digg

Join DiggAbout

Discover and share the best of the web!
Learn more about Digg by taking the tour.

See the original image at news.bbc.co.uk

BBC exposes Facebook flaw

news.bbc.co.uk — Facebook Awareness...... you gotta be careful....... BBC exposes a fatal flaw in popular social networking program.

Bury
show profanity settings
expand all
  • oliherst, on 05/01/2008, -33/+20This is exactly the reason I got rid of my Facebook account. Although I couldn't be sure this was possible, I'm now glad I got rid when I did!
    • SteveHamn, on 05/01/2008, -6/+51No need to get rid of it. Just don't put personal information on it.
      • KlogereEndGrim, on 05/01/2008, -1/+28personal information sharing is sort of the purpose of facebook, now isn't it?
      • lordthor, on 05/01/2008, -2/+1there's no information there you couldn't get from just friendrequesting 500 people randomly with the message "hey, member me? :D"
        and it's not like it's your social security number...
      • jaznova, on 05/02/2008, -0/+1You can't get rid of it.
    • jjesusfreak01, on 05/01/2008, -7/+18Did you even watch the video. They were fear mongering...
      OK, so you install an application, it records where your facebook information. Although YOU CANNOT steal an id with this, it could help. What a crock. This is like saying that because someone knows your address they have a key to the front door. If a thief has the important things needed to steal your identity, they most certainly already have the easy to find things, that are listed in, I dunno, the phonebook.
      • oliherst, on 05/01/2008, -5/+1No I didn't, I only read the article :X
      • OwdenBowden, on 05/01/2008, -0/+1Basically they are just saying that Facebook really has an obligation to its members to look out for the very same people that made them what they are today. Facebook should make it standard that no personal information is to be accessed as well as need to be accessed when using a third party application on facebook.
      • turpialito, on 05/02/2008, -0/+1If a thief has the important things needed to steal your identity, they most certainly already have the easy to find things, that are listed in, I dunno, the phonebook.

        Or Facebook. Lots more info than your phone book.
    • cockerberg, on 05/01/2008, -7/+6If you want to get rid of your face book account go here:
      http://www.facebook.com/group.php?gid=16929680703
      Then here for amusement while-u-wait:
      http://www.facebook.com/group.php?gid=21994768584
      • computergod, on 05/01/2008, -2/+3Why the digg down? He was posting legitimate information on the (very hard) process of completely removing yourself from facebook. They might close your account, but the information stays online and is hard to remove.

        /Adds cocerberg to friends list.
        Welcome to digg :)
        • jaznova, on 05/02/2008, -0/+1impossible to remove, that is.
          It all stays on their servers, and is accessible by facebook's partners.

    • computergod, on 05/01/2008, -0/+2Yup, it's been known for some time that facebook applications have full access to all of your information, and that of your contacts. This is not new, and it is not a hack, facebook does this on purpose, because they do not give a ***** about your privacy.
  • ecape7, on 05/01/2008, -18/+7arrgg i forgot about my facebook account tried to just ignore it ...It takes forever to try and delete it i don't know if that's changed or not ...this is annoying and i know one of my friends will install a crappy application that does this sort of stuff!!
  • AgentVladimir, on 05/01/2008, -7/+253The less information you put on there, the less can be stolen. I find it odd that people would even leave their mobile number on view to the public.
    • NoahK, on 05/01/2008, -16/+3Wow. So only ONE friend needs to have a "bad app" in order for your personal information to be stolen? Ouch... Maybe I should cut back on my 4k friends?
      • guyinjapan, on 05/01/2008, -1/+25Oh my, look at how big your internet penis is! 4000 friends, why aren't you amazing!
      • DupontNumber24, on 05/01/2008, -1/+2Uhm? How is this comment a reply to AgentVladimir?
    • toekneebullard, on 05/01/2008, -2/+89I have mine up, but only my friends can see it...and I only "friend" people who are ACTUALLY my friends.
      If you just use the system the way it's supposed to be used, everything is fine. It's not a race to internet popularity...it's an application for interacting with your friends.
      • plingboot, on 05/01/2008, -0/+15Yeah, ok, so you're careful who you add as a friend but this all about dodgy apps. what if one of your trusted friends adds The Miner?
        • toekneebullard, on 05/01/2008, -2/+2That's why I don't put anything up that I wouldn't be ok with the world knowing.
    • bbendele, on 05/01/2008, -1/+2One interesting thing is that Facebook stores your phone number as an image, not as text, and displays it this way. Would this make it harder for a facebook app to copy "friend's" mobile numbers?
      • diothar, on 05/01/2008, -0/+8That's the reasoning, but like with CAPCHAS, miners are getting smarter.
      • Soave, on 05/01/2008, -0/+6Actually (I just checked mine), the phone numbers are stored as numbers, but email addresses are stored as images. This is more of a spam-prevention measure than an identity theft prevention measure though.
      • ElMoselYEE, on 05/02/2008, -1/+4not to be an ass, but they're not stored as images, that would be silly. they're just displayed as images for spam purposes. if they stored your email as an image, facebook would have to go read every email image every time it wanted your email....say whenever you login, etc.
        • diothar, on 05/05/2008, -0/+1I really don't think he meant to imply facebook actually stores the number as an image, but rather that it displays it as an image. At least that's how I read into the comment. If he did mean to imply it as being stored as an image, then I agree with you.
    • Kevlarm114, on 05/01/2008, -0/+15I have mine up, for hope that a girl might call me...
    • dougdiggerton, on 05/01/2008, -0/+13better take my social security number down.
    • pitlord, on 05/01/2008, -0/+11The whole point of Facebook is to allow people to get in touch with each other. If they cannot provide a secure forum for social networking, and people are too scared to share their contact information, what's the point?
      -_-
    • Gabberwok, on 05/01/2008, -0/+1Or put up a GrandCentral # instead of your real one - that way if anyone you don't know calls you you can have it directed straight to voice mail.
  • borez, on 05/01/2008, -57/+18Ooooo...The BBC made an application that steals redly available infomation from the Facebooks.

    We're all doomed!

    /sarc

    + scaremongering BBC crap
    • Myonosken, on 05/01/2008, -0/+20" scaremongering BBC crap"
      The BBC is one of the least scaremongering news networks out there. Fact is this can be done so how the hell is it scaremongering?
      • borez, on 05/01/2008, -7/+1It can also be done by viewing the pages on facebook, it's hardly identity theft
        • Myonosken, on 05/01/2008, -0/+6Do you not understand the concept of this idea?
      • elnerdo, on 05/01/2008, -3/+2It's scaremongering because it's nothing you can't get from a phonebook, anyway. I have a lot of my personal information on facebook, because I don't give a damn if people know my cell phone number, name and address. Guess what? You can get all of that by paging through a phone book, and it's hardly useful.
    • pitlord, on 05/01/2008, -4/+2Yeah, BBC is full of fear mongering liberal dumbasses. Look at all the sympathy they show for terrorist groups like Hamas, and Islamic Jihad. They jump on the anti American, anti Judeo Christian bandwagon every chance they get.
      X^P
      • yakski, on 05/01/2008, -0/+3What a moronic reply... this is not about YOUR political viewpoint which nobody cares about.
  • bumcheekcity, on 05/01/2008, -3/+77Anyone with intermediate to advanced PHP knowledge can do this, and many have. I've made a little test application with the Facebook API, doesnt do anything, but to be honest, all it has to do is show a cute picture of a bunny and trillions of people will install it. It'd be trivial to put some info-stealing code into an already working application, and I'm sure many applications steal information already without telling anyone.
    • axpdocbrown, on 05/01/2008, -11/+28"Anyone with intermediate to advanced PHP knowledge can do this"...Right...and for the other 99.4% of people...
      • KlogereEndGrim, on 05/01/2008, -3/+41lol, if you think that 0,6 % of people can code decent php, then think again.
        • drlha, on 05/01/2008, -3/+23Damn, I wish Digg featured a delete comment button.
        • darkism, on 05/01/2008, -4/+7Damn, I also wish Digg featured a delete comment button.
        • theright, on 05/01/2008, -3/+5Damn, I wish most of all Digg featured a delete comment button.
        • ant4177, on 05/01/2008, -2/+6Damn, I wish Digg was a delete comment button.
        • j0etb, on 05/01/2008, -2/+7Damn, I digg comments on button deleting
        • nickbarber, on 05/01/2008, -3/+3Damn, I delete button comments on digg.
        • stalefries, on 05/02/2008, -1/+2C-C-COMBO BREAKER!!!
    • Cirieno, on 05/01/2008, -0/+360.6% of 6 billion = 36,000,000
      Wow, that's a whole lotta coders right there...
      • uhhNo, on 05/02/2008, -1/+2Yea, that's 0.6% of all of the people in the world!
    • jerger23, on 05/01/2008, -0/+18"Given a choice between dancing pigs and security, users will pick dancing pigs every time."
      -Bruce Schneier explained this by saying "If J. Random Websurfer clicks on a button that promises dancing pigs on his computer monitor, and instead gets a hortatory message describing the potential dangers of the applet — he's going to choose dancing pigs over computer security any day. If the computer prompts him with a warning screen like: "The applet DANCING PIGS could contain malicious code that might do permanent damage to your computer, steal your life's savings, and impair your ability to have children," he'll click OK without even reading it. Thirty seconds later he won't even remember that the warning screen even existed."
  • 360news, on 05/01/2008, -10/+58FATAL ?
    c,mon....
  • slickstar, on 05/01/2008, -33/+8i haven't signed up to face book simply because i think its stupid. if i need to chit chat with someone ill simply call them up, or if i need to organize something with a few mates ill call them up aswell. there is simply no point of social networking sites for people who already have an active social life because they wouldn't waste their stupid time on such stupid things..

    or maybe I'm just a 19 year old teen who is old fashion?!
    • jnava121, on 05/01/2008, -6/+34yeah if you only have 2 friends and one of them is your dog and the other is clyde the frog then there is no point in using facebook.
      • slickstar, on 05/01/2008, -15/+1your mum is MY BEST friend
        • mikeismyname, on 05/01/2008, -2/+8damn you must be old fashioned cause i already ***** her.
        • drowe, on 05/01/2008, -0/+7Thus confirming that you are probably 16, and not old fashioned.
        • ell0bo, on 05/01/2008, -3/+6Actually, yours super poked me yesterday. It was wonderful.
        • ant4177, on 05/01/2008, -0/+2I facebooked your mum
    • toekneebullard, on 05/01/2008, -0/+13I'm sure at some point someone said "why would I call someone when I can just write them a letter?"
      If this is the way you want to do it, fine. Other's want to do it another way. Live and let live.
    • enigmaneo, on 05/01/2008, -0/+1Good for you.
    • TheLoneHoot, on 05/01/2008, -0/+1Good thing you're an old fashioned 19 year old who doesn't subscribe to the idea of a social networking site - and good that you posted it on Digg.

      Tard.
    • xstarsprinklesx, on 05/02/2008, -0/+1Yeah, when you're 19 and all your friends still live in the same town as you, it's fine.When you get older and want to keep in touch with the people you grew up with who are now scatted across the country/world, it requires a bit more than "calling them up" to "organize something."
  • christophe971, on 05/01/2008, -7/+275All of this is so ridiculous.
    If you don't want your personal information stolen, don't put it online, period.
  • Holocaust, on 05/01/2008, -34/+128Facebook is so 2007
  • seejunaid, on 05/01/2008, -22/+6Boringggggggggggg
  • ElAssoWipo, on 05/01/2008, -3/+148This reminds me of this dumb video the provincial police made in Quebec about 15 years ago.

    To raise awareness about a rise in car theft, they made a commercial that shows just how easy it is to hotwire a car, then proceed to show you how to do it step by step.

    "It's that easy!" Thanks officer!
  • insanebrain, on 05/01/2008, -22/+7BBC has a flaw of its own. The video isn't playing.
    • D14BL0, on 05/01/2008, -15/+4I thought the flaw was the silly accent.
      • Markpdotcom, on 05/01/2008, -2/+6He doesn't have an accent (wonders if you'll get that...)
        • whataboutdave, on 05/01/2008, -8/+3There is no such thing as not having an accent. That is, there is no pure form of speech that accents are variations of.
        • dlllb, on 05/01/2008, -1/+1Whoooooosh!
        • TheLoneHoot, on 05/01/2008, -1/+2RIIIIIIIIIIIiiiiiiiiiiiiiiiiiiiiiiiiiiiiiight... that silly accent - oh wait, he's from that country where they INVENTED ENGLISH!

          Tard.
    • LokitheComplex, on 05/01/2008, -0/+4Ah are you using firefox? You need to erase your BBC cookies to get their flash video player to work.
    • BadBosco, on 05/01/2008, -2/+1Epic Fail
  • twtmc, on 05/01/2008, -29/+17How is that there fear mongering going, BBC? Good?
    • Angostura, on 05/01/2008, -2/+8And this is fear-mongering, how, precisely?
  • websyndicate, on 05/01/2008, -24/+10I like turtles.
    • MissICT, on 05/01/2008, -5/+3me too
    • syphern, on 05/01/2008, -5/+5I like yo mama!!
    • TheLoneHoot, on 05/01/2008, -0/+1you also apparently like the Macarena, saying "don't tase me bro", singing "who let the dogs out", and watching "chocolate rain" parodies.
  • SteveHamn, on 05/01/2008, -11/+5Yea those applications are evil! WTF access my info? I think not!
  • jnava121, on 05/01/2008, -7/+181Funny a store like Best Buy can keep financial transaction data, get hacked , then have your credit information stolen. But that's perfectly acceptable to the public. But a facebook hacker grabs a picture of you doing a keg stand at a college party and that some how is going to ruin your life :)
    • RudeTurnip, on 05/01/2008, -4/+8I can have charges marked as fraudulent on my credit card, have a new card issued and move one. It's not so easy to get a new reputation. Of course the lesson is don't do stupid things in public where there might be cameras.
    • plingboot, on 05/01/2008, -1/+2It's not about reputation due to dodgy pics. Its about name, address, date of birth, employer, etc. etc. data that might be useful in id theft --and it's alll legally up for grabs by any idiot with a passing knowledge of php.

      Most people know not to put too much personal info on facebook, but there's a bazillion idiots that don't. Good idea to tell em.
      • fLUx1337, on 05/01/2008, -2/+1Why oh why does everyone think you need PHP knowedge to do this?

        Python, ruby, java, they can all do it too...

        No wonder PHP gets thought of as the language of noobs! :(
        • worldchanger, on 05/01/2008, -0/+1by who? thirteen year old script kiddies like you?
          back to school junior.
    • thelock65, on 05/01/2008, -0/+2he's not going to be doing any kegstands. he only has 6 friends
    • Tranadaday, on 05/01/2008, -2/+1I miss keg stands. I also miss doing them and hitting someone's lighting fixture with my feet and then having the shrapnel fall on you as you are trying to consume, ice cold beer.
    • diadem2, on 05/01/2008, -0/+1It can if you are a teacher :)
  • D14BL0, on 05/01/2008, -12/+91Why do people act like this is Facebook's fault? Stop posting your personal details on the internet. Jesus.
    • paaaaaaaaaa, on 05/01/2008, -1/+18Everybody on Facebook just read this comment and have now decided to stop posting their personal details on the internet.
    • syphern, on 05/01/2008, -6/+8Jesus aint got nothin to do with it!
    • turbod33, on 05/01/2008, -0/+11Honestly, what sensitive information are you going to put on Facebook? Personally I don't give a crap that people know one of my favorite movies is 'The Labyrinth'.
      • RustyJ, on 05/01/2008, -0/+2Seriously, it's not like people are listing "Al-Qaeda" under employment history. Although I do wonder how long it would take before you're detained after posting that one....
      • ronaldinho, on 05/01/2008, -0/+1Well the video was saying it can lead to your identity being stolen, that's all. It's not so much the issue of sensitive yet private information that they are dealing with
    • plingboot, on 05/01/2008, -0/+4Cmon, facebook ask us for this info. then let any idiot with rudimentary php have access to it. Surely they're not entirely blame free.
  • auto98, on 05/01/2008, -13/+7It's amazing how the BBC tech dept must work - they must have someone looking on the internet for stories, then they nick it and do a few "investigations" (LOL) to make it look like their own. I'm willing to bet 80/90% of the people that read this had already heard this story, and quite a while ago
    • zongamin, on 05/01/2008, -8/+3Stop using percuntages.
    • phoomp, on 05/01/2008, -0/+4BBC takes the story from the relatively small tech community and brings it to the mass community.

      Sure, 80-90% of people reading this story through Digg are already aware of it, but 80-90% of Facebook users probably aren't.
      • BadBosco, on 05/01/2008, -0/+1did you make these up or do you have credible sources cited in MLA format?
  • Mercury821, on 05/01/2008, -11/+24And here I thought sensationalist fear mongering was just a US news phenomenon...
    • Envark, on 05/01/2008, -1/+4Did you really think that?
      Somehow, I doubt you were THAT myopic.
    • Myonosken, on 05/01/2008, -3/+5How is this sensationalist or fear mongering?
    • crossmr, on 05/01/2008, -1/+3It was, but its also one of their chief exports.
  • tim507, on 05/01/2008, -1/+18I go into things by default thinking there is a 100% chance my identity can get stolen. Its just the day in age we live in.
  • tmattoneill, on 05/01/2008, -7/+10i find it funny that country with no bill of rights and under more cctv and surveillance than any other gets so uppity about 'identity theft' You'd think that people changed their identity here more often than their underwear.

    Who cares! If there is something you want kept private, DO NOT PUBLISH IT ON FACEBOOK.
    • Myonosken, on 05/01/2008, -0/+11a) A bill of rights isn't the be all of security. The US has one and regularly get wiretapped. Our current constitution is working fine thank you very much.
      b) CCTV is hardly going to clear out your bank account as identity theft does.
      • wiresjr, on 05/02/2008, -0/+3c) What you saw on Spooks (Think it might be called MI5 over there) is not real life
  • Nougat, on 05/01/2008, -1/+11One: Don't install applications sent randomly to you by people you don't know. Doesn't anyone remember things like Bonzi Buddy, or those weird little games, that would pop spyware/adware on your machine? Social engineering got people to install those, as it does here with these Facebook apps.

    Two: It's crummy about such exploits sending information about people who are smart enough not to use the apps directly, but Facebook and other social networking sites are not dedicated to information security. They are dedicated to growing their userbase, which is generally done by making them more usable and useful at the least cost. Any application that is more usable is inherently less secure, or more costly to develop, or a little of both. Don't put your sensitive information in places that by design have iffy security.
    • Angostura, on 05/01/2008, -2/+4You forgot Three: "Don't let any of your friends install applications sent randomly to them by people they don't know." That's harder to ensure.
      • Nougat, on 05/01/2008, -1/+2Covered that in Two, thank you very much.
  • nathangl, on 05/01/2008, -6/+22This is so stupid, this isn't a security flaw in facebook. THEY TELL YOU IN THE WARNING! Don't use applications if you are afraid of this, there is no way many of hte popular applications would allow this. The Facebook API allows application creators access to all these details, BBC shouldn't act like they discovered hidden flaws within facebook when its public knowledge. DONT ADD UNTRUSTED APPS, bottom line. Same with any other computer application..
    • Angostura, on 05/01/2008, -0/+16Yes, but that's not the problem. The problem is DON"T LET YOUR FRIENDS ADD UNTRUSTED APPS.

      Sorry to use caps, but you started it.
    • Jus2Gud, on 05/01/2008, -0/+7Point is you might not have added any application whatsoever, if your friend has you are still at risk.
  • fiv3isaliv3, on 05/01/2008, -1/+5What is the point of an application which can't access user information? They already have pretty good restrictions on what data Facebook developers can accesses anyway.
  • psion01, on 05/01/2008, -2/+6Sounds like you could use Facebook as a source of disinformation to make it harder for ID thieves to get away with their crimes.
  • RickyTheRiot, on 05/01/2008, -0/+3That's no more of a "security flaw" than me going to a website that, for example, offers free games. I download and install the game. It installs a keylogger/virus/trojan/malware (* delete as appropriate).
    The user is in complete control here, it is their choice to add the application onto Facebook.
    • plingboot, on 05/01/2008, -1/+4but I'm not in control of my friend adding an app
  • grimward, on 05/01/2008, -10/+9I'm actually quite surprised that BBC would stoop this low. From what I've always heard here in sweden, BBC has had a reputation of having high quality standards. Seriously britons, has BBC always been this bad, or is it a recent development?
    • slickstar, on 05/01/2008, -11/+1ive never really liked bbc. its a racist biatch. like your mum
    • racco, on 05/01/2008, -0/+6I find that the main BBC news shows (morning, afternoon and evening) that are on the main BBC1 channel tend to be full of crap thats not even news (like this facebook story) but when they report on actual news (go to the BBC News 24 channel for this) they do it quite well
      • theright, on 05/01/2008, -0/+1It's BBC One, and BBC News 24 is now the BBC News channel
    • auto98, on 05/01/2008, -3/+3Their dept that deals with computers etc is very poor - they bring stuff up weeks after the story was big, they give flat out wrong information on several of their shows that deal with security etc etc
    • plingboot, on 05/01/2008, -0/+7Seems like an ok story to me. Your general facebook using UK idiot probably doesn't realise all his personal info is up for grabs. So why not tell them?
      • racco, on 05/02/2008, -0/+1if you don't realise that you personal info is up for grabs after you yourself put it online knowing everyone can see it. then your an idiot
        • wiresjr, on 05/02/2008, -0/+1You're an idiot.
          See? It's a correction and a statement all in one!
  • craighoxton, on 05/01/2008, -0/+31Liked the fact that they called their data mining app "The Miner"
  • CheeseburgerBro, on 05/01/2008, -13/+5You know, the other day I walked around downtown showing all of my personal information in large Xerox blow-ups on a sandwich board I wore.

    Do you know what happened?

    People looked at the information and READ IT WITHOUT EVEN ASKING ME. They were all like, "What's with the sandwich board, Mr. Brown?" and "Nice social insurance number, Mr. Brown," and "Your car license sticker is out of date" -- AS IF *ANY* OF THAT WAS ANY OF THEIR BUSINESS!

    It just goes to show you: don't trust whitey.
    • darkcss, on 05/01/2008, -1/+1lol!
    • Jus7in, on 05/01/2008, -0/+1Please go call somebody a racial epithet and get banned from Digg. Now.
  • Spartyon, on 05/01/2008, -3/+8why not just ***** post a photo of a phone book? This is ridiculous, getting your name and home town? what kind of identity left is that....? you couldn't even get a library card without a photo id.
    • MissICT, on 05/01/2008, -4/+0It's more than that though,. your school, your workplace etc etc - never seen those listed in a phone book :p
      • ZMann, on 05/01/2008, -0/+2You have two options:
        Don't list that info on your profile
        Use your Facebook Privacy settings
        • theright, on 05/01/2008, -0/+1Set the Facebook privacy settings to what, exactly?

          You can make your details public, or just visible to your friends. This flaw allows your data to be mined whether it's public, or even just visible to your friends and one of your friends installs the malicious application.
    • zongamin, on 05/01/2008, -2/+4Because they could also get your Photo (from your profile pic), your Date of Birth, Employer, maybe even partners name, mothers name.....
  • cockerberg, on 05/01/2008, -5/+0Something to do while you wait for your facebook account to be deleted, propaganda welcome
    www.facebook.com/group.php?gid=21994768584
  • syphern, on 05/01/2008, -3/+1599.999% of the apps on facebook are stupid as hell anyway... Keep it simple, your name, relationship and if you interested in females.. DONE.
    • MScrip, on 05/01/2008, -0/+5Exactly! I have a friend that has 56 apps installed. Next time I see him I wanna ask "so, do you enjoy going to your OWN profile to use all those apps?

      I don't see the point in most of the apps. You see an app you think is cool and you install it, and trick your friends into adding it to their profile in order for them to use it. Then, you never use the app again... They just sit there, making your profile page a mile long and 2 minutes to load. Do you really go back to your own profile to see if your eggs have hatched? Or which cartoon character you are?

      You're right, stick to the basics. Name, messages, wall and photos.
    • zongamin, on 05/02/2008, -0/+1Percuntage : (n) A made up percentage figure used to make a point by an idiot.
  • neko6, on 05/01/2008, -7/+1I keep my Facebook profile 100% open to the public - That way I only put on it stuff I don't care everyone in the world knows. Most private thing on my Facebook account is my email, and its already full of spam anywayz.

    This actually protects me - nobody can extort me (all information is out in the open anyway) and nobody can steal my ID, as its easy to see my pictures emails etc.
    • boldfire, on 05/01/2008, -0/+3So, instead of stealing your identity, they just take it? Nice logic right there sir.
    • RustyJ, on 05/01/2008, -0/+1buried for "anywayz"
  • MrViklund, on 05/01/2008, -2/+1What?
  • etx313, on 05/01/2008, -2/+13Am I the only one that is sick of the Identity theft scare?
  • gweedo767, on 05/01/2008, -2/+24Oh NOES! They will know that I graduated from MNU!!! Crap...now all of you do!
  • polko, on 05/01/2008, -0/+10i don't use any apps... they are just waste of time..
    • jtdgrz, on 05/01/2008, -5/+2i don't use any facebook... they are just a waste of time...
    • SysstemLord, on 05/01/2008, -0/+2Some can be useful, like Chess pro.
  • saffsam, on 05/01/2008, -1/+2Lesson to learn less information about yourself is better
  • SethEllis, on 05/01/2008, -2/+5I hope that people start to be more careful, and stop sending me invites to trillions of random crap applications.
  • bawheid, on 05/01/2008, -3/+6A fatal flaw? Oh puhleaze, who died?
  • CarzorStelatis, on 05/01/2008, -3/+12I think I'll wait for verification by a RELIABLE tech news source to verify this - the BBC's "click" technology coverage is laughably poor, often so inaccurate that it could almost be a spoof of itself. In fact, I'm wondering how a world-renowned news organisation like the BBC can stomach being a laughing stock in such an important area.
    • iambigred, on 05/01/2008, -2/+3I agree completely. Click is an embarrassment to the BBC.
    • thailand1972, on 05/01/2008, -0/+3Agree again. "Click" is essentially a few BBC journalists scouring the net for some information and reporting it in a dumbed down way. Result = useless "info-articles" that impart no useful information.
  • joshualamgroup, on 05/01/2008, -0/+4this isn't a flaw. Much of the Facebook API allows an app to get these data..
    these are needed in order for many apps to work..
  • whataboutdave, on 05/01/2008, -4/+22facebook.com -> privacy -> applications -> other applications -> (uncheck all the boxes)

    Do that and all applications have access to is your name, network, and list of friend's names and networks.

    ID thieves wouldn't waste so much time and energy for such trite information. Facebook is fine. Bury this alarmist *****.
    • theright, on 05/01/2008, -2/+1...until your friend adds a malicious application, and it has access to all your details.

      Back to square one.
      • whataboutdave, on 05/01/2008, -0/+3A friend adding an app only gives the application a list of that person's friend's names and networks. In other words, you're wrong.
    • pearlygate, on 05/02/2008, -0/+3thanks man, I just enabled that option. wow never know there is this option. Those facebook developer are better than myspace
  • w00ters, on 05/01/2008, -1/+6The problem is not just what a Facebook Application could steal it is the fact that the user is led to believe the information stolen is private (if specified so). Facebook shouldn't have a privacy option if it can be so easily circumvented. This lulls the user into a false sense of privacy.
  • illpoint, on 05/01/2008, -0/+1Fatal flaw? Facebook built their API specifically so you could do things like this. Install facebook apps at your discretion just as you would desktop apps.

    The most information they can steel is what your friends can see anyway.
  • joobojesse, on 05/01/2008, -0/+3a lot of that info is in public record anyway, and can be accessed if you know where to look. Ever heard of public background checks (hint: they use info available to the public)?
  • frenchi, on 05/01/2008, -2/+2How is this news, and what is so fatal about this? buried.
  • miakeru, on 05/01/2008, -2/+1Isn't all of the information they "mined" from the Facebook users just available on the profile page of all of the users anyway? Sounds like it's just a data aggregation application and doesn't actually exploit anything or use a flaw.
    • linuxpenguin, on 05/01/2008, -1/+2No, because you're not supposed to be able to see anyone's Facebook profile unless they're your friend or they have set it to allow you to. Also your credit card info isn't supposed to be visible to anyone - Facebook uses it to let you buy stupid little "gifts" for people though, and supposedly if you have that info in there such an app could steal it.
  • gypsyjoe, on 05/01/2008, -1/+2Facebook has one glaring flaw - it's ***** stupid.
  • linuxpenguin, on 05/01/2008, -3/+1C'mon, don't they know how to spell "program" :)
  • Fetching more discussions...
    Show 51 - 89 of 89 discussions
  •  

    Login or register to add a comment

    Create a new account or login to join in the conversation on Digg. You'll also be able to Digg stories to help promote things you like.


© Digg Inc. 2008 — Content posted by Digg users is dedicated to the public domain.
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.