An AFP story over the weekend states that both Germany's Consumer Affairs Minister Ilse Aigner and Justice Minister Sabine Leutheusser-Schnarrenberger were highly critical of Facebook after it emerged in the German newspaper Frankfurter Allgemeine that a sign-in flaw could allow non-Facebook users to access the contact list of Facebook users.
When a new user signs up for Facebook, he or she must enter their email address. However, the Frankfurter Allgemeine reported that if that person instead enters an existing Facebook user's email address, it is then possible to see that user's contact list. Given that there are some 500 million Facebook users (or about 25% of all Internet users), it wouldn't take too much effort to exploit the flaw.
Minister Aigner is quoted in the Frankfurter Allgemeine as describing the flaw as one in a "series of dubious practices" that shows "Facebook's lack of respect for the privacy of Internet users," while Minister Leutheusser-Schnarrenberger is quoted in the newspaper as saying the flaw showed Facebook "lacked consideration in the management of personal data."
In April, Minister Leutheusser-Schnarrenberger called on Facebook to upgrade its privacy settings, saying at the time that the company did not respect the privacy wishes of its users. This latest Facebook glitch has no doubt made her unhappy, as will a story that has appeared in today's Wall Street Journal.
The Journal reports that "Many of the most popular applications, or "apps," on the social networking site Facebook Inc. have been transmitting identifying information - in effect, providing access to people's names and, in some cases, their friends' names - to dozens of advertising and Internet tracking companies."
The problem even affects those with Facebook's strictest security settings, the WSJ says.
Facebook, when informed of the problem, told the WSJ that it would now be taking steps to limit the exposure of such information.
I also wonder if advertisers and Internet tracking companies have been secretly exploiting the flaw that the Frankfurter Allgemeine reported.
Contributing Editor Robert N. Charette is an acknowledged international authority on information technology and systems risk management. A self-described “risk ecologist,” he is interested in the intersections of business, political, technological, and societal risks. Along with being editor for IEEE Spectrum’s Risk Factor blog, Charette is an award-winning author of multiple books and numerous articles on the subjects of risk management, project and program management, innovation, and entrepreneurship. A Life Senior Member of the IEEE, Charette was a recipient of the IEEE Computer Society’s Golden Core Award in 2008.