NEWS FROM THE LAB - Thursday, January 14, 2010

Facebook Privacy Doesn't Really Exist Posted by Sean @ 11:15 GMT

Facebook recently rolled out new privacy settings that provides additional publishing controls.

For example, Facebook users can now publish a photo to a selected list of friends.


Clicking the "lock" icon opens the Custom Privacy settings.


Once a photo is selected and the privacy options are set, the next step is to Share.


As you can see, the default setting is set for Only Friends and this particular post is set for Only Me.


So only Matti Meik�l�inen can see this image, right?


Well… almost, but no, not quite. There is one large loophole to all this.

Do you see the link, highlighted in red?


That's right! The photo can be shared with anyone by sending them this public link.

Absolute privacy on Facebook (and the Internet) is an illusion, it doesn't really exist. Relative privacy is the best that we can hope for.

Should we panic about this?


There's is a very simple solution. If you absolutely don't want to share it, then don't upload it to a SOCIAL networking site.

And fortunately, most of the people that we've surveyed, appear to have enough common sense to understand the costs and benefits of sharing.

P.S. It would, however, be nice if Facebook users could disable the share with anyone option.

We haven't seen it in the wild, but it would be rather trivial for a worm such as Koobface to collect such URLs when an account is compromised. Recovering the account and resetting the password won't invalidate access to these links.