Last week, it was revealed that Facebook had encountered yet another pothole in their road to an enormous valuation. This time, Slide, Inc., the top Facebook application company in terms of installs and active users, and a computer technician in Vancouver had their hands in the matter. The slip-up served as another reminder that pages on public Web sites are just that: public. Passwords and protected pages guarantee virtually nothing.
If you are even a casual Facebook user, you are likely aware of the issue already. The popular Top Friends application has been suspended for about a week, barring any Facebook user from utilizing it. Byron Ng, a computer technician based in Vancouver, came across a flaw in the Top Friends application which allowed for the viewing of limited profiles of any Facebook user who had added the app to their profile page. Status, networks, gender, birthdays, and relationship statuses were viewable thanks to this flaw, not to mention the users’ profile pictures.
The error allowed for the viewing of various celebrities’ partial profile pages, including the likes of Paris Hilton (who apparently goes by her middle name, Whitney), Louisiana governor and John McCain’s potential VP pick Bobby Jindal, and even Facebook’s own Mark Zuckerberg, among others.
Facebook suspended the application hours after CNET News.com had contacted them about the issue, a responsive move that seems to have angered some Facebook users. A lack of respect for its users’ privacy preferences was cited. Ben Ling, director of platform product management at Facebook, said that Facebook expects “third-party apps to follow the rules the users set. With Top Friends, the privacy settings of the user were not being respected according to the privacy policy terms of use.”
Last Friday evening, the Facebook Platform Team posted a response on their developers forum, saying:
“Facebook works to help clarify standards and maintain user trust in applications available on Facebook through technical and manual means. Recently, we suspended Top Friends, one of the most popular applications on Facebook. This application violated user privacy by displaying some profile data to people who should not otherwise have been able to see the information. Though the application developer insists that this violation was not intentional, the seriousness of the violation required us to take immediate action.
We don’t take lightly that millions of users lost their access to this application. Because so many people interact with Top Friends on a daily basis, our immediate action to suspend the application was vital in protecting users and assuring them that their confidence in Facebook and the applications on Facebook Platform are well-placed.”
A similar flaw was found for the Super Wall app, though the information available for gleaning there is far less private.
Ng, the supreme flaw-finder (see: grabbing Paris Hilton and Lindsay Lohan’s MySpace photos and looking at strangers’ SuperPoke pages earlier this month, spying out photos on Zuckerberg’s Facebook profile back in March, and prying away an early digital copy of the yet-to-be-released Harry Potter last summer), has a warning for Facebook users: “Any Facebook user who adds an application to their profile is agreeing to give any of their personal information to the developer of that profile.”
He also added that the barriers of entry to becoming a developer are pretty low, and that while Facebook does not allow apps to store personal information, “there’s NO WAY for Facebook to verify compliance since Facebook applications run on PRIVATE THIRD-PARTY SERVERS, not on their own servers.”
Besides the fact that Ng should be a prime target for hiring by Facebook and MySpace, it’s becoming more and more obvious that the term “developer” attributes empty authority that should probably be made clearer to users.
Facebook and Slide may have seen their values take a hit this past week, and the application realm is becoming more and more sullied. If Top Friends sees a prolonged suspension, Slide may have to reconsider its decision to stop pumping out new apps.
http://news.cnet.com/8301-10784_3-9977762-7.html
http://forum.developers.facebook.com/viewtopic.php?id=16961