Facebook's API May Expose Private Status Updates

Posted by Rob Lewis

Facebook users who rely on the social network site's ability to make status updates visible only to certain people may find their posts exposed publicly.

Technology expert Tod Maffin discovered the flaw while using a email marketing system that relies on Facebook's API. 

Maffin says he relies on Facebook's "Make visible to" feature in the Status Update post box to restrict his status updates — some of his more personal updates are sent only to those on his "Close Friends" and "Family" friend lists. However, when using the email marketing system, he discovered that the site pulled all status messages, regardless of any restriction, from Facebook's Application Programming Interface (API), a system through which web sites exchange data.

"I was pretty stunned," said Maffin, senior strategiest and COO of tMedia Strategies in Vancouver. "All this time, I'd assumed those posts were kept off any sort of public feed."

Maffin uses Mailchimp for his email marketing campaigns. The email provider uses codes to pull dynamic content from social media sites like the sender's most recent tweets or most recent Facebook posts. Facebook's code appears to distribute all status updates, regardless of any restriction setting, to applications using its API. This is not specific to Mailchimp; any web application relying on Facebook's API would be able to read this content, provided the application is authorized with Facebook (which is necessary to be able to dynamically link Facebook content).

Maffin has documented the flaw on his website at www.todmaffin.com/friendsplittingbug.

Company:
Facebook
Website:
http://www.facebook.com
Location:
Toronto, Ontario, Canada

Facebook's mission is to give people the power to share and make the world more open and connected. Millions of people use Facebook everyday to keep up with friends, upload an unlimited number of photos, share links and videos, and learn more about the people they meet. more


Related Articles


blog comments powered by Disqus

Rob Lewis

Rob Lewis

Rob is the President of Techvibes Media and Editor-in-Chief of Techvibes.com.  His diverse background includes stints in International Trade Finance, Web Development, and Enterprise Software and he is a graduate of the University of British Columbia, British Columbia Institute of Technology, and Simon Fraser University. When not running Canada's leading technology media property, Rob can be... more



Who's Hiring



Recent Comments

Powered by Disqus