Nothing is ever 100% completely secure, let's get this settled from the off. Whatever security anybody or any company ever puts in place there's either some way to crack it, or some flaw in the system that will allow people to circumvent it. Thus it's not really a shouting a Facebook moment to discover that such a flaw has been found that allows people to see the private photos of others.
The flaw was first reported on the forums of
BodyBuilding, presumably because the users of that website like taking photos of themselves and putting them online. The bug exploits the way the offensive photograph reporting tool works. I'm not going to detail it in too much detail here because I don't want to encourage anybody to try and view photographs that other people have made private as they obviously want them to be kept private. However the post does detail how the flaw works.
ZDNet used the flaw to show a picture from Mark Zuckerberg's private album, taken from a dinner party where everybody seems to be having lots of fun making the food, it's quite sweet actually as Zuckerberg clearly looks like the shy one.
Facebook have said they are looking into the issue which revolves around being able to report more than just the single photo you can see. It's not a bug with the system but it is quite a substantial design flaw and, oddly, surprising that nobody has noticed it before.
Facebook has been heavily criticised in the last few years for matters of privacy and so there are people who will leap on this story as yet another example of how the company simply doesn't take its users privacy seriously. Such problems have included a change to the terms and conditions that made all your photographs and statuses Facebook's property and a settings change that made everything on everybody's profile accessible to search engines by default. Both times the change was quickly withdrawn.
Details of this flaw were examined in detail. While some browsers restrict this flaw, private photos that are hidden or inaccessible to people who are friends, can not only be accessed but enlarged to their full scale. This flaw is open for anyone to use — and abuse. While Facebook anonymises the reports that it gets through, the user whose profile pictures can be viewed will also not know that their privacy has been invaded.
There are real problems with privacy and the Internet, much of which seems to stem from people not understanding what the Internet really is and how it works. I have published a free Facebook Privacy Guide, though some settings have changed and the book needs a second edition when I get time. There's lots of advice in here though about how to keep yourself and your personal information safe and private when online, at least as safe and private as Humanly possible.
As is always the case with these things the best advice is not to put embarrassing pictures or messages online in the first place, or to remove them after they've been seen by close friends. Some companies are working on solutions including one ingenious one I'm looking forward to where a picture can be programmed to expire after a specified time. These types of technology will no doubt help all of us in the future.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.