Communication Breakdown
Communications from the world of, er, communications. And other stuff.
Saturday 12 January 2008, 1:58 PM
Facebook email privacy has a hole
This was certainly a surprising discovery! Here's the text of a message I sent out to all my Facebook contacts today:
Just thought I'd share something very important with you all. Some of you show your email addresses on your Facebook profiles, some of you don't. Fair enough: that's called privacy, and that's what Facebook's privacy settings are for.
However, I recently started using Facebook on my mobile phone (it's a Windows Mobile handset if you're interested), and discovered something peculiar. If I go to the "contacts" page on Facebook's cut-down mobile version, it displays every single contact's email address, whether or not you had set this information as public. What is more, in some cases it's not the email address that HAS been set as public. In other words, it's the email address you used to set up your Facebook account, whether or not you want that address to remain private.
The implications of this are obvious. It enhances the stalker potential on Facebook, for one thing. Such things could also be mined - albeit with some effort - for spamming purposes. Worst of all, though, is the fact that it is not what you asked Facebook to do, and is in some cases probably the opposite of what you wanted.
What can be done? Who knows. But in the meantime, please forward this message on, just so everyone is aware that their information is in the public domain even if they thought they'd opted out.
David
I know a few people who will not be pleased to find this out, although some will no doubt not care much. Anyway, this may already be a known security hole, but if so then I'd love to know why Facebook hasn't closed it.
Just thought I'd share something very important with you all. Some of you show your email addresses on your Facebook profiles, some of you don't. Fair enough: that's called privacy, and that's what Facebook's privacy settings are for.
However, I recently started using Facebook on my mobile phone (it's a Windows Mobile handset if you're interested), and discovered something peculiar. If I go to the "contacts" page on Facebook's cut-down mobile version, it displays every single contact's email address, whether or not you had set this information as public. What is more, in some cases it's not the email address that HAS been set as public. In other words, it's the email address you used to set up your Facebook account, whether or not you want that address to remain private.
The implications of this are obvious. It enhances the stalker potential on Facebook, for one thing. Such things could also be mined - albeit with some effort - for spamming purposes. Worst of all, though, is the fact that it is not what you asked Facebook to do, and is in some cases probably the opposite of what you wanted.
What can be done? Who knows. But in the meantime, please forward this message on, just so everyone is aware that their information is in the public domain even if they thought they'd opted out.
David
I know a few people who will not be pleased to find this out, although some will no doubt not care much. Anyway, this may already be a known security hole, but if so then I'd love to know why Facebook hasn't closed it.
PreviousComments on this post
Quickly, export your facebook contacts with email addresses while you can (export facebook contacts).
Woah, hold up - no need to panic. If you look at my subsequent post and its comments, you will see that Facebook reacted to this post very quickly, first removing the "contacts" feature then bringing it back, but without showing the email addresses.
I have to say I am impressed at the speed with which Facebook reacted to the post, especially on a Saturday... however, I'd still like to know why the feature was there at all, given that its safe version is almost a clone of the "friends" feature on Facebook mobile.
