Information came out today that Facebook suffers from a crucial exploit that allows users to view full profiles they normally would not have access to. The news comes as the social networking site faces increasing scrutiny over its privacy procedures including a lawsuit over the misuse of users contact information by its mobile App. The exploit was discovered by London computer scientists Shah Mahmood and Yvo Desmedt. The analysts, working at University College London, used a couple of Facebook’s system properties to allow them to view profiles they otherwise may not have access to and stalk unwitting users.
The hack centers on two basic aspects of Facebook’s system. Users are allowed to deactivate and reactivate their accounts at will, and while accounts are deactivated the user has no control over their privacy settings in relation to that account. This means that if you are registered as a friend of another user who then deactivates their profile they will be able to reactivate their account for short periods of time in order to watch your profile. You cannot restrict the behavior of deactivated profiles. The ability to allow this kind of behavior has birthed worries of stalking. Personal relationships in real life can change but this change cannot be reflected in Facebook’s virtual privacy settings.
Another release today suggested Facebook is trying to make amends for its privacy troubles. The company released a statement on the request of employee’s Facebook passwords by employees, colleges and other institutions. The statement said that the company felt the practice undermined user’s privacy and could lead to legal liability on the part of the institutions involved. The company has had an ambiguous relationship with user’s privacy in the past, being both a basic threat to and a fervent defender of information. Last year it was revealed that a Facebook browser cookie tracked user’s browsing even when they were not logged in.
Facebook is the world’s most powerful social network and manages to hold huge swaths of the populations information, given voluntarily. The company has information many desire and the exploits in the system create problems for users storing their data there. Personal privacy is key and the possibility of allowing an institution access to information is a dangerous prospect. Worse though is the ability to view profiles unrestricted as the exploit released today allows. The social network needs to figure out these problems before users begin to withdraw on privacy grounds.