Facebook plugs Timeline privacy hole

Filed Under: Facebook, Featured, Privacy, Social networks

Europe vs FacebookEurope v. Facebook, an Austrian student organization that keeps tabs on Facebook's privacy transgressions, recently discovered that Facebook's latest timeline redesign allowed friends of friends to see the total number of Events a user has attended, even if that person's privacy settings were set to only allow friends to see such events.

This screw-up allowed for unintended sharing of sensitive information, such as political beliefs and sexual orientation, the group said in a release.

europe-v-facebook.org - Facebook March

From the release:

"Users were able to look through often times thousands of past events users were invited to, including demonstrations or gay parties."

Facebook's timeline changes allowed unintended displays of information to friends of friends. Facebook’s View as function displayed such information as public, displaying it in batches of event activity under a heading called Events.

Facebook thankfully plugged the hole within hours of the group informing the company about the problem.

The problematic section, Events, disappeared from affected users' profiles, after which the group could no longer access the data in question, Europe v. Facebook said.

Europe-v-facebook.org - Facebook fixed leak in new timeline

When Facebook announced the redesign on March 13, the company said it be would rolled out over a few weeks.

Many users, not having been upgraded yet, were oblivious to the privacy hole, Europe v. Facebook said.

This is the latest of a string of challenges the group has put to Facebook over what it deems privacy violations in Europe.

The group has filed a total of 22 complaints with the Irish Data Protection Authority against Facebook’s European subsidiary in Ireland.

Max SchremsThose complaints were built on the work of meticulous document requester and researcher Max Schrems, who in 2011 extracted a pile of 1,200 pages that comprised his then-current personal-data Facebook dossier.

In fact, Schrems, the organizer of Europe v. Facebook, has been awarded the 2013 International Privacy Champion Award by the Electronic Privacy Information Center (EPIC) for his work, which has "inspired more than 40,000 users around the world to make similar access requests, helping to ensure greater transparency of internet companies".

As reported by IDG News Service's Jeremy Kirk, Facebook committed to changing how it retains data and altered some privacy controls following a critical audit by the regulator released in December 2011.

Unsatisfied, Europe v. Facebook has continued to keep the Irish Data Protection Commissioner's feet to the fire.

This recent privacy hole is just the latest result of the group's praise-worthy efforts.

The group is to be applauded for its vigilance. That vigilance is pricey, so if you care about privacy and want to support their efforts, you might want to consider contributing to their work at https://www.crowd4privacy.org/.

If you're on Facebook and want to keep informed about privacy issues, scams and internet attacks, join the Naked Security page, where over 211,000 people regularly share information on threats and discuss the latest security news.


, , , , , , ,

You might like

10 Responses to Facebook plugs Timeline privacy hole

  1. Wolf_Star · 589 days ago

    That's why Facebook should NEVER be used to share anything even remotely personal or private. Once it's out in the "Cloud", you've lost all control over it, regardless of any promises made by vendors to keep it safe.

    • judahrichardson · 588 days ago

      Yeah yeah. For the rest of us in the real world with active social lives and friends across multiple time zones, it's the only way to stay in touch with people over the years. Facebook is an application like any other and will have bugs. To their credit, they haven't had any password hacks (yet). That's a lot better than Twitter, Evernote, torrent sites, etc.

      • Interestingly, I live in the real world, have an active social life, and have friends around the world. I've never had a Facebook account. Sure, I might not be fully up to date on what all my friends are doing until I make intentional contact with them (or they with me), and my methods for staying in touch vary from person to person, but my life is still fully packed with events without adding Facebook into the mix.

        I see nothing wrong with using social media sites like Facebook, Twitter, Evernote, etc., but you do need to recognize what you're giving away when you use them, and that they aren't actually a requirement for having healthy relationships with other human beings.

        • Wolf_Star · 584 days ago

          Exactly. Having the ability to stay in touch with family, friend and acquaintances is a great use for Facebook, and to share tidbits or memories or whatever, but it doesn't require sharing sensitive personal information (nor bodily functions or the results thereof.)

          We have to remember that the Internet DOES NOT FORGET. So those childish indiscretions that are so cockily shared when we're footloose and fancy free will always be around, somewhere, to haunt us when we assume a mantle of more mature status. Likewise, personal and private tidbits will be in the same category. Once published, they remain in cyberspace for anyone with enough savvy to glean them. And given how clever authors of malware have become, not to mention groups like Anonymous, there is already a lot of savvy hard at work collecting.

  2. Roscoe · 589 days ago

    How did they contact Facebook? I've been trying for ages with no response! I guess my trivial issue isn't controversial enough!

    • Lisa Vaas · 588 days ago

      I think it helps to contact the Irish Data Protection Commissioner. Maybe more so if you're European!

  3. Randy · 589 days ago

    Does anybody have any data regarding how many people are closing Facebook accounts vs. how many are opening them?
    I opened mine three years ago and have visited the site maybe half a dozen times since, usually around my birthday when FB sends me an email saying a friend wrote on my wall and once a warning telling me my account had been hacked by a mobile device just outside Hanoi and I should change my password.
    I've really found very little use for Facebook and I've often wondered what still draws people to it especially after all the security flaws and unpopular policies they have adopted over the years.

    • My guess is that only Facebook have accurate stats for how many accounts are active, and how many people are erasing their old accounts.

  4. devilsgraceland · 557 days ago

    WHACK! This is how i found out about all the events in the area from promoters pages.... now im limited to just the ones they sponsor -_-

  5. bharat · 557 days ago

    you are an ass , the whole event pages are gone because of your stupidity

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.