Languagesx
English Deutsch
Subscribe
Home Comment of the Day: Facebook Security Lapse is Weeks Old

Comment of the Day: Facebook Security Lapse is Weeks Old

Today’s winning comment comes from our post about a Facebook security flaw that allowed people to access private photos – including some from Paris Hilton at the Emmys and others from Facebook founding CEO Mark Zuckerberg’s vacation in November of 2005. In an excellent example of crowdsourced fact checking and research, Mark Jaquith noted that “this flaw has been publicly known for weeks”. Wrote Mark: “Here is a tutorial, from late February (AP is reporting that the flaw was fixed, so hopefully this doesn’t still work.)”

Congratulations Mark, you’ve won a $30 Amazon voucher – courtesy of our competition sponsors AdaptiveBlue and their Netflix Queue Widget.

Here is Mark’s full comment, followed by an extra comment he left verifying that Facebook has now fixed the error:

“This flaw has been publicly known for weeks (which I report as an example of how poorly Facebook takes user privacy, not as a correction to your story). Really crazy. They weren’t checking user permissions for photo pages. If you could guess the ID of a photo, you could view that photo. Worse, they gave you ways to determine the ID of a recent photo. And once you viewed a private photo in the album, the previous/next links worked, showing you the rest of the private photos in that album!

Here is a tutorial, from late February (AP is reporting that the flaw was fixed, so hopefully this doesn’t still work.)”

Comment 2 by Mark:

“Verified that they fixed it:

“The page you requested can not be displayed right now. It may be temporarily unavailable, the link you clicked on may have expired, or you may not have permission to view this page.”

BUT you can still see private photos in which you are tagged, even if you were omitted from the permissions list. I created a new album on my wife’s account, and blocked all her networks, and all her friends except one (not me). I added one picture of me, then tagged myself in it. On my account, it announced the photo to me with a thumbnail and I was able to view it. At no time did it warn me (on her account) that by tagging the photo I was expanding the permissions on that photo. Not a huge flaw, but still — if people are going to trust these privacy settings, they need to be bulletproof.”

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

tags

Related News

A stunning 3D render of a detailed map of Europe, characterized by intricate lines of connectivity crisscrossing the entire continent. The map is rendered in a muted color palette, with distinct shades of green, brown, and gray for landmasses, and a vibrant blue for bodies of water. The connectivity lines, shimmering with a subtle glow, highlight the interconnectedness of cities, countries, and regions, symbolizing the flow of people, ideas, and commerce.,
Small browser companies like DuckDuckGo and Ecosia see user surge in Europe
Sophie Atkinson
AI inspired image of Reddit IPO on Wall Street / Reddit shares rise 11% in just one day since options launch for IPO
Reddit striving for $6.4 billion valuation in upcoming IPO
Graeme Hanna
Microsoft updating
Microsoft Edge users report serious issues following recent update
Rachael Davies
Twitch confirms first ever subscription price increases
Twitch confirms first ever subscription cost increases, US set to follow
Graeme Hanna
Safer Internet Day
Safer Internet Day: Why it matters now more than ever
Charlotte Colombo

Most Popular Tech Stories

Latest News

A character in Grounded faces off against an Ant Queen
Gaming

PlayStation gamers finally get one of Xbox's greatest exclusives
Paul McNally26 mins

When you think of great Xbox exclusives over the years games like Forza and Halo come to mind. When you then think about exclusives that should have been great but...

Popular TopicsArrow right.svg

AI
AI
AR / VR
AR / VR
Cryptocurrency
Cryptocurrency
Gaming
Gaming
Smartphone
Smartphone
Gambling
Gambling
Wearables
Wearables
Web
Web

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.