Facebook has been getting a lot of flack recently. As I wrote last week, Facebook's expansion of Facebook Connect, "instant personalization," opens up a host of privacy issues for users.

And now there's another reason to distrust Facebook. Today it became clear that a privacy hole on the site has made people's event history public. For instance, if you want to go see what events Facebook founder Mark Zuckerberg has been attending, you can do so here.

That's embarassing. And not just because Zuckerberg refuses to use the default privacy settigns on his own site. Quite simply, the company isn't prepared to handle sensitive personal information online.

Google software engineer Ka-Ping Yee made the discovery, and wrote on his blog:

"It seemed that anyone could get this list. Today, I spent a while checking to make sure I wasn't crazy. I didn't opt in for this. I even tried setting all my privacy settings for maximum privacy. But Facebook is still exposing the list of events I've attended, and maybe your event."

This security breach is further evidence that Facebook may not be able to handle its quest to dominate the online personal space. The company is working with more and more companies to ingrain itself in the way that people share personal connections online.

But many users are unsure about how Facebook is doing this. And they're right to be worried. 

Last week helped prove that Facebook doesn't seem to care about people's preferences in regards to their personal information. The "opt-in" default setting for "instant personalization" is one thing. But making it difficult to actually opt-out of the service is insulting. Currently, unless you manually change your personalization settings with participating companies, Facebook friends can still share your info with them. As Facebook Connect and instant personalization grow, it will be increasingly difficult for users to keep up with where their information is going.

Facebook thinks of sharing that information as a good thing. When you try to opt-out of personalization, the site tries to stop you with the following message:

But the fact that the company is now sharing event information — a breech that was not intended — does not inspire confidence in their keeping track of a growing stream of important personal information online.

Writes Yee:

"Before last Wednesday, to find out which events you attended, I'd have to visit every single event page on Facebook and look for your name among the people attending. Now, I can just ask the API what you've been doing, and it will tell me. This kind of event list is not even accessible to your friends on the Facebook website; I haven't found any page at http://facebook.com/ that lets me list a friend's events. The API provides this list to anyone, so this is newly exposed information."

Considering the fact that Zuckerberg says that privacy is no longer a social norm but continues to sheild his own information from the public on his site, this discovery is especially interesting.

Image: Facebook

Meghan Keane

Published 26 April, 2010 by Meghan Keane

Based in New York, Meghan Keane is US Editor of Econsultancy. You can follow her on Twitter: @keanesian.

721 more posts from this author

You might be interested in

Comments (1)



That hole has been pluged by the looks of it.. Or he removed all his events. lol

about 8 years ago

Save or Cancel

Enjoying this article?

Get more just like this, delivered to your inbox.

Keep up to date with the latest analysis, inspiration and learning from the Econsultancy blog with our free Digital Pulse newsletter. You will receive a hand-picked digest of the latest and greatest articles, as well as snippets of new market data, best practice guides and trends research.