Tumblr 101: Tips And Tricks To Get Started
WATCH: Shredding On The Google Guitar!
Facebook takes chat feature offline to plug gaping privacy hole -- ready to delete your account yet?
If you've been wondering why Facebook chat was mysteriously "down for maintenance" during normally high-usage hours this morning, it's probably because they were alerted this morning to a pretty serious security hole in their privacy settings.
The hole allowed for what can only be called one of the easiest exploits in recent memory; it allowed any Facebook user to see his or her friends' live chats and pending friend requests just by typing their names in the site's built-in privacy preview page. TechCrunch Europe received a tip about it, along with a link to a YouTube video (below) showing the exploit in action earlier this morning, and notified Facebook almost immediately.
Whether it's the way they've made it nearly impossible to simply upload a profile picture without getting hassled to install worthless software, or the fact that at any given point in the day, something on Facebook is horribly broken; disaffected Facebook users already have enough to worry about without having their friends eavesdropping on their private conversations.
The video:
A site this broken is usually tagged with in beta! -- and come with caveats like use at your own risk.
Facebook's reaction to the exploit was surprisingly straight-forward:
"For a limited period of time, a bug permitted some users' chat messages and pending friend requests to be made visible to their friends by manipulating the "preview my profile" feature of Facebook privacy settings. When we received reports of the problem, our engineers promptly diagnosed it and temporarily disabled the chat function. We also pushed out a fix to take care of the visible friend requests which is now complete. Chat will be turned back on across the site shortly. We worked quickly to resolve this matter, ensuring that once the bug was reported to us, a solution was quickly found and implemented."
This latest in a long line of completely preventable screw-ups only goes to show that the only thing Facebook's team isreally good at is showing the world time and again that it's technically inept and largely irresponsible -- but at least they're learning to quickly admit their failings.
Now, all the recent buzz about Facebook's privacy shortcomings (yes, it's an understatement) has many users wanting out. Unfortunately, leaving Facebook can prove to be much more difficult a prospect than anyone could have guessed, and most users simply give up after falling under the impression that they can't delete their accounts.
While it may be difficult, deleting your Facebook account is not impossible; you just need to know where to look. For one thing, users often get lost trying to find account-ending options because Facebook has questions about them labelled misleadingly; in this case it's "Security: Hacked Account."
Once there, you'll see that after lengthy stalling, it finally gives you a link to the fabled account deletion request form. Don't think you're completely out of the woods once you hit that final submit button though, because they've built in a 14-day cooling-off period that keeps your account frozen but available should you change your mind.
If you don't quite want to delete your account, you may be toying with the idea of deactivating it. You might think that deactivation is good enough, since Facebook says that "your profile and all information associated with it are immediately made inaccessible to other Facebook users." What's missing here is a breakdown of exactly what happens to your account. While it's true that your profile will be ghosted, you won't be. You can still be tagged in photos, notes, and status updates just like normal. For all intents and purposes, most people won't notice you've left -- because you really haven't.
If you're going to kill your account, be sure to uninstall any Facebook Mobile apps from your phones, clear Facebook cookies, and make sure you don't leave any Facebook Connect sites set to automatic login. If you accidentally log into your account during those final 14 days, you reactivate your account and have to go through the process all over again.
Sometimes, there really is no shame in quitting.
Comments
11
Subscribe to commentsRyanMay 5th 2010 2:54PM
Damn... somebody's a bit angry I think? Honestly who cares if someone could see your pending friend requests? They would see them in your news feed anyway if you accepted them. The chat messages is a little more concerning but at the same time, if you're using facebook to chat about confidential stuff, you've got bigger problems to worry about. I don't think it's something you should be suggesting a mass facebook account deletion because of.
AdamMay 5th 2010 2:54PM
The problem is that FB does not see its users as its customers. Users (and their data) is what FB mines and sells to its true customers. As such, FB doesn't see any reason to do much to protect its users and their privacy or even respect the choices the users have made. Their changes are tested for ability to improve data mining, not for security. The solution is for FB to offer a "Private User Account" option in which users pay FB $5 per month or something similar and get all the benefits of using FB (sharing with friends) with a guarantee of 100% control over their personal information and no surreptitious, middle-of-the-night changes that require you to affirmatively opt out of them. If users become a direct source of revenue, they become customers and thus are more likely to be treated reasonably well by FB.
Right now, the only thing that will get FB to change the way they protect user-data is if users start leaving in droves and I don't see that happening any time soon.
Jon NiolaMay 5th 2010 2:55PM
That is a rather substantial vulnerability. I would have to guess it has been in there all along too.
216May 5th 2010 2:58PM
While leaving Facebook is one option, i think its better to leave your account up, but pretty much lock it off from everything by upping the privacy settings. Settings such as, making it so that no one can view photos with you tagged in them, read your wall, find you, etc.
This way, as FB grows and becomes more important, you have control over your FB identity. Nobody says you still have to "use" it tho.
Matthew RogersMay 5th 2010 3:22PM
Adam's point is exactly right, but I agree with 216's viewpoint as well. In fact, It's pretty much what I do for the time being, except that I also refuse to use Facebook's chat service. If your Facebook account is minimal enough you don't stand any risk of losing anything by leaving it open, but you also don't stand to lose anything if you decide to just delete it put it out of its misery :)
laeroMay 5th 2010 3:52PM
Really, what kind of information do you put on fb if you are afraid of this?
Pending friend request doesn't really matter unless you're a friend collector (basically mixing people you trust with fillers), otherwise you should only have people who you can freely share this kind of information with in your friendlist.
As for the chat, didn't think anyone used it. Might be case-specific, but for me the chat is so bugged and spunky that me and my friends either just use skype or simply text each other.
AvianMay 5th 2010 4:27PM
The problem 216, is that the privacy controls are constantly changing and most get set to defaults when they do change. Not to mention the ever changing privacy policy which has changed to make previously private data not private anymore.
nemMay 5th 2010 9:25PM
Several months ago I deleted by FB account (I have now done this 2 times and i know for sure this is a matter of fact). It told me that it takes 14 days for all of my information to be permanently deleted from FB servers.
"We have received a request to permanently delete your account. Your account has been deactivated from the site and will be permanently deleted within 14 days."
First of all, what in the world takes them 14 days to do. Is FB saying that it takes 14 days to remove a user from its DB? A Simple SQL query? To remove my content from its Media Servers and its CDN? Why? what is it doing for 14 days?
Let me say this again I "Deleted" my account not "Deactivate" it. So it has been several months. Last night, I went to check what would happen if I used my old e-mail and password and try to login. Would it fail? As it should. If everything has been deleted, should I not get an error saying there is no such account? Well to my "surprise" it evidently was not deleted. All my content was gone, my friends were gone but somehow it knew who all my friends should be? How is that possible? How did it know who to suggest as my friend if all my information has been deleted. It should be like starting over from scratch. Is that what privacy is for? Not for FB to keep all my information in perpetuity. The only way it could know who my old friends where is to keep a record of it.
I want to understand what they mean by Privacy and protecting consumers. What other company is doing this.
Thanks for your help. I would e-mail FB but I doubt I would ever get a satisfactory reply, only some excuses. Hopefully I will finally be able to delete my account today, well... i guess not really since the above is true it is never really "deleted"
Matthew RogersMay 5th 2010 11:15PM
From my understanding, they force the 14 day waiting period in an attempt to keep users from deleting the account. As for some of your account data remaining, even several months after "deletion," they are very hazy on how long of a period it takes to finalize deletions. Their terms cite data backups as one reason why information may stick around, but they purposely stop short of saying how long that may take.
You can read their TOS here:
http://www.facebook.com/terms.php
JMay 5th 2010 10:55PM
nem... didnt work for me? did you start a new account with the same email???
exel_worldMay 7th 2010 5:51AM
Thank you for the information your provide.
http://www.ozgurdunyam.com