Facebook Security Upgrade Rendered Useless – Private Photos Leaked

Just when you thought it was safe to upload those photos from that wild Friday night to Facebook, this happens:

A security lapse made it possible for unwelcome strangers to peruse personal photos posted on Facebook Inc.'s popular online hangout, circumventing a recent upgrade to the Web site's privacy controls.

The dumbest part is how easy it has been all this time to find private photos. All it took was a modified URL with a photo ID to "hack" into Paris Hilton, Mark Zuckerberg, or anyone else's private albums. I don't know the whole story, but given Facebook's excellent reputation, you'd think that they would know better. The security hole has been plugged for now, and I am sure the Facebook group is working hard to make sure there are no other leaky areas.

This leak probably couldn't have been more poorly timed for Facebook with the release of their new security measures as well as MySpace's not so distant and a bit too familiar photo breach.

This really makes you wonder - what's next?

Photo by Meredith Farmer

[via ReadWriteWeb]

10 Comments

  • I am thrilled with Facebook’s new privacy settings (I know, this is off topic LOL). It is actually very important those of us that are TAs. I don’t add any of my students, but some of them have added me. By adding them to my “Students” friend list, I can hide all of those blackout pictures!

  • Definitely. I’m positive that this won’t in any way affect how much time I spend i.e. waste on Facebook. It’s still a great social application, and it’ll certainly get past this blip in the road and will probably end up better for it.

  • Perhaps I’m a bit pessimistic on this front, but I mostly observe the following rule:

    If you don’t want a particular set of people to have ‘it’, then don’t place ‘it’ online at all.

    History tells us that localized security measures often fail, and company promises of privacy or protection from abuse often fall by the wayside in the name of convenience and progress.

    Flowing data indeed.

  • Devil's Advocate March 25, 2008 at 4:23 pm

    “…Facebook’s excellent reputation…”
    ???????????!

    Where did anyone get the idea Facebook ever had such a good rep?? Facebook’s privacy issues, as well as their failure to listen (and slowness to react) to the complaints, has been a well-known thing for some time.

    Even when the finally got the message on some of it, they still seem to have a problem with giving the users the actual control over the interactions their pages are subjected to.

    This is because Facebook is struggling to find that “goldmine” of advertising cash that always seems to depend on NOT protecting privacy. Their own reluctance to admit they can’t have it both ways blinds them to some of the obvious solutions to the complaints.

    Sure, they’ve introduced new options, etc. over the last while. But, they continue to hold back the idea of a simple, straightforward and honest transfer of control. Facebook has shown it fully intends to reserve its (self-perceived and wrongful) right to gather your info and share it with those advertisers who can promise them a buck.

    The fact that Facebook has been allowing 3rd parties to upload content DIRECTLY to the users’ pages (thereby placing stuff on individuals’ hard drives), without prior consent, and still continues to do so (regardless of what the users have opted in or out of), should tell everyone a story right there.

    And, Facebook makes frequent changes to its posted policies without surveying user opinions, and without alerting the users to the changes. (If you take the time to read some of them very carefully, you may even get concerned enough to remove your profile!)

    Another interesting thing people don’t seem to think about is the fact that all websites are subject to be bought and sold anyway. When that happens, all the data becomes someone else’s property – the new owner will do whatever it wants with it.

    There will probably come a day when Facebook gets bought. Do you still think privacy is even possible?!

    It doesn’t matter what internet activity you engage in – YOU are ultimately to blame for what you choose to upload. Only share what you can guarantee will not create a problem for you in someone else’s hands.

  • Devil's Advocate March 25, 2008 at 4:23 pm

    “…Facebook’s excellent reputation…”
    ???????????!

    Where did anyone get the idea Facebook ever had such a good rep?? Facebook’s privacy issues, as well as their failure to listen (and slowness to react) to the complaints, has been a well-known thing for some time.

    Even when the finally got the message on some of it, they still seem to have a problem with giving the users the actual control over the interactions their pages are subjected to.

    This is because Facebook is struggling to find that “goldmine” of advertising cash that always seems to depend on NOT protecting privacy. Their own reluctance to admit they can’t have it both ways blinds them to some of the obvious solutions to the complaints.

    Sure, they’ve introduced new options, etc. over the last while. But, they continue to hold back the idea of a simple, straightforward and honest transfer of control. Facebook has shown it fully intends to reserve its (self-perceived and wrongful) right to gather your info and share it with those advertisers who can promise them a buck.

    The fact that Facebook has been allowing 3rd parties to upload content DIRECTLY to the users’ pages (thereby placing stuff on individuals’ hard drives), without prior consent, and still continues to do so (regardless of what the users have opted in or out of), should tell everyone a story right there.

    And, Facebook makes frequent changes to its posted policies without surveying user opinions, and without alerting the users to the changes. (If you take the time to read some of them very carefully, you may even get concerned enough to remove your profile!)

    Another interesting thing people don’t seem to think about is the fact that all websites are subject to be bought and sold anyway. When that happens, all the data becomes someone else’s property – the new owner will do whatever it wants with it.

    There will probably come a day when Facebook gets bought. Do you still think privacy is even possible?!

    It doesn’t matter what internet activity you engage in – YOU are ultimately to blame for what you choose to upload. Only share what you can guarantee will not create a problem for you in someone else’s hands.

  • Devil's Advocate March 25, 2008 at 12:23 pm

    “…Facebook’s excellent reputation…”
    ???????????!

    Where did anyone get the idea Facebook ever had such a good rep?? Facebook’s privacy issues, as well as their failure to listen (and slowness to react) to the complaints, has been a well-known thing for some time.

    Even when the finally got the message on some of it, they still seem to have a problem with giving the users the actual control over the interactions their pages are subjected to.

    This is because Facebook is struggling to find that “goldmine” of advertising cash that always seems to depend on NOT protecting privacy. Their own reluctance to admit they can’t have it both ways blinds them to some of the obvious solutions to the complaints.

    Sure, they’ve introduced new options, etc. over the last while. But, they continue to hold back the idea of a simple, straightforward and honest transfer of control. Facebook has shown it fully intends to reserve its (self-perceived and wrongful) right to gather your info and share it with those advertisers who can promise them a buck.

    The fact that Facebook has been allowing 3rd parties to upload content DIRECTLY to the users’ pages (thereby placing stuff on individuals’ hard drives), without prior consent, and still continues to do so (regardless of what the users have opted in or out of), should tell everyone a story right there.

    And, Facebook makes frequent changes to its posted policies without surveying user opinions, and without alerting the users to the changes. (If you take the time to read some of them very carefully, you may even get concerned enough to remove your profile!)

    Another interesting thing people don’t seem to think about is the fact that all websites are subject to be bought and sold anyway. When that happens, all the data becomes someone else’s property – the new owner will do whatever it wants with it.

    There will probably come a day when Facebook gets bought. Do you still think privacy is even possible?!

    It doesn’t matter what internet activity you engage in – YOU are ultimately to blame for what you choose to upload. Only share what you can guarantee will not create a problem for you in someone else’s hands.

  • @DA: Wow, you sound like someone speaking from experience. I mostly only speak from experience… Personally, I’ve never had any problems with facebook and I haven’t heard anything bad from my friends. That last point though – I agree with you on that one.

  • Devil's Advocate March 26, 2008 at 4:21 am

    @Nathan:

    What you really should have said was “I’ve never had problems with Facebook… that I was aware of”. A simple Google, using “facebook+privacy” should give you lots of hits on the subject.

    It’s not surprising there’s lots of people unaware of this. It’s because the issue lies in activity that’s not apparent to the user. All the data mining and sharing of that info goes on out of your sight. And, a lot of the time, people “automatically” seem to trust sites like Facebook. They don’t expect Facebook to be doing this kind of thing, but Facebook has admitted to it, and doesn’t seem to be offering any kind of real apology for that.

    It’s even been proven that Facebook’s “partners”:
    1) plant tracking cookies directly on users’ computers
    2) even when users have OPTED OUT, this happens
    3) tracking users takes place even when they’re LOGGED OFF of Facebook.
    4) If you block the cookies, you will not be able to use Facebook.

    As far as my experience goes, I guess I am a veteran.
    Pretty much my entire career has been built on computers, and started before they even had hard drives. (Man! I suddenly feel OLD!)

    : )

  • Devil's Advocate March 26, 2008 at 12:21 am

    @Nathan:

    What you really should have said was “I’ve never had problems with Facebook… that I was aware of”. A simple Google, using “facebook+privacy” should give you lots of hits on the subject.

    It’s not surprising there’s lots of people unaware of this. It’s because the issue lies in activity that’s not apparent to the user. All the data mining and sharing of that info goes on out of your sight. And, a lot of the time, people “automatically” seem to trust sites like Facebook. They don’t expect Facebook to be doing this kind of thing, but Facebook has admitted to it, and doesn’t seem to be offering any kind of real apology for that.

    It’s even been proven that Facebook’s “partners”:
    1) plant tracking cookies directly on users’ computers
    2) even when users have OPTED OUT, this happens
    3) tracking users takes place even when they’re LOGGED OFF of Facebook.
    4) If you block the cookies, you will not be able to use Facebook.

    As far as my experience goes, I guess I am a veteran.
    Pretty much my entire career has been built on computers, and started before they even had hard drives. (Man! I suddenly feel OLD!)

    : )

  • The biggest privacy concern that people don’t seem to be aware of are Facebook’s public search results. If you Google for a person’s name, their “public profile” may be indexed. It just shows you their profile pic, their name and some of their friends. Most people still allow Google to index the fact that they have a Facebook profile.