Facebook has been getting a lot of flack recently. As I wrote last week, Facebook’s expansion of Facebook Connect, “instant personalization,” opens up a host of privacy issues for users.

And now there’s another reason to distrust Facebook. Today it became clear that a privacy hole on the site has made people’s event history public. For instance, if you want to go see what events Facebook founder Mark Zuckerberg has been attending, you can do so here.

That’s embarassing. And not just because Zuckerberg refuses to use the default privacy settigns on his own site. Quite simply, the company isn’t prepared to handle sensitive personal information online.

Google software engineer Ka-Ping Yee made the discovery, and wrote on his blog:

“It seemed that anyone could get this list. Today, I spent a while checking to make sure I wasn’t crazy. I didn’t opt in for this. I even tried setting all my privacy settings
for maximum privacy. But Facebook is still exposing the list of events
I’ve attended, and maybe your event.”

This security breach is further evidence that Facebook may not be able to handle its quest to dominate the online personal space. The company is working with more and more companies to ingrain itself in the way that people share personal connections online.

But many users are unsure about how Facebook is doing this. And they’re right to be worried. 

Last week helped prove that Facebook doesn’t seem to care about people’s preferences in regards to their personal information. The “opt-in”
default setting for “instant personalization” is one thing. But making it difficult to actually opt-out of the service is insulting. Currently, unless you manually change your personalization settings with participating companies,
Facebook friends can still share your info with them. As Facebook Connect and instant personalization grow, it will be increasingly difficult for users to keep up with where their information is going.

Facebook thinks of sharing that information as a good thing. When you try to opt-out of personalization, the site tries to stop you with the following message:

But the fact that the company is now sharing event information — a breech that was not intended — does not inspire confidence in their keeping track of a growing stream of important personal information online.

Writes Yee:

“Before last Wednesday, to find out which events you attended, I’d have
to visit every single event page on Facebook and look for your name
among the people attending. Now, I can just ask the API what you’ve
been doing, and it will tell me. This kind of event list is not even
accessible to your friends on the Facebook website; I haven’t found any
page at http://facebook.com/ that lets me list a friend’s events. The
API provides this list to anyone, so this is newly exposed information.”

Considering the fact that Zuckerberg says that privacy is no longer a social norm but continues to sheild his own information from the public on his site, this discovery is especially interesting.

Image: Facebook