Comments | zestyping: The new Facebook API exposes the events that some users attend to anyone on the Internet.

zestyping

The new Facebook API exposes the events that some users attend to anyone on the Internet.

Apr 26, 2010 03:24

To protect your privacy, mark your events "Not Attending".
Update (06:00 PDT): So far, some people have reported that their events are exposed, and some have reported that they aren't. I don't have an explanation. I've sent a note to Facebook asking them not to expose events this way.

Update (13:00 PDT): theharmonyguy commented that event lists were already ( Read more... )

Comments 81

flipzagging April 26 2010, 22:53:45 UTC

A trip down memory lane here: I filed a similar bug back in *2007*.

Our app republished your FB events. Contrary to documentation, FB would not
filter out "secret" events even if asked to. Since we couldn't tell your public events from your non-public events, we had to disable that part of the app.

We filed bugs, but the resolution was that this was a documentation bug. (!!!) I can't find it, but it was a really low numbered bug at the time, like less than 500.

Here's a public announcement I made at the time.

http://www.facebook.com/topic.php?uid=2358064182&topic=3330

They've iterated many times on the basic technology since then, and it seems that there are at least some ways to fix the problem now (there were none back then). But, it seems to me to be part of FB's general failure to think through privacy implications (or, more disturbingly, to think through, and then to shrug off.)

I can not reproduce this bug anonymous April 27 2010, 06:22:15 UTC

I can not reproduce this bug. I have all sorts of events and don't see any of them through the API. Can events be treated/configured differently? I have never created an event myself..

/Christian

Re: I can not reproduce this bug hanspersson April 27 2010, 06:28:31 UTC

Interesting hack. I wish Facebook itself would provide me this kind of access to my data, preferrably using RSS feeds.

flymistress April 27 2010, 10:51:19 UTC

I'm not seeing your events anymore or the test person's. Do you think they fixed it? Maybe the head of facebook didn't like his stuff exposed. I am still seeing yours and my likes.

zestyping April 27 2010, 16:50:58 UTC

Yes, it looks like they changed it some time yesterday evening. (I made an update at the top of the post but I guess it's hard to see among the other updates).

anonymous April 27 2010, 14:23:57 UTC

Can't view my events or yours (Only thing public for mine is likes, and i'm SURE those likes are cause of the new "Profile Connections" feature, and not only have I opted out of the "Instant Personalization" thing, I blocked ALL 3 applications from grabbing info about me.)

I miss the 2006 version of Facebook, where the only annoying nags were pokes.

What about random photo albums of the users with old settings? anonymous April 27 2010, 17:18:44 UTC

What about random photo albums of those users that had kept the old FB settings?

... and pasting this line into the address bar of a selected profile with an old FB settings:

javascript:(function(){CSS.removeClass(document.body,%20'profile_two_columns');tab_controller.changePage("photos");})()

Re: What about random photo albums of the users with old settings? theharmonyguy May 1 2010, 05:36:17 UTC

That trick was controlled by two factors: 1) the privacy setting for the Photos application being set to "Everyone," and 2) the privacy setting for individual albums being set to "Everyone." Since both of those settings were defaults, it pulled up photos for many users.

But the code has been making the rounds, and lately seems to have been really spreading. Tonight it appears that Facebook has blocked the trick.

By the way, the first version of the trick was also posted back in December.

Re: What about random photo albums of the users with old settings? prada_bags June 27 2010, 13:13:15 UTC

so good...