2010年10月21日 星期四

Facebook security problem

The security concern about Facebook is aroused again after the outbreak. Texas Poker, FarmVille and FrontierVille are reported to leak personal information (facebook user id) to other advertising companies directly. These games are developed by Zynga which had made a 5-year cooperation deal with Facebook to support Facebook Credits.

The facebook user id is an unique information to identify users even though the users have not yet registered an username (a shortened URL) for sharing their own profile.

You may think that only Zynga breach the privacy rule. In fact, even though you have not logoned to the facebook, you can scan user profiles by generating id randomly. Once you hit it, you can list the user's friends.

Besides that, you can do it another way. You may find a link "browse" to browse by name. Once you click on the user. The URL will be transformed and the id is exposed. Sending a message to the unconnected user is allowed. It means that phising is possible.

自從華爾街的報告Facebook私隱問題,私隱問題再次受到關注。這次案件牽涉到一些出名的遊戲Texas Poker, FarmVille and FrontierVille。它們都把個人資料(Facebook用戶編號)轉移到其他廣告公司。這些遊戲都是由Zynga開發出來。數月前,Zynga與Facebook達成了為期5年的合作協議,支持Facebook Credits。

Facebook用戶編號是用來找出用戶。縱使這些用戶不曾登記短小地址,以分享個人資料。

你可能覺得只是Zynga違反私隱條款。事實上,縱使未曾登入,Facebook容許搜尋個人檔案(名稱,照片,部分朋友),只要隨便輸入用戶編號。

當然除了這個笨方法,還可以瀏覽用戶名稱。網頁的地址自動轉換,透露了用戶編號。任何用戶便可以利用這個用戶編號發送信息,更可以利用通信來欺詐。

沒有留言: