Facebook Privacy Loophole Minor Compared to Other Fails
Facebook’s newest service lets you schedule a private greeting for your friends that will be delivered exactly on midnight, sparing you the choir of deciding on an acceptable timeframe before or after the New Year. The app is fairly straight-forward, but it appears that it launched with a rather inconvenient and undocumented feature.
A blogger by the name of Jack Jenkins discovered a loophole that allowed anyone with the URL to a Midnight Deliver confirmation message view the recipients and the greeting itself, which they could also delete. Facebook quickly pulled the plug on the service after the bug was picked up by The Verge, and has since resolved the issue.
Some more background:
“When a user successfully submits a message to be sent to their friends, he or she will be displayed a confirmation screen that displays a URL: http://www.facebookstories.com/midnightdelivery/confirmation?id=XXXXX. From here, anyone that’s curious can simply change the ID variable at the end of the web address and then view other messages left for people.”
This latest privacy scare is minor in comparison to what Facebook had to deal with almost continuously for the past few years. Most recently, a change to Instagram’s ToS set off a mini-exodus that the company quickly stopped by reverting the terms. The now removed edit mentioned the use of individuals pictures in ads, a feature that sounds incredibly similar to Facebook’s own Sponsored Stories.
The latter set Facebook back $20 million earlier this month when it settled a class-action suit accusing the social network of using members’ information without their consent. About half that sum was set aside for affected users, each eligible for a $10 reimbursement.
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
