Facebook 101 – Part 5 Facebook’s social plugin glitch



As with almost everything about Facebook, what follows is a cautionary tale about Facebook’s use of social plugins to connect people on the Internet. We see this as a potentially dangerous flaw which opens everyone’s Facebook profile to virtually everyone on the Internet. This glitch is easier to illustrate than it is to explain in words. We’ll run you through it step by step:

1. Sign out of your Facebook account or open the following links in another browser.

2. Head over to each of these sites:

http://www.theepochtimes.com/

http://mashable.com/

3. Look on the right hand side of the page in the column with links and ads in it.

4. You should immediately see a difference between the two pages when you locate the Facebook social plugin box or, as it is sometimes called, the facepile. In the Epoch Times facepile, there are ten Facebook profiles shown, each with a link to that person’s Facebook profile. If you click on one of the faces, you should be taken directly to that person’s Facebook profile, even though you aren’t signed in to Facebook. Depending on that person’s privacy settings, you might be able to scout around their profile, see their photos and find out their activities and interests. Not only have you probably not ‘liked’ that page, you’re not even signed-in to Facebook! 

5. On the Mashable page, you should see only a small blurb that says ‘900,000 (+ or – ) people  like this.’ There is a ‘Like’ button with a thumbs up icon that, if clicked, brings up a Facebook sign-in page.

6. In the same browser you are using for the two sites mentioned above, open another tab and sign-in to Facebook.

7. Head back to the two tabs which show the above links. Refresh each page.

8. Nothing has changed on the Epoch Times page except that now when you click on one of the profile photos, you are taken directly to that person’s full profile page or their timeline, complete with everything that they have decided to share with strangers such as yourself.

9. On the Mashable site, you might see a few photos of your friends, depending on whether any of your friends have liked the Mashable site. This is how the social plugin is supposed to work, as far was we can tell. We are in the process of emailing the webmasters involved to see if they can help us spot the glitch here.

With this quick experiment in Facebook privacy, we hope you can see the danger in all of this. The whole point of the social plugins is to share content between friends, to make the vast Internet a bit smaller. In reality, the social plugin has opened up Facebook user profiles to the whole Internet. As we have shown in the above example, you don’t even have to use Facebook to be able to see Facebook profiles. Seeing a profile is as simple as clicking on a profile photo on a website.

We know, of course, that you can also search Google for someone’s Facebook profile. The difference here is that searching on Google takes a few steps. It’s not as simple as clicking on a photo. You could theoretically search for everyone named Bob, for example, and click your way through the profiles until you came to an interesting one. With this particular glitch, stalking someone is as easy as clicking on a photo of someone who looks interesting.

Lastly, if you think that this doesn’t work to anyone’s advantage, consider the fact that we’ve added people to our friend list simply by clicking on their profile photo on a site and then clicking ‘Add Friend’. Of course Facebook asks us if we know the person, and we don’t, but they accepted our invitation anyway. We hope you can see how this carries many inherent dangers, especially where young Facebook users are concerned.

We are working on a way to change our privacy settings to eliminate this glitch but, until then, check out what pages your young children might have clicked ‘like’ on. Remind them not to accept friendship invitations from strangers.

Thanks for reading. If you have any inside knowledge about this, please let us know.

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *