The Next Web

Is Facebook leaking notes?

By Zee
September 12, 2009
Tweet This
Tip Techmeme
Submit to Hackernews

Share


Comments

Is Facebook leaking notes?A member of link sharing and discussion site Reddit.com has spotted a way to potentially access private notes on Facebook via a basic Google search query.

Searching for “site:http://69.63.186.30/notes.php” on Google reveals thousands of peoples profile notes on Facebook. Clicking on each will reveal the individuals notes page as you would see if you were friends the individual on the site and visiting that particular section of their profile.

Your immediate reaction, as was mine, is that the individual had probably made their profile public, but after checking about a dozen different profiles, that is definitely not the case. You then might consider that the individual has chosen to just reveal their notes to the public, something that is possible, but again these were not accessible via any of the profiles found on Google – even when logged into the site.

Notes on Facebook generally don’t contain the most private of thoughts, nor is it an area where most people tend to keep private information. However, it does once again bring to our attention online security and privacy, something that Facebook has always prided itself on. If they can’t get notes secure, what other loopholes are out there? Their latest move towards a Twitter like service has made the site increasingly public, whereas once upon a time it once positioned itself as an extremely private community of friends – the ultimate address book of sorts.

Sadly, it’s not the first security issue to hit the hugely popular social networking site.
In May, a security loophole was found that could have allowed identity thieves and spammers to gather users’ personal email addresses. In March, a critical security flaw has been discovered that made it possible for users to look through other people’ personal photo albums, even with privacy settings set accordingly.

That said, I repeat, it is still unclear whether this is a server issue, a profile privacy issue or a note application issue. We will definitely keep digging, and have contacted Facebook for comment. This post will be updated when we have further information.

**Update**

Facebook has responded saying that all of the individuals notes found via Google have chosen to make their notes public. Something that we considered immediately when when shown the search results. That said, none of these notes are accessible via the individual’s profiles on Facebook.com. It may very well be that the only way to access “public notes” is via search engines rather than any links on someone’s public profile page. We’ve again asked Facebook whether that is the case and will report back with more information once we have it.

Picture 6


  • Wow. This could become a very big deal unless Facebook manages to fix it before it becomes a major story.
  • With the iPhone app you can look through other non friend albums if a friend of your is tagged in it. You can continue to view the entire set of photos.
  • I don't know if anyone else thought to do what I did. I just Googled the URL, but also added my name to the search field. I did this with my real first and last name as well as with my username. I have my privacy settings set to only allow my friends to view 98% of my Facebook content. In the searches I did, none of my Notes were in the results. This leads me to believe that Facebook is correct in saying that the only users whose Notes will show up via that search, are users who have their Notes set as public.
  • Sandra
    Notes are appearing in google search. All of my privacy settings are set to either "No One" or "Only Friends" yet, my notes are being posted on teh entire internect.
    I deleted the note from facebook and it still appears.
    This is a big problem.
blog comments powered by Disqus
 


TwitterCounter