Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Facebook App Exposes Abject Insecurity

CmdrTaco posted about 5 years ago | from the pay-no-attention-to-the-hole-in-my-pants dept.

Social Networks 205

ewhac writes "Back in June, the American Civil Liberties Union published an article describing Facebook's complete lack of meaningful security on your and your friends' information. The article went virtually unnoticed. Now, a developer has written a Facebook 'Quiz' based on the original article that graphically illustrates all the information a Facebook app can get its grubby little hands on by recursively sweeping through your friends list, pulling all their info and posts, and showing it to you. What's more, apps can get at your information even if you never run the app yourself. Facebook apps run with the access privileges of the user running it, so anything your friend can see, the app they're running can see, too. It is unclear whether the developer of the Facebook app did so 'officially' for the ACLU."

cancel ×

205 comments

Sorry! There are no comments related to the filter you selected.

Really? (4, Insightful)

Jurily (900488) | about 5 years ago | (#29163933)

Public information is public. News at 11.

Re:Really? (5, Informative)

automag (834164) | about 5 years ago | (#29164003)

The problem isn't so much that public information is public, it's that Facebook represents itself as secure and private to its users and then leaves the barn door open for developers, betraying that trust. Should Facebook users be more cautious? Absolutely. But most Facebook users are sheep-le who won't give a second thought to this kind of thing. If someone wants to leave their own information open and public that's one thing, but when they leave their entire network of 'Facebook friends' information public by proxy (even if their friend has done everything 'right' in terms of securing their information) that's where the real problem lies.

Re:Really? (4, Insightful)

Jurily (900488) | about 5 years ago | (#29164033)

but when they leave their entire network of 'Facebook friends' information public by proxy (even if their friend has done everything 'right' in terms of securing their information) that's where the real problem lies.

You're assuming that all these people only have 'friends' they actually know and trust.

If you put it up for others to see it, others will see it. It's that simple.

Re:Really? (4, Insightful)

automag (834164) | about 5 years ago | (#29164157)

You're assuming that all these people only have 'friends' they actually know and trust.

If you put it up for others to see it, others will see it. It's that simple.

No, actually whether a user has friends they 'know and trust' is completely moot. On Facebook someone can have their information handed over to a 3rd party developer by anyone in their network, whether they're someone trusted or not. "A strange game. The only winning move is not to play."

Re:Really? (3, Insightful)

Jurily (900488) | about 5 years ago | (#29164303)

I merely assumed that people putting up information specifically for the purpose of others reading it, will consider the fact that other people will read it.

You announce your birthday or put up an invitation to a party, but you don't put the steamy details of last night up there.

Re:Really? (5, Insightful)

Seumas (6865) | about 5 years ago | (#29164711)

But you might discuss them with your friends. Until you discover that your friend lets everyone on earth into their house any time they want (ie, run Facebook Applications) and one of those people (applications) has installed a listening device in the lamp and everything you thought you were discussing with your private group of friends is actually being directly pumped to some third party who is not your friend.

People throwing the "imagine that, information on the intarwebs is public!" line are being disingenuous. It's like saying you have no reasonable expectation of privacy in your email communication, just because it technically *could* be intercepted. Or that using online banking proves you're an idiot, because your login information *could* be compromised if someone got physical or root access to the bank's database server.

The nature of facebook, like many other things people use, implies a certain degree of privacy and control over your exposure. It's not at all the same as just blathering all your crap on a public forum for all of google to index and serve up somewhere.

Re:Really? (1)

Jurily (900488) | about 5 years ago | (#29164843)

It's like saying you have no reasonable expectation of privacy in your email communication, just because it technically *could* be intercepted.

You have no reasonable expectation of privacy in your email communication.

Re:Really? (4, Insightful)

Jeremi (14640) | about 5 years ago | (#29164943)

You have no reasonable expectation of privacy in your email communication.

I think you don't understand the concept of "reasonable expectation of privacy". It's not a technical idea meaning "this data is secure". It's a social/legal idea, meaning "third parties are supposed to know that this data is private, and so they should keep out of it even if they are technically able to look".

By that measure, you certainly do have a "reasonable expectation of privacy" for your email. For example, if your ISP started posting your emails to a public web page, you would have grounds for a lawsuit. Therefore, you can "reasonably expect" that your ISP won't do that.

Re:Really? (1)

Seumas (6865) | about 5 years ago | (#29165183)

It's like saying you have no reasonable expectation of privacy in your email communication, just because it technically *could* be intercepted.

You have no reasonable expectation of privacy in your email communication.

Please clarify exactly how one has no reasonable expectation of privacy in their email communication?

Re:Really? (0)

Anonymous Coward | about 5 years ago | (#29164855)

You announce your birthday or put up an invitation to a party, but you don't put the steamy details of last night up there.

I don't have any steamy details, last night or any night, you insensitive clod!

Re:Really? Really! (1)

runningduck (810975) | about 5 years ago | (#29164643)

Just like at the doctor's office; if you let others see your junk or take pictures using their network connected fancy junk picture taking machines then its on the network for everybody on a network to see.

Re:Really? (1)

Runaway1956 (1322357) | about 5 years ago | (#29164757)

Mod parent up some more, 5 points isn't nearly enough.

Personally, I give less info to my "freinds" than is commonly available as public information on Facebook. I don't use apps - most of them are to silly to bother with, and the rest are vectors for dataminers and/or malware. Who needs them?

Re:Really? (2, Interesting)

flajann (658201) | about 5 years ago | (#29164191)

As a Facebook Developer myself, I have something to say on this.

It would be really tough to have the type of security everyone wants, AND have these FB apps to be useful. Tradeoffs, guys. The whole idea in most of these FB apps is the sharing of data between friends, which means the Application will have access to much.

You could have fine-grained security controls exposed to the user, but this would make FB security confusing to most of its users, and it also would hamper the applications and what they can do.

And if you were to implement such stringent security procedures now, it would break many of the apps in use.

I think it's safe to say that never put anything on Facebook that you wouldn't feel comfortable with the whole world seeing. And that goes for the Internet in general.

But, every time you install an FB app, it DOES ask you if you wish to allow the app to have full access to your information. So, if you don't feel comfortable, don't click that button!

Having said that, there should also be some ethical guidelines for FB developers.

Re:Really? (4, Informative)

betterunixthanunix (980855) | about 5 years ago | (#29164313)

"But, every time you install an FB app, it DOES ask you if you wish to allow the app to have full access to your information. So, if you don't feel comfortable, don't click that button!"

As the app in question demonstrates, you do not personally have to install an app in order for the app to see your Facebook information; a friend who installed could give it the same level of access.

Re:Really? (4, Insightful)

RalphSleigh (899929) | about 5 years ago | (#29164327)

The problem is that even without you authorising any applications, as soon as any of your friends take a quiz, that application can see anything about you your friend can. The what length of wood is your dog like quiz has no need of this info, but its not simple to disable its access.

You can turn off this behavior, but only if you don't have any applications authorised yourself (I have an application I have written to fill a box with content from an external site on one of my pages, I can't have this on my profile or access the developers network app AND block quizzes from reading my info at the same time).

Trusting all your friends/networks not to do things that will compromise your privacy is also a non-stater.

Re:Really? (2, Insightful)

automag (834164) | about 5 years ago | (#29164335)

It's a fair point... People join Social Networking sites because they want to be social. I think you're probably right that the 'solution' has more to do with the developers than the users.

Re:Really? (4, Insightful)

maharb (1534501) | about 5 years ago | (#29164461)

What about providing a checkbox for users that says "don't give out my information to anyone but friends". I am a facebook user because of what I can only call peer pressure. I would like it if no one had access to my info except friends but facebook lacks that option. I don't care about apps so why can't I remove myself from this pool of data.

"But, every time you install an FB app, it DOES ask you if you wish to allow the app to have full access to your information. So, if you don't feel comfortable, don't click that button! "

The issue here is that if one of my friends trusts an app then they have access to MY data. Why should this be allowed with no way to turn it off. Like I said before, I don't want to participate in the app frenzy of facebook at all. I would be perfectly happy to lose the functionality of the apps for privacy.

"I think it's safe to say that never put anything on Facebook that you wouldn't feel comfortable with the whole world seeing. And that goes for the Internet in general."

If that is what facebook and developers think about millions of people's private messages, photos etc they are going to be in for a huge struggle later. People don't realize their facebook info is up for grabs so easy. Once someone publicly demonstrates how much developers(anyone) have access to and the response from facebook is "you should have known" there is going to be a mass exodus from the service or demand for what I am advocating. The idea that information on the internet should be treated as public information is a flaw in logic and a step back for using the internet for more things(like healthcare). This is about security, permissions etc. You can keep information 'safe' on the net. I know hackers can get the info, but I am talking about not giving it out freely.

As a developer I get what you are saying. You can't provide functional apps without the data. You have to realize though that there are other perspectives, ones that may be more important than what a developer wants. As a customer of facebook, and possibly you and your apps I say I don't like what you want from me. That should be a red flag.

Re:Really? (3, Interesting)

Seumas (6865) | about 5 years ago | (#29164727)

Actually, facebook is very misleading in this way. There ARE options to make each element of your information *ONLY* available to friends. Or even to nobody.

Unfortunately, their Facebook Application API directly violates the spirit of that by making it available to people other than your friends.

The single most awful thing about facebook is the wealth of Applications. They're all crap and at best they're annoying. Every time I see some jack ass wasting my time (because it posts that they are using an app to my information stream) doing another "what kind of dog turd are you?" quiz, it makes me hate humanity just a little bit more.

Re:Really? (1)

krou (1027572) | about 5 years ago | (#29164627)

It would be really tough to have the type of security everyone wants, AND have these FB apps to be useful.

Wait ... there are useful Facebook apps?? ;)

Re:Really? (0)

Anonymous Coward | about 5 years ago | (#29164265)

http://failblog.org/2009/08/22/facebooking-win/ [failblog.org]

Sorry, it has absolutely NOTHING to do with how secure Facebook says it is. People are just retarded online and the pic above proves it 100%.

Re:Really? (1)

access.name (1198513) | about 5 years ago | (#29164351)

That wasn't the user, her account was compromised by btards after they hacked a christian dating site. See this [thecoffeedesk.com] or do a google search for "4chan hacked facebook".

Re:Really? (0)

Anonymous Coward | about 5 years ago | (#29164623)

Ok, so how did 4chan get her password for her Facebook account from that christian dating site again? Oh yeah, she was retarded and kept the same password for her accounts. My point is proven. Next!

Re:Really? (2, Insightful)

WCguru42 (1268530) | about 5 years ago | (#29164527)

But most Facebook users are sheep-le who won't give a second thought to this kind of thing.

It's less so that they're "sheep-le" and more so that they are not aware of technology. It's kinda like sending your car to the repair shop when you don't know shit about cars. My friend recently got bilked out of $500 because he was told he had to replace his part with a "certified" component. My friend didn't know any better so he went with what sounded reasonable but in reality it was a rip off. The same goes for most users of facebook, they don't know jack shit about computers, the internet, etc. and they don't know that when facebook updates their security measures that it's really just lip service.

Re:Really? (1)

Runaway1956 (1322357) | about 5 years ago | (#29164861)

*sigh* I lack sympathy. Let me get this straight. I know jack about aircraft, but I'd like to own one. So, I trot my happy ass down to the airport, find a pretty plane (with PONIES even!) and hand over my hard earned cash. Climb in, fire it up, and drive it into the trees at the end of the runway. This is whose fault, exactly? Is it the guy who sold me a plane? Was it his responsibility to investigate my background, to find out whether I even had a pilot's license? Was it his job to teach me about planes? Was it his job to inform me that the little single seater wouldn't lift off with all those ponies in the cargo bay?

If people are going to be on the web, they should at least have a clue about what the web is.

Re:Really? (1)

jslater25 (1005503) | about 5 years ago | (#29164979)

What, you mean 'personal responsibility'? They don't even teach that in schools. Why would someone in this day and age claim responsibility for their own actions?

Re:Really? (1)

Jeremi (14640) | about 5 years ago | (#29165007)

If people are going to be on the web, they should at least have a clue about what the web is.

That would be nice, but face it -- if the only people who used the Internet were the people who had the time, brains, and inclination to understand how the Internet works, there wouldn't be an Internet.

Hell, I'm willing to bet that 75% of the people on this very site (subtitle: "News for Nerds") would have trouble identifying a privacy leak before they stepped in it. Myself included.

Re:Really? (0, Troll)

Runaway1956 (1322357) | about 5 years ago | (#29165105)

Point taken. I could look at the code for any given program, and fail to see the most glaringly obvious security flaws. What sets me (and, presumably, most slashdotters) apart from the herd is, we are willing to read, willing to investigate, willing to make decisions, and we decide who to trust, and who not to trust. I don't need to understand the flaws in Java or IRC to understand articles published all over the web stating something to the effect, "ApplicationX versions prior to 1.6 have been found to be insecure due to a buffer overrun, please update to version 1.7"

The average windows home user implicity trusts everything he sees on the net. "Your computer could be infected with viruses, please run our free scanner". He never even looks to see who is offering the scanner, he doesn't search for that company, he just clicks it, runs it, then downloads the trojan offered when viruses are found.

I've clicked a couple of those things to see what they might find on my Linux boxes. Amazingly, they found all sorts of stuff on my C: Imagine that.....

Missing the point (1)

CarpetShark (865376) | about 5 years ago | (#29164577)

Public information is public. News at 11.

This is hardly the point. The main point is that people WANT TO and SHOULD be able to publish their information to those they choose, without it being spread to those with interests other than friendship. Normally, the only major leak in this is if you can't trust your friends. Now, there is also a leak in the basic communication infrastructure we're using. People are simply arguing that social networks like facebook have a certain responsibility to be trustworthy, just like friends do.

The other problem is that the information you publish is no longer just that. It can be combined with the information your friends publish, interpolated, and projected back at you, to find out things about you that you DIDN'T publish. For example, if you said you went out with Tina tonight, and Tina said she she went out with you and Joe, and Joe said that he went to a nudist colony tonight, then suddenly you just published that you went to a nudist colony.

Re:Really? (1)

Locutus (9039) | about 5 years ago | (#29164679)

but the system is designed such that it gives the impression that you invite people to share with and that includes your info. Now, I wonder why they say you can't see someones info unless you're "friends" with them when in fact, you just needs to be friends with one of their friends. And you know, when you go to click an app and see where it says the developer has access to your profile data? It didn't, and probably still doesn't, say that if any of your friends accepted the app, the developer already has access to your profile data.

Public info is public info but not when you're given the impression of selective publicity.

LoB

Re:Really? (1)

ObsessiveMathsFreak (773371) | about 5 years ago | (#29164987)

No. That's not good enough anymore. With the global reach, massive databases and indexing software available to most companies, it's no longer good enough to say that once your private data slips out that it's fair game for anyone to do whatever they please, whenever they like with it. I don't want Google or Facebook or anyone else spamming people who have just happened to send me an email. I don't want private companies data mining my address book and contacts list.

You say that once my data has become "public", all bets are off. But how many of us have ever, in our lives, made some of our data explicitly "public", for the whole world to view? I gave my data to my ISP and some to Google. I didn't publish it on a big HTML page for the world to gawk at. Where exactly do private companies gain the right to pass that information on to every and any third party they please? From their click through EULAs? That's pushing it.

The real teller here is the balance of power. Facebook can spam your contacts list, but if you somehow managed to get your hands on theirs, legally, and proceeded to spam everyone on it, what fate do you think would await you? You'd be hauled over the coals before the day was out. You don't have high priced lawyers and the ability to file suit in 50 countries. Right now possession of data is 9/10ths of the law, and the other 10% is too expensive for the likes of us.

This is the worst part, in general (4, Insightful)

Anonymous Coward | about 5 years ago | (#29163957)

Not that your information is in the hands of the facebook staff. That can be scary, but the facebook people, like google, have demonstrated a fairly reasonable approach to exploitation of personal information.

The problem is that it's in the hands of all of your friends and family. If there's any aspect of your life that should remain off the internet, never share it with a facebooker.

Re:This is the worst part, in general (2, Interesting)

dkleinsc (563838) | about 5 years ago | (#29164483)

have demonstrated a fairly reasonable approach to exploitation of personal information.

So as long as our personal information is only reasonably exploited, it's a-ok?

Re:This is the worst part, in general (0)

Anonymous Coward | about 5 years ago | (#29164597)

Sure, why not? You trade personal information for benefits all the time. When you buy a shopper card at Safeway, Costco, etc, you're letting them track your buying patterns in exchange for lower prices - although they use the tracking to figure out which items to buy and how to place them so as to sell you more. When you watch TV, you're giving away information about what kind of shows you like (sports, sci-fi, health, etc), and it is used to show you advertisements likely to be somewhat relevant to you. Similarly, with Google or Facebook, you trade some information about yourself for a convenient service. What kind of laws should be in effect about use of such information is another question. But you can't expect these services to exist if you give them no way to make income!

Re:This is the worst part, in general (1)

Jeremi (14640) | about 5 years ago | (#29165101)

So as long as our personal information is only reasonably exploited, it's a-ok?

Yup, that's the deal. Facebook gets to use your personal information in certain more-or-less socially acceptable ways, e.g. to choose which ads they show to you, and in return you get unlimited use of the FaceBook site, without ever having to pay anyone any money.

That may or may not be a-ok for you, but FaceBook's user seem to find it acceptable; otherwise they presumably would not be FaceBook users.

TFTFY (2, Insightful)

denzacar (181829) | about 5 years ago | (#29164559)

Not that your information is in the hands of the facebook staff. That can be scary, but the facebook people, like google, have demonstrated a fairly reasonable approach to exploitation of personal information.

The problem is that it's in the hands of all of your "friends" and family. If there's any aspect of your life that should remain off the internet, never share it with a facebooker.

Facebook friends are often not even acquaintances. They are not your friends, no matter how Facebook refers to them.

Re:TFTFY (1, Insightful)

Anonymous Coward | about 5 years ago | (#29164697)

Agreed. thus the quotes around "friends". The "friend" relationship is not akin to real social relationships--too static and black or white on information control. And facebook, etc. are now popular enough that enough people who use it in different ways are having culture clashes. The extroverted, "my life is an open book, and so is what I know about yours" and the more introverted, "this is just a handy way to keep up with my 3 best friends" groups are squabbling and the "my information is private. I'll give away yours for a free smiley icon" people are irritating everyone. Especially since that last group are usually the people who click on executable attachments and forward them to their whole contact list.

some advice (4, Insightful)

FudRucker (866063) | about 5 years ago | (#29163967)

if anyone wants to keep their personal information private then keep it off the internet, if you put your photo or real name & location on any part of internet (especially social networking websites) you can bet your life that somebody else is going to exploit that information in any way possible and for $profit$ if that is possible too.

Re:some advice (5, Insightful)

Panzor (1372841) | about 5 years ago | (#29164005)

The thing that annoys me is when someone ELSE posts my picture on the internet. It takes a community to keep an individual safe, and the facebook community is quite security inept.

Re:some advice (2, Insightful)

Kral_Blbec (1201285) | about 5 years ago | (#29164153)

What surprised me about the article is an extension of this. Not just pictures, but the entire profile is availible. I avoid all the Facebook quizes and crap because I already know it is a huge security hole that allows them to access your profile, but I never expected that it would also open up your friend's profile when you allow an app. That kind of pisses me off.

Re:some advice (0)

Anonymous Coward | about 5 years ago | (#29164259)

you still don't get it. if your friend has you in a special group with limited access to his/her profile then the app you install will only be able to collect the information that you are restricted to seeing.

it does not bypass these security features.

Re:some advice (0)

Anonymous Coward | about 5 years ago | (#29164283)

Except who has their BFF listed as a limited profile, even though their BFF could be a dumbass who installs these things?

Re:some advice (0)

betterunixthanunix (980855) | about 5 years ago | (#29164341)

Hey, you can leave Facebook any time you want to, and your information will no longer be exposed to these random applications. There is nothing that compels you to be on Facebook other than subtle social pressures.

Re:some advice (1, Insightful)

Anonymous Coward | about 5 years ago | (#29164583)

Subtle social pressure, and a desire to keep track of what people are posting about you and your family. Sure your friends are going to post pictures of your kids pool party with names and addresses whether you're on or not. But at least if you're on there's a better than average chance that when Snotty "I don't care about your privacy or security" McSnotpants will helpfully tag your ugly mug and give you fair warning. You have no hope of warning if you're not a member.

Re:some advice (3, Funny)

ParanoiaBOTS (903635) | about 5 years ago | (#29164531)

The thing that annoys me is when someone ELSE posts my picture on the internet. It takes a community to keep an individual safe, and the facebook community is quite security inept.

The thing that annoys me is people who seem to think that they have a right to keep a photo from appearing online just because they appear in it. It's not like the person went into your house, pulled out your photo album and uploaded those photos. If you don't want to appear in a photo a person may or may not put online, don't go out in public. It's as simple as that

Re:some advice (2, Insightful)

silanea (1241518) | about 5 years ago | (#29164647)

The thing that annoys me is people who seem to think that they have a right to keep a photo from appearing online just because they appear in it. [...]

At least in Germany people actually do have such a right [wikipedia.org] (no english article linked, so I assume such a right does not exist in anglo-american law). Besides, for me courtesy demands that I ask people for permission before I put pictures of them online. What seems harmless to you may get another person fired, disgraced or harrassed.

Re:some advice (1)

TheRaven64 (641858) | about 5 years ago | (#29164749)

In the UK, you do have that as a legal right. You may not publish a photograph of someone in any media without their consent, with a few exceptions (crowd scenes are one, and I believe there are some other exemptions for the press if the photographs are seen as being in the public interest).

Re:some advice (0)

Anonymous Coward | about 5 years ago | (#29164959)

It's hard to believe that the British tabloid industry could possibly exist with that law in place. Surely you don't have an actual citation for such a law.

dom

Re:some advice (1, Interesting)

nine-times (778537) | about 5 years ago | (#29164349)

I generally agree with you, and therefore don't participate in social networking sites. However, I still think tis is a problem insofar as Facebook claims to keep your information private.

To look at it another way, I don't have grounds to complain that my posts on Slashdot are being made public. I also don't think I have a lot of grounds to complain if Google wants to have automated systems reading my emails enough to feed me a relevant ad, since I know that's roughly their business model for providing free email. However, if I found out Google was allowing their advertisers to read my email, that I would be pretty upset about that. Whether or not it's wise of me to trust Google, they've given me the impression that my emails are private and they aren't going to allow other people to read them.

Similarly, I have limited sympathy for these people who post their drunken antics on social networking sites and expect that their coworkers and employers simply won't ever bother to look at the site. However, if Facebook is offering you to let you have private pages that are only visible to friends which you select, but they are then allowing others to view those pages, that seems like a problem.

Re:some advice (1)

ferd_farkle (208662) | about 5 years ago | (#29164669)

Hell, I'm still struggling to keep some relatives from using websites to send me "e-greeting cards".

I have to periodically create throw-away email addresses just to email these individuals, who complain that they have to keep changing their address books to email me.

Facebook App Exposes Abject Insecurity (3, Insightful)

Dogtanian (588974) | about 5 years ago | (#29164029)

Yeah, I've noticed that this "Facebook" app exposes an abject insecurity.

Namely that of the users who seem to be obsessed with their not appearing popular enough, and adding as many "friends" as they can.

Re:Facebook App Exposes Abject Insecurity (1)

TheVelvetFlamebait (986083) | about 5 years ago | (#29164371)

Making and keeping track of plenty of friends (by the facebook definition) is the point of facebook, according to the many people who patiently explained facebook to me.

Privacy is simple (3, Insightful)

verbatim (18390) | about 5 years ago | (#29164061)

Don't publish/post anything that you wouldn't want made public.

Simple enough, people? Seriously.

Grow. The. Fuck. Up. Stop being retarded, paranoid jackasses. Facebook, et.al., are out to make MONEY. That means collecting information, data, digesting it in some way, and then selling that information to advertisers/perverts/your mom/etc.

I just don't get why people are up in arms about "privacy" on a public website, even one with "private" areas. I mean, it's kind of interesting how people will put personal information on a public website and then build virtual walls around it to keep other people out.

Are you so embarrassed by your circle of friends/family that you really don't want other people to know?

Do you really think that you are such an interesting fucking nobody that everyone in the whole goddamn universe wants to know everything about you?

You are one nobody among a collective of nobodies. Deal. :)

Re:Privacy is simple (4, Insightful)

gbjbaanb (229885) | about 5 years ago | (#29164123)

I suppose the problem is one of trust - Facebook says "set your privacy controls and you'll be safe", and some people believe this! Not everyone is educated about the internet, they treat it as they would other people, not realising its totally different. These people use Facebook.

Re:Privacy is simple (3, Informative)

pnattress (1002576) | about 5 years ago | (#29164751)

It's perfectly possible to set privacy settings on Facebook for applications as well as friends. You can control the information other friend's applications can see. (Settings -> Privacy -> Applications). It's not heavily advertised, because if everyone hid all their info it would devalue their API somewhat, but it's definitely there.

Re:Privacy is simple (1)

Seumas (6865) | about 5 years ago | (#29164929)

Do we have evidence that this is actually adhered to? I have no faith that the settings I have chosen - including "friends only" or the fact that I chose to disable Applications in every way I possibly could from day one will actually be followed.

Re:Privacy is simple (1)

verbatim (18390) | about 5 years ago | (#29165049)

I simply assume that no company/organization will ever do anything in my best interest unless I have a significant financial stake in it (and, even then...)

Re:Privacy is simple (2, Insightful)

Kral_Blbec (1201285) | about 5 years ago | (#29164173)

It's not about posting anything you dont want public. Its about OTHER PEOPLE posting it about you.

Re:Privacy is simple (4, Insightful)

notamedic (1236734) | about 5 years ago | (#29164325)

Facebook is incredibly popular and the start of your third paragraph shows that (aside from an inability to stop swearing) you can't comprehend what the general non-geeky public want from the internet. Social relationships are complicated - how you interact with your friends and what they know about you may not be the same for your family and for your work colleagues.

I'm not a big fan of facebook, but the people who use pejorative terms to dismiss it obviously don't understand it.

Re:Privacy is simple (1)

verbatim (18390) | about 5 years ago | (#29165157)

I would both agree and disagree. Yes, I have different social circles - work, friends, and family are three simple categories.

However, I don't see the point in putting artificial walls between these things. Yeah, I'm not going to automatically send party announcements to my colleagues, but I also don't really care if they know what I'm doing on the weekend. I'm pretty sure that they don't care, either. And, if I happen to do something embarrassing, reckless, or stupid, then I really should be more careful with my own life.

I don't have anything against facebook, and I happen to think it's an interesting way to share a measured amount of information about myself with the world. The problem that I have in this case is with people who think Facebook is somehow responsible or required to maintain privacy when, in most cases, I should be more responsible with what information I choose to share.

I've never heard of a situation where a little more prudence at the individual level would not have prevented the situation from happening in the first place.

Well, anyway... just an opinion. :P

Irony (0)

Anonymous Coward | about 5 years ago | (#29164367)

Grow. The. Fuck. Up.

This is an interesting sentiment to present by such juvenile means.

Re:Irony (0)

Anonymous Coward | about 5 years ago | (#29164737)

OMG! SRSLY!!!

someone else? (0)

Anonymous Coward | about 5 years ago | (#29164681)

Don't publish/post anything that you wouldn't want made public.

Simple enough, people? Seriously.

And if someone else posts it, then what?

Re:Privacy is simple (4, Insightful)

Seumas (6865) | about 5 years ago | (#29164915)

I think you have missed the entire fucking point of Facebook. Facebook is not about blathering your shit to every fucking moron on earth and acquiring as many "friends" as possible, but about communicating and keeping up with a select group of people that you have chosen to communicate with. For example, colleagues, family, and close friends.

I don't give a fuck about you or what you have to say day in an day out, but your mom might. Or your school chums. Or your best friend at the office. And since Facebook allows you to restrict your interactions to just these chosen people, you have a right to expect your communication to remain between those designated individuals.

You know, sort of the same way the telephone company is a commercial enterprise, but you have a reasonable expectation for your conversations to remain private. Or do you consider talking on the telephone to be blathering to the "whole goddamn universe", too?

Unfortunately, just like your mom probably is more prone to getting a virus on her Windows machine than you are, she's probably more likely to use a "what color are you?" facebook application and thereby put you at risk of exposure.

Again, it is simply disingenuous to trash people as being idiots for using services where security is inherently implied (and options to protect it are right there in the user preferences -- even though they appear not to be adhered to in this demonstration).

That doesn't mean you should share your most private secrets on earth anywhere online that is connected with your real identity. It just means that you shouldn't have to worry that your every piece of information is being sold out from under you when you thought it was just between yourself and the people in your circle. And if you have this attitude that you should *EXPECT* that from Facebook, then you should have that same attitude toward every institution you deal with from the place you bought your car, to your electric, phone, cable companies and medical providers. After all, if your bank's databases are cracked and the data stolen and sold out from under you, it's YOUR fault for being stupid enough to give your financial information to your financial institution, right?

Also, as much as I hate Twitter and Facebook and all these things (though I like LinkedIN), you at the very least are often obligated to sign up so that you can protect your identity from being used by someone *else*. And as much as I hate attention-whores, even they deserve an expectation of a certain degree of privacy in situations where that privacy is implied.

Civil Liberties? (0, Flamebait)

Kohath (38547) | about 5 years ago | (#29164065)

What does this have to do with "Civil Liberties"?

The ACLU doesn't seem to be about civil liberties at all any more, if it ever was.

How convincing is the quiz? (2, Interesting)

Jah-Wren Ryel (80510) | about 5 years ago | (#29164081)

Could someone with a facebook account "review" this quiz?

I don't have a facebook account so I can't do much with it. But I would like to send it to friends and family that do have accounts. These people aren't the type to comprehend the ACLU blog, so I'd like to know just how well the quiz makes its point. Is my 20 year-old niece who 'friends' anyone who sends a friend request going to achieve cluevana by doing the quiz, or is the quiz no more meaningful to the unenlightened than the blog post that inspired it?

Re:How convincing is the quiz? (2, Interesting)

xiox (66483) | about 5 years ago | (#29164141)

Pretty convincing. It appears to show any of the information or photos I can see about myself or my friends.Presumably a very popular facebook app could harvest data on pretty well everyone in facebook, no matter their privacy settings.

TFA (2, Interesting)

Magic5Ball (188725) | about 5 years ago | (#29164193)

QUESTION 1: When you take a quiz on Facebook, what can the quiz see about you?
Only your answers to its questions.
Only information that is set as "public" on your profile.
Almost everything on your profile, even if you use privacy settings to limit access.

Correct!

Even if you have your profile information and content set to "private," quizzes can see almost everything that you share with your friends on Facebook: your politics and religion, embarassing photos, comments you leave on your friends' Wall. It doesn't seem like a quiz developer has any reason to poke around in your profile, but it's temptingly easy to do so.

For example, here are just a few things this quiz can see in your profile:

[Random stuff from your own profile. *Some data/counts in aggregate*]

QUESTION 2: What info about you can a quiz see when your friends take a quiz?
Nothing at all, unless they use your name in an answer somehow.
Only information from your profile that is visible to everyone on Facebook.
Almost everything on your profile, even if you use privacy settings to limit who can see that information.

Correct!

Yes, that's right: when your friend takes a quiz, the quiz maker gets access to your information! So even if you're being careful, if you haven't changed the right privacy settings, your information could be collected by anyone who writes a quiz that your friends take!

Check out what this quiz can see about some of your friends (loads slowly - give it a sec!):

[Random stuff from your friends' profiles. *Some data/counts in aggregate*]

QUESTION 3: There must be safeguards somewhere, right? My information is safe because:
Facebook's default privacy settings prevent application developers from scouring my information.
Facebook carefully screens developers to ensure that they are trustworthy and requires that they post and comply with a privacy policy.
Facebook uses technical measures to limit how developers collect and use personal information.
None of the above - and that's a real problem.

Correct!

The only protection Facebook offers by default is its Terms of Service, which state that developers must collect only the information that they need and use it only in connection with Facebook.

But all it takes to be a developer is an email address, and so few of even the top developers have a privacy policy at all, it's hard to believe that Terms of Service will hold them back if they want to collect information, and (as this quiz has shown) they can access a lot of it.

And once details about your personal life are collected by a quiz developer, who knows where they could end up or how they could be used. Shared? Sold? Turned over to the government?

QUESTION 4: OK, that sounds like a real problem. So what should I do?
Give up and quit Facebook forever.
Resign myself to losing control over my personal information.
Demand the right to control my information without sacrificing the right to use new technology.

Of course you know the answer: take a stand and demand control!

What's going on with these quizzes just isn't right. It's time for Facebook to upgrade its privacy controls so that you decide who gets to see your personal information.

That's where you come in. As we've seen before, Facebook does respond when users protest. So we need to make some noise!

        *
            Update your own privacy settings.

        *
            Share this quiz on Facebook and encourage your friends to take it!

        *
            Sign our online petition and tell Facebook that you want more control of your own information.

        *
            And, finally, help the movement grow by becoming a fan of the dotRights campaign and voting for our "The Secret Lives of Online Quizzes" panel proposal for SXSW 2010.

Don't let Facebook's default settings force you to silently pay with your privacy when you (or your friends! use Facebook. Demand that Facebook upgrade its privacy controls to give you control of your personal info. Demand Your dotRights!

Re:How convincing is the quiz? (1)

wembley fraggle (78346) | about 5 years ago | (#29164387)

It pulled information about me and my friends and showed it to me. Most of that information looked shared, that is, it wasn't anything I couldn't otherwise see by just clicking on a friend's facebook page. But it's information that would be private to some random app developer.

That's the problem - you mark most of your profile as "private" so only friends can see it. But then a friend of yours runs an app (any app at all), and the app has all the privileges that your friend does, allowing the app to gather all the "private" data that you wanted hidden from the Wide World. A popular enough application (mafia wars, etc) could pull a ton of data about people and just sit on it.

I've no clue what the Men in the Black Helicopters want with a bajillion pictures of people in semi-compromising situations and a ton of half-thought out wall posts and other such drivel, but there we are.

Re:How convincing is the quiz? (1)

ArsenneLupin (766289) | about 5 years ago | (#29164601)

I've no clue what the Men in the Black Helicopters want with a bajillion pictures of people in semi-compromising situations and a ton of half-thought out wall posts and other such drivel, but there we are.

Not necessarily MitBH. Could also be geeks looking for suitable mates to get laid.

Re:How convincing is the quiz? (0)

Anonymous Coward | about 5 years ago | (#29164815)

The black helicopter crew doesn't need to exploit an app, they already have their own personal backdoor to everything.

Re:How convincing is the quiz? (1)

bhartman34 (886109) | about 5 years ago | (#29165111)

I've no clue what the Men in the Black Helicopters want with a bajillion pictures of people in semi-compromising situations and a ton of half-thought out wall posts and other such drivel, but there we are.

I took the quiz, and posted it to my profile. Mostly, I took it because I do have friends who will take each and every quiz presented to them, ad nauseum, and I wanted to to get the point across that maybe this isn't such a good idea.

I've got mixed feelings about how serious this is, though. I think that Facebook gives people a false sense of security when they promote "privacy" settings that any of their Facebook "friends" can override by taking a quiz. On the other hand, when you start a quiz (or add any application), Facebook immediately pops up a box making you aware that the application can see your information and all your friends' information. So it's not exactly like Facebook is doing it without the user's permission.

The problem I have with the quizzes, though, is that they access this information at all. The only information a Facebook app should really need from a user is:

1) their answers to the quiz
2) their list of friends (to see how their friends answered the quiz)

What possible reason could an app have for needing all of the other information that Facebook apps can apparently harvest?

And I think the "never put online that which you wouldn't want the whole world to have access to" is outdated. I don't want the whole world to have access to my bank account or credit card information. Does that mean I should reject online banking? You need to be careful where you put your information online, and be very aware of where you're granted privacy and where you're not, but that doesn't mean that a website that pretends to keep your information private can then turn around and say, "Well, WTF did you expect?! If you don't want your information public, you shouldn't have posted it!"

As for the value of the information itself: I doubt the information is valuable on an individual basis. Where it could become valuable is in the aggregate. Get enough people to take the quiz, and the data mining implications become...interesting. You start to be able to answer questions like, "How many Facebook users between the ages of 18 and 30 read Dan Brown novels and have seen a movie in the past year? How do they vote? Where do they live? What products do they like?"

Facebook gives apps that kind of demographic information. The bigger Facebook becomes, the more valuable that data becomes, and the more accurately it models trends and habits.

Solution (1, Funny)

Anonymous Coward | about 5 years ago | (#29164149)

I solved this problem by filling my facebook profile with blatant lies.

Yes, ordinary people are stupid regarding privacy (5, Interesting)

RIpRapRob (1346701) | about 5 years ago | (#29164159)

But here is what Facebook tells their users:

Facebook Principles

...

We understand you may not want everyone in the world to have the information you share on Facebook; that is why we give you control of your information.

...

Facebook follows two core principles:

1. You should have control over your personal information.

Yeah, there is a lot of 'small print' too, but why wouldn't the average user expect the information they put on Facebook to be private, unless they change some (default) setting?

Facebook: (0, Troll)

gurps_npc (621217) | about 5 years ago | (#29164165)

Step 1. Invade everyone's privacy completely.

Step 2. ?????

Step 3. Profit!!!!

========

Wait, let me clarify

Step 2 = Blackmail

Re:Facebook: (2, Funny)

TheVelvetFlamebait (986083) | about 5 years ago | (#29164397)

Don't look now, but I think they achieved Step 3 without Step 2.

Ironic (1)

Kral_Blbec (1201285) | about 5 years ago | (#29164183)

Anyone else find the Facebook link in the article funny?

Re:Ironic (1)

Chees0rz (1194661) | about 5 years ago | (#29164537)

Yes. I added the application in order to check it out. I'm drowning in irony.

Oh, Facebook's lack of security (1)

KarmaRundi (880281) | about 5 years ago | (#29164247)

From the title, I thought it exposed the social anxiety and fears of users (which in many cases it might end up doing, but that's not what the original post is about).

There is no insecurity at all. Move along. (0, Troll)

SecurityGuy (217807) | about 5 years ago | (#29164275)

Facebook and its apps work exactly as advertised. It is a site that's ALL ABOUT SHARING INFORMATION, and guess what, that's what it does. When you take a quiz or use an app, it tells you you're granting it access to lots of stuff. I forget the exact wording, but none of this is a surprise. It takes all of a few minutes looking through the developer docs to see that if you write an app, you get access to, well, yeah, everything.

The problem here is that some people sign up on a site that exists to share personal information, run apps that give away personal information and tell you they're doing it, and are then surprised.

Re:There is no insecurity at all. Move along. (1, Interesting)

Anonymous Coward | about 5 years ago | (#29164501)

One thing that scares me about them is that a few months ago their list suggesting people for me to add as friends changed wildly, and included people I didn't recognize. I did a search, and it turns out that many of these people were ones I had had one email exchange with a couple of years ago using my Hotmail account -- the account I used for my Facebook account. If these oddball suggestions had happened over the course of time, I could understand it being the other people letting facebook pillage their email for addresses and then suggesting us to each other; however, since it happened all at once, the only conclusion I can come to is that Facebook must have made a deal with Hotmail to get access to associated addresses. I never gave Facebook permission, my password is definitely not the same for Facebook as it is for Hotmail, and people contacted via my main email account -- which thankfully is not Hotmail -- have not shown up on this suggestion list.

Re:There is no insecurity at all. Move along. (1)

ElKry (1544795) | about 5 years ago | (#29164675)

The same happened to me. And also, all of them are related to one hotmail account, and one that is NOT the one I'm using on facebook, which is even scarier. I wonder if someone has more insight in this...

Re:There is no insecurity at all. Move along. (1)

Ambiguous Puzuma (1134017) | about 5 years ago | (#29164687)

Not quite--

The problem here is that some people sign up on a site that exists to share personal information, and their friends run apps that give away personal information and tell them they're doing it, and are then surprised.

THAT is the problem as I understand it: apparently you can't deny information to apps that your friends have authorized but you have not.

Re:There is no insecurity at all. Move along. (2, Informative)

donatzsky (91033) | about 5 years ago | (#29164743)

Actually you can:
http://www.facebook.com/home.php#/privacy/?view=platform&tab=other [facebook.com]

Simply untick all the boxes there.

Re:There is no insecurity at all. Move along. (1)

Ambiguous Puzuma (1134017) | about 5 years ago | (#29164941)

Ah, I stand educated. Thank you.
If that page works as advertised, it needs to be displayed more prominently here. (Mod parent up?)

Re:There is no insecurity at all. Move along. (1)

Jeremi (14640) | about 5 years ago | (#29165135)

Simply untick all the boxes there.

Hmm. "You are unable to fully opt out of sharing information through Facebook platform because you are currently using applications build on Platform. To enable this option, you need to remove any applications you have added, and remove your permissions to all external applications that you may have used".

Sounds like you can have either privacy, or the use of FaceBook applications, but not both.

Re:There is no insecurity at all. Move along. (2, Insightful)

Seumas (6865) | about 5 years ago | (#29165035)

You miss the point of Facebook, entirely. It's about sharing information with a controlled group of people you have chosen; not every person on the planet who wants it. The problem here is that a site promotes itself as a place you can associate and communicate with a selected community of people that you have individually selected and granted access to and all of its literature promotes the ability for YOU to have CONTROL over your information and interactions (otherwise, they'd just keep using Myspace or something else) while actually violating the implied spirit of everything users sign up for.

Also, I'm glad you feel that violating the entire premise of your service is okay as long as you post it in your Developer API documents that I'm sure everyone's mom and grandparents read before signing up to the service.

Re:There is no insecurity at all. Move along. (2, Insightful)

bhartman34 (886109) | about 5 years ago | (#29165201)

Facebook and its apps work exactly as advertised. It is a site that's ALL ABOUT SHARING INFORMATION, and guess what, that's what it does. When you take a quiz or use an app, it tells you you're granting it access to lots of stuff. I forget the exact wording, but none of this is a surprise. It takes all of a few minutes looking through the developer docs to see that if you write an app, you get access to, well, yeah, everything.

The problem here is that some people sign up on a site that exists to share personal information, run apps that give away personal information and tell you they're doing it, and are then surprised.

No, that's not the problem. The problem is that when Facebook creates a privacy setting that says "Only Friends" can view the information, that's exactly what should happen: Only friends should be able to see it. It's true that the applications all have a disclaimer saying that they can see and use friends' information, but one can easily understand the cognitive dissonance created when Facebook, on the one hand, tells you that you can designate information as private, and on the other, allows applications to violate that privacy without your giving it that permission. It's one thing if an app can access the "private" information of the person taking the quiz. It's quite another when it gets access to the personal information of people who didn't take the quiz, didn't give the app in question the rights to the "private" information, and thought they were dong "all the right things" by restricting their private information to only their friends.

The cornerstone of privacy is informed consent.

Anonymous Coward (0)

Anonymous Coward | about 5 years ago | (#29164419)

I don't get this... the whole Facebook thing (in every single little aspect)...

At the end of the day, people seem to conveniently forget that Facebook is a COMPANY that exists to make MONEY.
Further, the Company's BUSINESS MODEL is entirely built around selling YOUR DATA.

If Facebook was to "privately protect" this data, as its user's seem to insist they should - How are they suppose to make MONEY?
Do you have an alternative Business Model for them?

Thus the lesson ~
If you don't like Facebook's Business Model - of selling your data - then take your business elsewhere (like MySpace, Friendster et al)... its a FREE MARKET.

Beyond all this... if people cry they really need Facebook to keep in contact with "Friends"... well i think they've got bigger problems... like possible problems involving their personal interaction's with society.
Facebook isn't for making friends... its for people who have no social skills, and want to PRETEND that they're POPULAR, and pretend to have friends.

In short, Reality sucks, LSD is illegal... and so many people need they're little Facebook fantasy world to escape to.

Re:Anonymous Coward (0)

Anonymous Coward | about 5 years ago | (#29164797)

Facebook isn't for making friends... its for people who have no social skills, and want to PRETEND that they're POPULAR, and pretend to have friends.

Methinks thou dost protesteth too much.

Re:Anonymous Coward (1)

Seumas (6865) | about 5 years ago | (#29165081)

People like you really confuse me. I suspect you have very few social interactions in your life, because you fail so readily at comprehending how other people interact. News-flash, people tend to associate with a LOT of people in their life time and many of those people do not live nearby. Colleagues, school chums, friends, relatives, people with shared interests, etc.

Like any social network, there's a lot of attention-whoring. Both of the commercial variety and the "OMG I have 400 friends!" variety. There's also simply a lot of "this is my social circle and rather than emailing everyone individually or chatting on the phone with each of them every day, we can all casually share information and updates and events in a group fashion".

Regardless of people's use of the service, their expectation of privacy is entirely reasonable and reinforced by the assertions made by the site and the nature of the site (not being entirely open, like on Myspace, for example).

The argument from people like you only seems to be applied in these particular cases, because you assume everyone on Facebook is an attention whore and you hate attention whores (well, who doesn't?) and therefore, anything you would otherwise be up in arms about is okay when it's done to people you hate.

After all, if being a corporation driven by cash makes exploitation of your private data acceptable in this way, then you should have no problem with ANY organization you patronize -- doctor to bank to cable company to television repair service --- handing your information out left and right.

Your personal and social issues seem to be the driving motivation behind your conclusions here, because for all intents and purposes, it's "you have no social skills and I hate social networks, so fuck you and your privacy!". Which is just stupid. I value your privacy, because I value my own privacy. Even if you're a fucking idiot.

Hypocrisy. (0)

Anonymous Coward | about 5 years ago | (#29164427)

I like how so many comments say something along the lines of: "Normal people are stupid, they were warned, they deserve to lose access to public information." I'm not even going to start on why that's such a horrible attitude, I think everyone should know that. I just hope none of you are engineers, and if you are god knows you have no right engineering anything for anyone.

But I am going to draw one comparison here. What if this was microsoft doing it? Wouldn't all of slashdot be up in arms?

Quite simply, facebook apps seem to be designed specifically to violate your security. Anyone can get your pictures or your posts from a simple quiz game, when it's not needed. Why can't facebook just tell us specifically what parts of our profile the app is going to use, instead of giving some kind of ominous warning saying that it will have access to basically all of your data. If you are truly interested in protecting someone's data, then that's a simple design decision, something that should have been obvious to anyone who was designing the facebook app architecture. It seems far more likely that it was not put in, on purpose. God knows why.

In fact, I wouldn't be surprised if most of the data on facebook has been cached on 3rd party servers many times over thanks to apps like the quiz one. The worst thing is, facebook is clearly an accomplice and some people are just too busy feeling superior to notice. And I thought slashdot was about protecting people's rights online?

Seriously? (1)

lluBdeR (466879) | about 5 years ago | (#29164555)

Why are people getting so worked up about this? It's not like the information applications can access has been posted here [facebook.com] for years or anything...

big deal (1)

binaryseraph (955557) | about 5 years ago | (#29164677)

Like most the posts say above this one- This is not a big deal. We are not talking about a critical flaw in an OS that will cause for potential data leaks from government systems, nore is this a flaw in the design of a massive medical or credit card system. We are talking about a website that 1. you have to go out of your way to sign up for and 2.lets you throw digital water balloons at your friends, or make comments about their mom for everyone to see. From a technical standpoint it is a little interesting, perhaps, though just another exploit in some buggy code. Someone said it best above here: what is posted public will remain public. Facebook is not a means of secure or private communication.

Re:big deal (1)

Seumas (6865) | about 5 years ago | (#29165163)

Your apartment isn't a secure and bug-swept panic room, either, but you are right to have some expectation of privacy and security within it. If none of this is an issue, then it should be made clear when people sign up how there information is going to be used rather than "we give you the ability to control your information and privacy" and have options like "private" or "friends only" that aren't really private or friends only.

I understand that some people can only see social networking sites as a means for playing retarded flash games with each other and sniffing each others virtual crotches, but that's not the case for everyone and your opinion of them isn't really relevant to the validity of the complaint over the violation of implied privacy when you sign up.

Think of it this way -- Slashdot has an option for you to post comments as an Anonymous Coward. That implies some degree of anonymity. Does it guarantee it? No. Does it prevent you from being exposed should someone break into the servers and abscond with the database that ties identities to posts? No. But does it imply that you could post a message as an Anonymous account and not have it intentionally exposed by Malda and gang to everyone on earth for exploitation however they see fit? Yes. Should you be pissed off if they did that? Yes.

Look, I understand that everyone is a geek and therefore anything social should be ridiculed. Especially when it's "online" because then not only are social people being social, but they're doing it on "our" turf while we're naked in our basements jerking off to a Chun Li poster -- but how about we step away from that for a bit and focus on the implications of exploiting data that users are told is kept private and protected in the first place? Not exploited by evil crackers looking to trade the information on the black market for a few thousand credit card numbers, but by the organization itself which is implying privacy of your interactions.

And as I've said several times so far -- if it's okay to have their information exposed and exploited on Facebook, then why not on Amazon, Google, your banking service, Paypal, eBay, your doctor's office, your library, your employer, your cable company, power company, telephone company, ISP and anyone else? Each is an entity providing a service and in most cases seeking a profit. So hey, anything goes, right?

Facebook "security" is a joke (1)

speedtux (1307149) | about 5 years ago | (#29164813)

Facebook might as well be regular web pages out in the open.

However, I don't see what the ACLU has to do with any of this.

Tracy sure didn't get it... (2, Funny)

speedtux (1307149) | about 5 years ago | (#29164857)

Tracy [failblog.org] apparently had some trouble with the concept of "privacy" (or lack thereof) on Facebook...

Re:Tracy sure didn't get it... (0)

Anonymous Coward | about 5 years ago | (#29165069)

Dude...somebody figured out Tracy's password (probably from being the same as on another site that got hacked). This person went and messed with Tracy's FB account. If you had seen her page, all kinds of activity (like setting her relationship status to "engaged") all happened that day.

dom

Disabled (2, Informative)

magloca (1404473) | about 5 years ago | (#29164931)

Seems the app has already been disabled. Apparently, there's something in the terms you have to agree to to write an app about not collecting more info than necessary. And presumably, Facebook felt that this one did. Or maybe they thought they could distance themselves from the embarrassment. Who knows.

Facebook/Firefox fail (3, Informative)

Animats (122034) | about 5 years ago | (#29165015)

That Facebook quiz page puts Firefox 3.5 into a loop at:
"Script: file:///D:/Program Files/Mozilla Firefox/modules/XPCOMUtils.jsm:260"

FAIL.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>