Facebook Privacy Flaw Exposes Your Friends' App Activity

Want to know every application your friends are using? Thanks to a slight privacy oversight in the new Facebook dashboard, you can view the latest applications that your friends have been using whether or not they want you to. While Facebook will probably resolve this issue before launch, the beta games and applications dashboards are visible to everybody.

As one developer told us, “I may not want my boss to know that I’m playing games during work hours. Or I may not want my friends knowing that I ran the ‘How Perverted are You?’ application.” While I’m not sure that there is really a “How Perverted Are You?” application, he effectively got the point across: you don’t want your friends to know all of your activities. In theory this also means that all of your Facebook Connect activity is visible as well.

When I went to the applications dashboard, I was also able to view an application that one of my friends was currently developing (and had not yet made public). Unknown to that individual, I’m now aware of the latest project they are working on. This new privacy bug has strange similarities to the Beacon fiasco. When users visited websites, notifications of their actions were posted to their profile, sometimes without them being aware.

This Is Not A Minor Bug

In this instance the user is completely unaware that the information is being posted about them. This slight flaw could ultimately damage the future of the application dashboard and delay the deprecation of notifications as well as other items in the current developer roadmap. Will users be prompted to post about their latest activity? Will there be a new opt-out system? The fact that beacon was opt-out was the reason that users were so angry in the first place.

While applications could previously send anonymous notifications (messages that weren’t associated with a friend), the new dashboards are integrated with your personal social graph. None of my friends want to share some of this information though. For example the three friends in the image below, didn’t want me to know that they were using the dating application, “Are You Interested?”

The point is this: this loophole in the new application and games dashboards will require Facebook to head back to the drawing board. While many were expecting the new dashboards to be part of the solution to notifications being deprecated, it’s clear that this could rapidly spawn into a privacy disaster. Facebook should shut off the dashboard for the time being while they work out a solution.

Recommended articles