Facebook Security Issue Pumps User Events to Public Domain

by copythis

Privacy and your Facebook info might not be as private as you think, while a hole in the API is allowing users' Event Calendar info to be pumped online to the public domain-for the world to see-and despite user Privacy Settings.
 
After unveiling its Facebook Graph API system last week, questions are popping up over Prvacy Concerns-Facebook flunked, when a curious engineer investigated Facebook's new system and user Event Calendars that are appearing in the public domain for many users. Google software engineer Ka-Ping Yee discovered the Facebook issue while toying around with the Graph API search query system. As it turns out, searching for a given person in Facebook's new system will often bring up a full list of Events that a user is either planning to attend or has already attended.
 
That Privacy concern is one issue; more worrisome to Yee was that he, as an engineer, couldn't figure out a way to keep his Facebook Event information from leaking out to the public forum. "I didn't opt in for this," the engineer says. "I even tried setting all my privacy settings for maximum privacy. But Facebook is still exposing the list of events I've attended, and maybe your [other Facebook user] events."
 
Not every Facebook user's social calendar slips through Facebook's cracks--though, ironicallly, founder Mark Zuckerberg's Event calendar does. The list of Events that a user is planning on attending may not be as confidential as, say, contents of a user's Facebook message inbox. Yee makes the critical debate that Events can leak more info than users realize or may think, including Facebook-listed info users have plugged in like "your home address, your friends' home addresses, the names and groups of people you associate with, your hobbies, or your political or religious activities, for example," says Yee.
 
Is there anyway around the Facebook info leak to the public forum? Yee suggests users automatically click the 'Not Attending' box next to every Event invitation they receive. Before killing your online social calendar, Facebook users can also check out zesty.ca/facebook, to search for your Facebook profile and see exactly what information is being made public. Even if none of your vital data pops up there however, it's still unsettling for Privacy concerns, to know that the information does appear as public for some people and Facebook users.