Comments | zestyping: The new Facebook API exposes the events that some users attend to anyone on the Internet.

zestyping

The new Facebook API exposes the events that some users attend to anyone on the Internet.

Apr 26, 2010 03:24

To protect your privacy, mark your events "Not Attending".
Update (06:00 PDT): So far, some people have reported that their events are exposed, and some have reported that they aren't. I don't have an explanation. I've sent a note to Facebook asking them not to expose events this way.

Update (13:00 PDT): theharmonyguy commented that event lists were already ( Read more... )

Comments 81

beethatbumbles April 26 2010, 15:13:37 UTC

Thanks for doing this, Ping. Please keep us updated on anything new you find regarding this.

I'm feeling seriously put-out by this. I had a guy who was a borderline stalker try to contact me multiples times on facebook (and of course, I never added him) and now that he can see all of this, I am considering deleting my facebook profile altogether.

paisleychick April 26 2010, 17:54:36 UTC

Thanks for digging into this Ping. I agree with fanlain that this could be a serious personal safety problem. Not only for abusers/stalkers/etc, but also people can figure out when you're not going to be home and if you have any events where your own address is listed, then potential thieves could know when you wouldn't be home and where you live and where/when to strike. Wasn't there someone who recently scrapped twitter feeds and created a site listing mentions of people who weren't at home?

Did the guardian talk to you before they wrote up their piece? It looks like they just quoted your blog.

phyxius April 27 2010, 01:25:39 UTC

Please Rob Me grabbed location-based tweets and Foursquare updates, though it looks like they don't anymore. Here's CNet's article about them.

anonymous April 26 2010, 19:29:02 UTC

My profile is completely friends-only, yet my profile picture shows up along with my events and other info. Unbelievable.

likes, events, and notes anonymous April 26 2010, 21:40:11 UTC

I believe my profile is set to maximum privacy settings. I checked every content item w/in your tool and found that 3 things are showing publicly, despite my settings:

likes, events, and notes

I don't want any of that to show up publicly, but FB's privacy settings aren't granular enough to give me control over this content.

anonymous April 26 2010, 21:55:51 UTC

I can't speculate on why, but not much is loading.

Is it possible that zesty.ca has made too many requests and is being blocked?

anonymous April 26 2010, 22:54:30 UTC

direct hits seem to be working better than going through zesty.ca

Mark Zuck..

if you want to see your own, take that URL and replace "zuck" with your FB userid.

anonymous April 27 2010, 01:07:26 UTC

the access token appears to be linked to a currently valid FB login/authentication.

If you're logged in, and you access http://developers.facebook.com/docs/api then it will give you the example graph api links with your access token. I get different results depending on whether I use the access token or not. Interestingly, the access token appears to work in two different browsers on the same computer (ie & netscape) so the difference in behaviour isn't directly cookie related.

Holy Tomolly anonymous April 26 2010, 22:22:29 UTC

This is a HUGE security problem. Look at this guys events, it gives away everything including an address. Facebook should really look at this!

http://zesty.ca/facebook/#/5/events