Comments on: Your Facebook Profile is Already Public http://theharmonyguy.com/2009/08/13/your-facebook-profile-is-already-public/ Investigating privacy and security issues in online social networking Thu, 09 Feb 2012 10:47:20 +0000 hourly 1 http://wordpress.org/?v= By: Social Media Security » With Facebook Privacy, Everyone Means Everyone http://theharmonyguy.com/2009/08/13/your-facebook-profile-is-already-public/comment-page-1/#comment-8257 Social Media Security » With Facebook Privacy, Everyone Means Everyone Wed, 06 Jan 2010 15:55:46 +0000 http://theharmonyguy.com/?p=296#comment-8257 [...] don’t want the entire Internet to see, since despite Facebook’s many privacy settings, much of your content has long been accessible via Facebook applications – and security issues with applications are [...] [...] don’t want the entire Internet to see, since despite Facebook’s many privacy settings, much of your content has long been accessible via Facebook applications – and security issues with applications are [...]

]]> By: With Facebook Privacy, Everyone Means Everyone | Social Hacking http://theharmonyguy.com/2009/08/13/your-facebook-profile-is-already-public/comment-page-1/#comment-7510 With Facebook Privacy, Everyone Means Everyone | Social Hacking Fri, 11 Dec 2009 18:15:09 +0000 http://theharmonyguy.com/?p=296#comment-7510 [...] don’t want the entire Internet to see, since despite Facebook’s many privacy settings, much of your content has long been accessible via Facebook applications – and security issues with applications are [...] [...] don’t want the entire Internet to see, since despite Facebook’s many privacy settings, much of your content has long been accessible via Facebook applications – and security issues with applications are [...]

]]> By: Facebook Hacked | Social Hacking http://theharmonyguy.com/2009/08/13/your-facebook-profile-is-already-public/comment-page-1/#comment-5654 Facebook Hacked | Social Hacking Thu, 27 Aug 2009 21:35:36 +0000 http://theharmonyguy.com/?p=296#comment-5654 [...] the last few months, I have uncovered such holes in seven applications, three of which currently have monthly active users numbering in the tens of [...] [...] the last few months, I have uncovered such holes in seven applications, three of which currently have monthly active users numbering in the tens of [...]

]]> By: meh http://theharmonyguy.com/2009/08/13/your-facebook-profile-is-already-public/comment-page-1/#comment-5525 meh Fri, 14 Aug 2009 16:32:18 +0000 http://theharmonyguy.com/?p=296#comment-5525 Code or it never happened :) Code or it never happened :)

]]> By: theharmonyguy http://theharmonyguy.com/2009/08/13/your-facebook-profile-is-already-public/comment-page-1/#comment-5515 theharmonyguy Fri, 14 Aug 2009 05:20:21 +0000 http://theharmonyguy.com/?p=296#comment-5515 @chris: An application has the same amound of access if either (a) you have also installed the application, or (b) you have not specifically limited the amount of access by uninstalled applications in your Facebook privacy settings. Based on the scientific guess that most users have never changed the default privacy settings in this regard, I said that the same amount of access was likely. But since one could limit access for apps they've not also installed, I could not say it was true 100% of the time. @chris: An application has the same amound of access if either (a) you have also installed the application, or (b) you have not specifically limited the amount of access by uninstalled applications in your Facebook privacy settings. Based on the scientific guess that most users have never changed the default privacy settings in this regard, I said that the same amount of access was likely. But since one could limit access for apps they’ve not also installed, I could not say it was true 100% of the time.

]]> By: chris http://theharmonyguy.com/2009/08/13/your-facebook-profile-is-already-public/comment-page-1/#comment-5512 chris Fri, 14 Aug 2009 04:07:21 +0000 http://theharmonyguy.com/?p=296#comment-5512 "Second, if a friend authorizes an application, that application likely has the same amount of access to your profile via your friends’ sessions." This is your speculation. On what factual basis does your claim rest? Are you speculating that authorized apps can do this using the official API the way it was intended to be used, or are you speculating that authorized apps can do this by abusing the API and running XSS or other exploits? “Second, if a friend authorizes an application, that application likely has the same amount of access to your profile via your friends’ sessions.”

This is your speculation. On what factual basis does your claim rest? Are you speculating that authorized apps can do this using the official API the way it was intended to be used, or are you speculating that authorized apps can do this by abusing the API and running XSS or other exploits?

]]> By: Twitted by theharmonyguy http://theharmonyguy.com/2009/08/13/your-facebook-profile-is-already-public/comment-page-1/#comment-5508 Twitted by theharmonyguy Fri, 14 Aug 2009 02:37:43 +0000 http://theharmonyguy.com/?p=296#comment-5508 [...] This post was Twitted by theharmonyguy [...] [...] This post was Twitted by theharmonyguy [...]

]]>