If Facebook’s Portal didn’t creep you out before, now it might. Developer and digital explorer Jane Manchun Wong has discovered an unnerving “feature” in the social media giant’s smart display. Wong has successfully added another user’s photo album to her own Portal’s Superframe. The Superframe is essentially a screensaver that displays photos from a selected album the user chooses.
The problem is Facebook states that a person can only add photo albums to Portal’s screensaver that are part of their Facebook account. However, Wong was able to add another user’s profile picture album to her Superframe. The other user? None other than Mark Zuckerberg.
I added Mark Zuckerberg’s Profile Picture album to my Facebook Portal’s Superframe when users are supposed to only able to add the albums that they own
I reported this to Facebook and they don't think this is a security vulnerability pic.twitter.com/6IsUpj8Nra
— Jane Manchun Wong (@wongmjane) October 30, 2019
What’s more unnerving is that Wong reported this to Facebook, but she says the company doesn’t “think this is a security vulnerability.”
Furthermore, Wong points out that since Facebook “expect[s] user[s] to add albums that they don’t own to the Superframe, there is no way to remove it.” That means she’s stuck with Zuckerberg’s photo album as her screensaver on her Portal device.
Sometimes I wonder if Mark is staring back at me through the screen, like "Jane… you invited me here, and I will watch you everyday"
Maybe stockholm syndrome? idk pic.twitter.com/mJ25AZPSBg
— Jane Manchun Wong (@wongmjane) October 30, 2019
Wong has a long track record of discovering unreleased features in products, including in Instagram and Facebook. We’ve reached out to Facebook for comment to see if this is a bug or if indeed they have no problem with Portal users adding other people’s photos to their Superframe.
Update: A Facebook spokesperson reached out with the following statement:
The researcher identified an issue where someone could display publicly available photos from Facebook on their Portal device. While this issue doesn’t present any security or privacy risks, because it was limited to public photos, we have applied a fix to remove this ability and thank the researcher for raising it to us.