funsec mailing list archives
Re: Facebook Image Privacy
From: Vincent Hoffman <vince () unsane co uk>
Date: Sun, 17 Jan 2010 17:11:58 +0000
Larry Seltzer wrote:
I recently blogged about something interesting in Facebook privacy (http://blogs.pcmag.com/securitywatch/2010/01/is_facebook_privacy_a_sham.php - hat tip to F-Secure): If you upload an image and set the permissions to “Only Me” it gives you a publically-accessible URL through which anyone can access the image. A Facebook employee entered a comment that said that only the user who posted the image gets that URL from them, so therefore it’s private. The URL (http://www.facebook.com/photo.php?pid=4722564&l=c56ff5065a&id=675398046 <http://www.facebook.com/photo.php?pid=4722564&l=c56ff5065a&id=675398046> for example) isn’t especially obvious, although the last “&id=675398046” is my user id, which is public in Facebook. The URL may not be obvious, but it’s on a publically-accessible site so it’s at least a little cheesy to call it private. What do you think?
Nothing terribly new. http://www.lightbluetouchpaper.org/2009/02/11/new-facebook-photo-hacks/ Looks like they have changed the url scheme for the the CDN now so it might be harder to see any other photos in the album, but the CDN is still serving the photo even though the facebook.com link doesnt work any more so i guess the retention issue still exists. Vince
Larry Seltzer Contributing Editor, PC Magazine larry_seltzer () ziffdavis com http://blogs.pcmag.com/securitywatch/ ------------------------------------------------------------------------ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Facebook Image Privacy Larry Seltzer (Jan 17)
- Re: Facebook Image Privacy Vincent Hoffman (Jan 17)
- Re: Facebook Image Privacy Imri Goldberg (Jan 17)
- Re: Facebook Image Privacy Dan Kaminsky (Jan 17)
- Re: Facebook Image Privacy Imri Goldberg (Jan 17)
- Re: Facebook Image Privacy Dan Kaminsky (Jan 17)
- Re: Facebook Image Privacy Larry Seltzer (Jan 17)
- Re: Facebook Image Privacy Dan Kaminsky (Jan 17)
- Re: Facebook Image Privacy Vaughn, Randal L. (Jan 17)
- Re: Facebook Image Privacy Alex Eckelberry (Jan 17)
- Re: Facebook Image Privacy Blue Boar (Jan 18)
- Re: Facebook Image Privacy Dan Kaminsky (Jan 18)
- Re: Facebook Image Privacy Dan Kaminsky (Jan 17)