Photo: Ludovic Toinel
This week, Facebook users suddenly found themselves able to monitor the private conversations their friends were having on the site’s chat service.TechCrunch’s Steve O’Hear reported the bug early this morning. When we attempted to recreate the experiment, we found Facebook‘s chat feature has been disabled entirely; Facebook explains that chat is “down for maintenance”, presumably to fix the hole.
The bug is ironically the result of a privacy feature on Facebook.
In order to help users understand Facebook’s privacy settings, the company allows users to see their profiles as they appeaed to their friends. A user can pick any one of his or her friends, and view the profile as if it were being viewed by that friend.
Unfortunately, the illusion recently became a little too comprehensive — users could also see any chat conversations the friend they were fake-logged-in-as were currently having through Facebook chat.
This is terrible timing for Facebook, which has been facing widespread criticism of its privacy policies. This obviously wasn’t a policy issue, but rather a simple bug. But the scale of it — allowing any of your friends to monitor your private conversations and even video chats — is massive.
In an anti-Facebook rant that was widely distributed the other day, Border Stylo VP Dan Yoder argued that even if people believe in Facebook’s good will, the company simply isn’t technically competent enough to be trusted with sensitive information.
He couldn’t have asked for better evidence to prove his point.