Thursday, February 12, 2009

Still no privacy for people screwed by Facebook's hackers

Probably many of you, guys, remember the huge Facebook's privacy bug published last March. If you don't remember, the hack was pretty simple; using the user ID the attacker could see the private pictures forging a simple URL like the following one.

Find the user ID using a google search is immediate and pretty intuitive. This hack was live for some days during March and after that was patched by FaceBook. So, where is the problem ?



I know, It could seem a normal bug-and-patch process like many others in the net but, to me, it's different. Steal informations, private data and passwords might be less "intrusive" from the privacy point of view. Informations private data and passwords may change, for example if someone got your password, you may change it. Again, if someone stole your home address or your phone number you can change it, but if someone stole your digital pictures you loose the control of them. You cannot control the time life of each picture and you cannot break the circulation flow. This is the proof, months are passed over and these pictures are still on the web. Some of them might be saved into user HDs and none will know when and where the pictures appear again.

No comments: