Facebook’s new API has been shown to have a major privacy hole that can allow users to view strangers’ public “events” which Facebook users have said they will attend, or even attended, even if that person is not a “friend” of theirs on the social network.
The hole was discovered by Ka-Ping Yee, a software engineer for the charitable arm of Google, while using the new Graph API released last Friday. In some cases, but not all, it allows the user to see private details. Ka-Ping was so shocked when he found the hole that he didn’t believe it himself at first until he carried out more tests and was able to see Facebook founder Mark Zuckerberg’s planned public events.
Implications of the Privacy Hole
This privacy hole has significant implications for Facebook users. Public events on Facebook are often used for organizing gatherings, promoting activities, and even for professional networking. The ability for strangers to view these events can lead to unintended consequences. For instance, someone could potentially track your movements or gather information about your interests and social circles without your consent. This breach of privacy is particularly concerning given the increasing importance of online privacy and data protection in today’s digital age.
Moreover, the fact that even high-profile individuals like Mark Zuckerberg are not immune to this privacy flaw underscores the severity of the issue. If the founder of Facebook himself can have his event details exposed, it raises questions about the overall security measures in place for all users.
Preventive Measures and Recommendations
Yee suggests that the simplest way to prevent your name from appearing in such lists is to put “not attending” against any event you are invited to. While this may seem like a straightforward solution, it is not without its drawbacks. Declining events you are genuinely interested in attending just to protect your privacy can limit your social interactions and professional opportunities.
Facebook users should also consider adjusting their privacy settings to limit who can see their event responses. By navigating to the privacy settings menu, users can customize who can view their activity, including event RSVPs. This can provide an additional layer of protection against unwanted exposure.
Furthermore, Facebook itself needs to take immediate action to address this vulnerability. The company should prioritize fixing the API to ensure that users’ event details are not accessible to strangers. Transparency from Facebook about the steps they are taking to resolve this issue would also help rebuild trust among its user base.
More information can be found on Ka-Ping Yee’s blog here.
Via Guardian
Latest Geeky Gadgets Deals
Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, Geeky Gadgets may earn an affiliate commission. Learn about our Disclosure Policy.