Larry Seltzer wrote: > > I recently blogged about something interesting in Facebook privacy > (http://blogs.pcmag.com/securitywatch/2010/01/is_facebook_privacy_a_sham.php > - hat tip to F-Secure): If you upload an image and set the permissions > to “Only Me” it gives you a publically-accessible URL through which > anyone can access the image. > > > > A Facebook employee entered a comment that said that only the user who > posted the image gets that URL from them, so therefore it’s private. > The URL > (http://www.facebook.com/photo.php?pid=4722564&l=c56ff5065a&id=675398046 > <http://www.facebook.com/photo.php?pid=4722564&l=c56ff5065a&id=675398046> > for example) isn’t especially obvious, although the last > “&id=675398046” is my user id, which is public in Facebook. > > > > The URL may not be obvious, but it’s on a publically-accessible site > so it’s at least a little cheesy to call it private. > > > > What do you think? > Nothing terribly new. http://www.lightbluetouchpaper.org/2009/02/11/new-facebook-photo-hacks/ Looks like they have changed the url scheme for the the CDN now so it might be harder to see any other photos in the album, but the CDN is still serving the photo even though the facebook.com link doesnt work any more so i guess the retention issue still exists.
Vince > > > > Larry Seltzer > Contributing Editor, PC Magazine > > larry_selt...@ziffdavis.com > > http://blogs.pcmag.com/securitywatch/ > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.