Facebook fixes "Midnight Delivery" privacy flaw
Facebook sidestepped a privacy gaffe on Monday by fixing a flaw that made it possible to snoop on private New Year's Eve messages sent using a "Midnight Delivery" service.Updated: Jan 02, 2013 12:19 IST
Facebook sidestepped a privacy gaffe on Monday by fixing a flaw that made it possible to snoop on private New Year's Eve messages sent using a "Midnight Delivery" service.
Facebook took "Midnight Delivery" offline temporarily to patch a vulnerability pointed out by Britain-based blogger Jack Jenkins.
The new feature, which lets people prepare digital messages in advance and have them automatically delivered to Facebook friends the moment the year 2013 arrives, was back in action Monday.
"I have just checked, the bug/oversight has now been fixed," Jenkins said in an update to his blog time-stamped 1435 GMT.
"I don't know how a site like Facebook can continue to take these kinds of risks."
Jenkins outlined in his blog a way to get into Midnight Delivery messages by tinkering with characters in URLs, essentially manipulating electronic address data.
The privacy slip came less than a week after the older sister of Facebook co-founder Mark Zuckerberg tripped on the social network's privacy settings, landing in the midst of a debate about "online etiquette."
Randi Zuckerberg, who launched a Silicon Valley themed online reality show after quitting her job handling Facebook public relations, kicked off the controversy after a family photo intended for friends went public.
The picture showed Mark Zuckerberg in a kitchen with family members dramatizing reactions to messages sent with a freshly launched "Poke" feature at the California-based online social network.
Poke lets people send messages that self-destruct in what is seen by many as a spin on popular smartphone application Snapchat.
Randi Zuckerberg posted a copy of the family photo to Facebook for the eyes of close friends only, but evidently it was also shared with friends of those tagged in the picture due to privacy settings at the social network.
That meant the fun photo popped up in the news feed of someone outside Randi Zuckerberg's circle, who then shared it on popular messaging service Twitter.
From there, the photo went viral -- much to Randi Zuckerberg's chagrin.
"Digital etiquette: always ask permission before posting a friend's photo publicly," Mark Zuckerberg's elder sister said in a Christmas tweet. "It's not just about privacy settings, it's about human decency."
The comment sparked heated debate at Twitter and other online forums, where a vocal contingent saw poetic justice in the Zuckerbergs being exposed by the way the social network handles the privacy of users.