sprinkling each open bottle with a nice, big helping of LSD. Judging from the civilized behavior I'm witnessing at the party, no one seems to have done this.

with girls around, one male attendee said, conversations can go from one about, say, a wifi hack, into a discussion 'about their boobs.'

The only glimmer of the kind of Vegas-meets-Palo-Alto excess I was hoping for is a giant ice sculpture in the center of the party, which a guy with a chainsaw is currently in the process of carving into the word "hack." This is a double entendre, I learn, because this is a hacking conference and also because Facebook's programming language is called "hack." The thing is melting quickly: it's still 90 degrees outside.

Peering around the crowd for a friendly face, I notice that this is the first place I've been since I arrived at Def Con that isn't overwhelmingly male-dominated. It's still mostly men, but there are even enough women that a couple conversations in sight contain just women.

Advertisement

Generally, I find the men at Def Con to be pleasant, respectful, and open-minded. They tell me in reverent tones about the few truly great female hackers they've met over the years. And they are quick to express regret about how few female colleagues they have. One man, lamenting to me that the only female employees at the company he owns are administrators and all 35 security experts are men, said, "I wish at least a guy with a girl's name would apply." The problem, they say, is just that most of the girls who end up in their circles are there just because they want attention.

As a result, conversations can go, as one attendee told me, from one about something awesome like, say, legitimate purposes for a device that intercepts wireless signals, into a conversation "about their boobs."

The only woman who's been hanging out with the crew of hacker guys I've been talking to was quick to give me her hacker credentials when we met. She said she'd been hacking since she was a kid in the Philippines, where she connected her laptop to a local pay phone to use the Internet and where her grandfather taught her how to hack the electric meter in their house so they only paid a $10 electric bill for a three-floor apartment. In the States, she doesn't hack because, "here you go to jail for it." Still, she wanted to make sure I knew she was legit.

"I'm not a scenewhore," she told me, using a term I'll hear again and again in these circles, "because if I were a scenewhore, I'd be posting all about this on social media right now, and I'm not."

Advertisement

At the Facebook party, it's a relief to be around women who don't seem overburdened with conforming to a male aesthetic. I'm pleasantly surprised when I introduce myself to two of them—each in dresses and one whose ring finger was glittering—and discover they are high-level security managers at Facebook.

Promising not to use their names (per company policy), and choosing my words carefully, I ask them what they think about all of the civil libertarians who complain about Facebook on privacy issues.

I realize this isn't the easiest of questions, and perhaps I should have started off with more small talk. But based on other conversations at Def Con, I anticipate several possible responses. One of them might say something interesting. Or, they will give me a polished line that everyone at the company knows to give everyone in the press. The third option: they will tell me that they can't talk about it.

Instead, they seem completely taken aback by my question. They stare at me, as though I have just put a bloody weapon into their hands and called the cops. There is a long, excruciating pause. In a city all about luck, I'm the opposite, a mythical threat so frightening they have only ever heard tell of it.

Finally one of them looks at me and says simply: "I hope you have a good time at this party." The other suggests I talk to the PR guy.

Suddenly I've been dismissed, like an unceremoniously declined Facebook friend request. I pull myself up from the pool chaise and say goodbye. I realize what should have been obvious when I arrived: Facebook doesn't need the press. When one in every seven people on the globe is using your product, PR becomes a game of defense.

Advertisement

Somewhere in the crowd, I intersect with the PR rep, who has apparently already spoken to his colleagues. "They're here to network with engineers," he explains about their awkward response to my question. "They're not in a position to represent the company."

One of them looks at me and says simply: 'I hope you have a good time at this party.' and so i was dismissed, like an unceremoniously declined Facebook friend request.

Later, in an email, the spokesperson will elaborate: "In general, we take a position as a team that communicating with the outside world about security is very important and that it's one of the best ways to improve the industry's practices. We just like to do it when everyone is on the same page."

Most big corporations prohibit their employees from talking freely to the press about their companies. But at a conference as punky as Def Con, the response seemed out-of-place. Instead of dispelling my paranoia, it has encouraged it.

In the weeks before this year's conference, the Internet exploded with discussion about how the company had conducted a "psychological experiment" on its users by tweaking what their News Feeds showed. (Sheryl Sandberg, the company's Chief Operating Officer, apologized that the study was "poorly communicated" and acknowledged that Facebook frequently manipulated what individuals saw, just like most websites do.) This and other recent concerns about user data led activists from the digital rights group Fight for the Future to deliver a petition with 135,000 signatures to the Facebook offices in Menlo Park on August 14th, demanding that Facebook "end its intrusive tracking system," practice greater transparency, and refrain from practicing similar experiments in the future.

Advertisement

But as digital critics like Jaron Lanier have been pointing out for years, there's a strong argument to be made that Facebook users have no one to blame but themselves for its dominion over our data. We are voluntarily divulging our lives and allowing companies to pick up the crumbs we unthinkingly leave almost everywhere we go online.

None of this is new, really. Technological innovation and its discontents is the oldest story in the modern world. The internet is amazing, and the technological advancements of the past decade have made me happy to be alive in interesting times. Over my decade of membership, Facebook has helped me find roommates, friends in foreign cities, business opportunities, told me about a lot of parties I went to and didn't go to, and even—not to say often—helped me torment myself when that's what I wanted to do. But we're kidding ourselves if we don't think that our internet habits are votes we're casting for the kind of society we want to live in. Or if we think that what happens in Vegas, or anywhere, actually stays there.

After the party, I asked Facebook to comment on privacy and security. Another spokesperson pointed out the new Anonymous Log-in option that "gives people the option to log into apps without sharing any personal information from Facebook." He also explained the process by which a search for a television will lead to more ads about electronics showing up on a person's Facebook newsfeed, and assured me that all of Facebook's ads can be opted out of: "If you don't want us to use the websites and apps you use to show you more relevant ads, we won't."

Advertisement

As for Facebook's involvement with the NSA, Mark Zuckerberg has been vocal in his criticism of government surveillance practices, telling a conference, "Frankly, I think the government blew it." (Facebook, along with other internet companies, has sued the U.S. for the right to release documents related to its relationship with the NSA.)

After midnight, I begin to get texts from some hackers I'd met earlier. They're still at Queercon. The party is amazing. Where the hell am I? "Everyone is disco dancing on Molly." "Get your ass here." "There isn't going to be a better Def Con party."

When I finally make it back to Queercon, in the company of a few EFF interns, the eye of the storm has passed. People are still dancing, some are still in the pool, but things are winding down. "You missed everything!" I'm told repeatedly, until it starts to make me feel genuinely sad. It's as though I'm in high school, and I chose to hang out with the popular kids instead of my real friends, and missed the biggest party of sophomore year.

Some of the hackers I've been hanging out with are making fun of me for having missed Queercon in order to hang out with lawyers from the EFF.

"They're not getting out in front of issues," one of them complains about the digital rights group. "The EFF is too reactionary. They're known for, 'If you have a serious case, they tell you to get lost.'"

Among all my excuses for having missed the queer hacker bacchanal, though, Facebook surely strikes them as the most absurd.

They don't even waste their breath. That's simple. "Facebook is not Def Con."

Not long after that, one of them pulls out his phone and invites me to be his friend.

Find Lucy on Twitter at @lucyteitler