blakeross.com blakeross.com
February 4, 2005

Thefacebook (a popular college social network) is currently experiencing an enormous problem whereby it thinks you’re friends with everyone in the system. Why is this such a problem? Well, now I can view the personal information (including address, phone number and other contact info) for 1.6 million college students. Even if said students had chosen the most private settings.

This is why you make sure your security is rock solid before rolling out to thirty more schools each month (or hosting a national beer pong contest). This is not the first security problem they’ve had, but it’s certainly the worst. It will be interesting to see how they handle this PR disaster. It is, in fact, a legal issue, since they violated their privacy policy:

No information submitted to Thefacebook will be available to any user of the site who does not belong to at least one of the groups specified in a user’s privacy settings.

2 Comments»

The URI to TrackBack this entry is: http://blakeross.com/wp-trackback.php/36
  1. I always wondered if this would happen sooner or later. As an avid fan of Thefacebook, I thought they had security taken care of. Nothing you post on your profile has the potential to be damaging (unless you post your cell phone number and random guys call it at odd hours of the morning…hmmm), but it’s interesting that this would happen to them.

    With the technologies they use, sadly, I was waiting for something like this to happen. Too bad it did, although I was thinking more on the level of anybody could wander in and check out anyone. Hopefully their login scheme is secure.

    Comment by Tiffani Bell — February 4, 2005 @ 11:00 am

  2. I’ve been on TheFacebook for a while now, here at UT, and I haven’t seen the behavior you’re talking about. The UT facebook was down for repairs for a little while, but I don’t remember ever being able to see profiles of non-friends.

    Comment by Thomas Duesing — February 4, 2005 @ 12:47 pm

RSS feed for comments on this post.

Leave a comment
Line and paragraph breaks automatic, e-mail address never displayed.

(required)

(required)

authimage