Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook App Exposes Abject Insecurity

Posted by CmdrTaco on from the pay-no-attention-to-the-hole-in-my-pants dept.

ewhac writes "Back in June, the American Civil Liberties Union published an article describing Facebook's complete lack of meaningful security on your and your friends' information. The article went virtually unnoticed. Now, a developer has written a Facebook 'Quiz' based on the original article that graphically illustrates all the information a Facebook app can get its grubby little hands on by recursively sweeping through your friends list, pulling all their info and posts, and showing it to you. What's more, apps can get at your information even if you never run the app yourself. Facebook apps run with the access privileges of the user running it, so anything your friend can see, the app they're running can see, too. It is unclear whether the developer of the Facebook app did so 'officially' for the ACLU."

4 of 205 comments (clear)

  1. Re:Really? by automag · · Score: 5, Informative

    The problem isn't so much that public information is public, it's that Facebook represents itself as secure and private to its users and then leaves the barn door open for developers, betraying that trust. Should Facebook users be more cautious? Absolutely. But most Facebook users are sheep-le who won't give a second thought to this kind of thing. If someone wants to leave their own information open and public that's one thing, but when they leave their entire network of 'Facebook friends' information public by proxy (even if their friend has done everything 'right' in terms of securing their information) that's where the real problem lies.

    --
    ---As my daddy used to tell me: "You gotta be smart before you can be a smartass."
  2. Re:some advice by Panzor · · Score: 5, Insightful

    The thing that annoys me is when someone ELSE posts my picture on the internet. It takes a community to keep an individual safe, and the facebook community is quite security inept.

  3. Yes, ordinary people are stupid regarding privacy by RIpRapRob · · Score: 5, Interesting

    But here is what Facebook tells their users:

    Facebook Principles

    ...

    We understand you may not want everyone in the world to have the information you share on Facebook; that is why we give you control of your information.

    ...

    Facebook follows two core principles:

    1. You should have control over your personal information.

    Yeah, there is a lot of 'small print' too, but why wouldn't the average user expect the information they put on Facebook to be private, unless they change some (default) setting?

  4. Re:Really? by Seumas · · Score: 5, Insightful

    But you might discuss them with your friends. Until you discover that your friend lets everyone on earth into their house any time they want (ie, run Facebook Applications) and one of those people (applications) has installed a listening device in the lamp and everything you thought you were discussing with your private group of friends is actually being directly pumped to some third party who is not your friend.

    People throwing the "imagine that, information on the intarwebs is public!" line are being disingenuous. It's like saying you have no reasonable expectation of privacy in your email communication, just because it technically *could* be intercepted. Or that using online banking proves you're an idiot, because your login information *could* be compromised if someone got physical or root access to the bank's database server.

    The nature of facebook, like many other things people use, implies a certain degree of privacy and control over your exposure. It's not at all the same as just blathering all your crap on a public forum for all of google to index and serve up somewhere.