A Google software engineer has discovered another privacy hole in Facebook – and illustrated it by publishing a list of Facebook founder Mark Zuckerberg’s planned public events.
Ka-Ping Yee says he was playing around with Facebook’s new Graph API when he realised it was showing a list of the events he’d attended, promised to attend or said he might attend – to anybody that asked.
“What can your event list say about you? Quite a bit. It might reveal your home address, your friends’ home addresses, the names and groups of people you associate with, your hobbies, or your political or religious activities, for example,” he says on his blog.
And while these are public events, he says, “There’s a big difference between publishing an event page with a list of people attending, and publishing a list of events that you attended… This kind of event list is not even accessible to your friends on the Facebook website.”
The problem seems to be sporadic – not all users are affected. But one expresses concern on Yee’s blog.
“I’m feeling seriously put-out by this,” she says. “I had a guy who was a borderline stalker try to contact me multiples times on Facebook (and of course, I never added him) and now that he can see all of this, I am considering deleting my Facebook profile altogether.”
Just two weeks ago, Facebook launched its new safety center “in its latest effort to build and sustain a trusted environment for its 400 million users worldwide,” it said.
Users can check whether they’re affected by going to http://zesty.ca/facebook and using the search box on the right to find their name or email address. Clicking the link next to ‘ID’ brings up your own profile; in your ‘connections’ box, click the link next to ‘events’.
You can see Mark Zuckerberg’s event list here.
Facebook hasn’t yet responded to questions about the flaw.