The heart of tech is coming to the heart of the Mediterranean. Join TNW in València this March 🇪🇸

This article was published on June 10, 2011

Facebook’s new “Happening Now” feature contains obvious permissions bug

Facebook’s new “Happening Now” feature contains obvious permissions bug

Earlier today we brought you the news that Facebook was testing a brand new, real-time element for users’ home screens called “Happening Now.”

As its name implies, it allows updates on the actions of users to be shown to their friends as they occur. From our earlier coverage:

Facebook has begun testing a new real-time feature on a small number of user’s home feeds, displaying at-a-glance a list of what their friends are sharing, who they are adding as friends and displaying checkin notifications.

The “Happening Now” sidebar currently sits on the right side of a user’s feed, displaying real-time updates below the dedicated spots for advertising, giving users the chance to see how their connections are interacting with one another without having to navigate away from their main feed.

As it happens, Facebook does not appear to have spent much time dogfooding the new test feature, as it suffers from an extremely obvious permissions bug. ZDNet were first to figure it out:

Three users, @dezinezync@benjacob and @hackatac who discovered the bug, explained to me on Twitter the implications:

“Say a user’s photos are viewable to friends only, and this user is not in my friends list. If a friend of mine comments on the photo of that user, I can see it from the ‘Happening Now’ feed.”

Fortunately for Facebook, the test of Happening Now appears to have involved a very small user group, so it is doubtful that much damage has been done.

This bug, however, does outline just how lax Facebook still seems to be in regards to its users’ privacy.