Facebook security issue and the voyeurism of the AP

Report from the AP on Facebook security lapse.

“A security lapse made it possible for unwelcome strangers to peruse personal photos posted on Facebook Inc.’s popular online hangout”

ok, these security issues aren’t exactly uncommon on the internet and this one seems mild in it’s effect as: (a) it’s been fixed and (b) despite the assertion of “unwelcome strangers” perusing one’s photos, there’s only confirmation that 2 people exploited the security hole, Byron Ng the one who found it and an unnamed AP reporter (and perhaps a few others).

The extent to which Ng exploited the security lapse is unknown (although, we do know he look up private photos Paris Hilton at the Emmy awards and of her brother Barron Nicholas Hilton drinking a beer with friends – scandalous!) and in any event he should be credited with exposing the exploit (although it seems to be a simple URL edit, and he just raked it a ton of publicity).

The actions of the AP reporter on the other hand,

Using Ng’s template, an AP reporter was able to look up random people on Facebook and see the most recent pictures posted on their personal profiles even if the photos were supposed to be invisible to strangers.

The AP also was able to click through a personal photo album that Facebook co-founder Mark Zuckerberg posted in November 2005.

… is a bit unethical. There are other ways to verify a security hole. You could easily create dummy accounts or un-friend a few people to have some test accounts to verify the security issue. Sure, looking up random people (and Zuckerberg) and viewing their photos works too, but you’d think a member of the press would have a bit more integrity.

Finally, CNN’s “Story Highlights” seem to be written by someone who doesn’t like conjunctions, leading to fun implications,

Technician could access private photos of Paris Hilton, site co-founder