In the end, it took a picture of Mark Zuckerberg holding a dead chicken to get Facebook to fix a flaw that allowed strangers to access your private photos.
The social networking site allowed users to have access to other users' personal and private photographs that would normally be hidden from view - by taking advantage of a flaw in the "Report inappropriate profile photo" feature.
The flaw worked like this. If you're a Facebook user , you can report other users' profile pictures as being "inappropriate". For instance, you can say that they contain "nudity or pornography". However, Facebook then gives an opportunity to select "additional photos to include with your report" and displays a selection of photographs - which may not be shared publicly.
The flaw was highlighted on a body building message forum (yes, really..) but really got the world's attention when someone posted thirteen private photos from the Facebook account of Mark Zuckerberg.
In many ways it's good that Zuckerberg's account was targeted - if it such a high profile figure hadn't fallen victim, the flaw might have continued to have been exploited for much longer opening up opportunities for stalkers and others to view private photos.
"Move fast and break things". That's a poster on the wall at Facebook's HQ, and is the company's internal motto. You'll notice the poster doesn't say "Privacy matters".
In other words, Facebook's programmers are experimenting with new features and are testing them out on the live site without, in this case at least, the code being properly reviewed with privacy in mind.
The good news is that Facebook responded quickly once the problem made the tech headlines and the ability to report additional photos (and thus inadvertently see users' private photos) is currently withdrawn.
Facebook issued a statement to the media about the flaw:
"Earlier today, we discovered a bug in one of our reporting flows that allows people to report multiple instances of inappropriate content simultaneously."It's good that Facebook has fixed the flaw, as it impacted the privacy of users (including its CEO), but it should never have happened in the first place. Maybe that's not such a bad idea. Facebook needs to stop making mistakes when it comes to its members' privacy. Once users' trust is broken, it will be very hard to restore.
"The bug, was a result of one of our most recent code pushes and was live for a limited period of time. Not all content was accessible, rather a small number of one's photos. Upon discovering the bug, we immediately disabled the system, and will only return functionality once we can confirm the bug has been fixed."
0 comments:
Post a Comment