Facebook bug can make your private photos public
Nothing is ever 100% completely secure, let's get this settled from the off. Whatever security anybody or any company ever puts in place there's either some way to crack it, or some flaw in the system that will allow people to circumvent it. Thus it's not really a shouting a Facebook moment to discover that such a flaw has been found that allows people to see the private photos of others.
The flaw was first reported on the forums of BodyBuilding, presumably because the users of that website like taking photos of themselves and putting them online. The bug exploits the way the offensive photograph reporting tool works. I'm not going to detail it in too much detail here because I don't want to encourage anybody to try and view photographs that other people have made private as they obviously want them to be kept private. However the post does detail how the flaw works.
Facebook have said they are looking into the issue which revolves around being able to report more than just the single photo you can see. It's not a bug with the system but it is quite a substantial design flaw and, oddly, surprising that nobody has noticed it before.
Facebook has been heavily criticised in the last few years for matters of privacy and so there are people who will leap on this story as yet another example of how the company simply doesn't take its users privacy seriously. Such problems have included a change to the terms and conditions that made all your photographs and statuses Facebook's property and a settings change that made everything on everybody's profile accessible to search engines by default. Both times the change was quickly withdrawn.
ZDNet said...
Details of this flaw were examined in detail. While some browsers restrict this flaw, private photos that are hidden or inaccessible to people who are friends, can not only be accessed but enlarged to their full scale. This flaw is open for anyone to use — and abuse. While Facebook anonymises the reports that it gets through, the user whose profile pictures can be viewed will also not know that their privacy has been invaded.
There are real problems with privacy and the Internet, much of which seems to stem from people not understanding what the Internet really is and how it works. I have published a free Facebook Privacy Guide, though some settings have changed and the book needs a second edition when I get time. There's lots of advice in here though about how to keep yourself and your personal information safe and private when online, at least as safe and private as Humanly possible.
As is always the case with these things the best advice is not to put embarrassing pictures or messages online in the first place, or to remove them after they've been seen by close friends. Some companies are working on solutions including one ingenious one I'm looking forward to where a picture can be programmed to expire after a specified time. These types of technology will no doubt help all of us in the future.
