Facebook is starting to show more kinks in their armor. There have always been security issues with Facebook beyond the sex predators. That security is a user chosen action “Blocking a Person”, and is what I wish to discuss.
What happens when you block someone on Facebook? In theory this means that you will no longer see that person on Facebook in any shape form or fashion. You won’t know if that person wrote on the wall of a mutual friend, is even the friend of someone, you won’t even find that person on a search of Facebook. This has almost always been true, however there are flaws in the system as there are in every security system. I personally have several people blocked on Facebook due to personal reasons that don’t matter to this conversation. I have been able to both find these people and access their profiles even though I shouldn’t be able to. I won’t go into how to able to do this, for two reasons, A – it’s extremely tedious and technical, and B – Facebook changes the system often enough that it has to be done a different way every time. However that isn’t the point of this, instead I want to focus on something else and much more direct and easier access – external applications.
External applications have become the new talk of Facebook and are opening up a whole new flood gate of problems. Facebook has all kinds of different applications that allow you to add value onto the current ecosystem however you desire. One app, which I personally do not have installed, is called Top Friends. Much like MySpace’s Top Friends, you pick your “Top Friends” and display them on your profile page. I was informed that I was placed into the Top Friends chart of a friend, being interested I clicked and took a look at the page and saw who else was listed that I knew. Curiously one person a name wasn’t displayed and neither was a profile photo. I was wondering who it was so I clicked on the profile photo but it took me back to said friend’s profile page. Ok, well Top Friends also allows you do a couple other things through Facebook and companion apps – Super Poke, Message, and Write on Fun Wall. So I tried message as I do not have Super Poke or Fun Wall installed. Guess what I was taken to, a page where I could message a person who was supposed to be blocked to me on Facebook. I didn’t test this to see if I actually could message them as it would defeat the whole purpose of the actually being blocked, but since I was at this stage I see no reason why I wouldn’t be able to communicate with this person.
This in my opinion is a simple and easy security flaw that any average person would be able to exploit. And this merely demonstrates probably a whole host of security concerns that the external applications are adding to Facebook. My desire isn’t to see Facebook disappear or to encourage people to harass people who they have blocked or are blocked by, but rather to draw attention to a hole in Facebook’s armor.
Powered by ScribeFire.