This morning, Facebook users discovered that by using the “Preview My Profile” option, a user’s private chats and requests became visible. In the words of TechCrunch, the original reporter of the story:
Today I was tipped off that there is a major security flaw in the social networking site that, with just a few mouse clicks, enables any user to view the live chats of their ‘friends’. Using what sounds like a simple trick, a user can also access their friends’ latest pending friend-requests and which friends they share in common. That’s a lot of potentially sensitive information.
Facebook reacted quickly, immediately disabling the entire Facebook Chat function and issuing a fix for the problem of visible friend requests. But this is just another in a seemingly endless line of gaffes that have some questioning Facebook’s commitment to privacy. Dan Yoder’s recent “10 Reasons Why You Should Quit Facebook” includes frequently heard arguments (some reasonable, some not) that have become almost a refrain when talking about Facebook. The social network is currently under Congressional investigation, and its decision to “pre-approve” certain partners for access to user data has raised ire–and that’s only in the past few weeks.
Facebook can’t afford major mistakes like this. Their official response, as expected, downplays the importance and severity of the security lapse:
For a limited period of time, a bug permitted some users’ chat messages and pending friend requests to be made visible to their friends by manipulating the ‘preview my profile’ feature of Facebook privacy settings. When we received reports of the problem, our engineers promptly diagnosed it and temporarily disabled the chat function. We also pushed out a fix to take care of the visible friend requests, which is now complete. Chat will be turned back on across the site shortly. We worked quickly to resolve this matter, ensuring that once the bug was reported to us, a solution was quickly found and implemented.
Mostly, users don’t want to think about security, and will ignore potential problems that remain under the surface. But if Facebook keeps insisting on screwing up, loudly, in public, they’re going to start to lose users.