Facebook fixes "Midnight Delivery" privacy flaw

Jan 01, 2013
Facebook sidestepped a privacy gaffe on Monday by fixing a flaw that made it possible to snoop on private New Year's Eve messages sent using a "Midnight Delivery" service.

Facebook sidestepped a privacy gaffe on Monday by fixing a flaw that made it possible to snoop on private New Year's Eve messages sent using a "Midnight Delivery" service.

Facebook took "Midnight Delivery" offline temporarily to patch a vulnerability pointed out by Britain-based blogger Jack Jenkins.

The new feature, which lets people prepare digital messages in advance and have them automatically delivered to the moment the year 2013 arrives, was back in action Monday.

"I have just checked, the bug/oversight has now been fixed," Jenkins said in an update to his blog time-stamped 1435 GMT.

"I don't know how a site like Facebook can continue to take these kinds of risks."

Jenkins outlined in his blog a way to get into Midnight Delivery messages by tinkering with characters in URLs, essentially manipulating electronic address data.

The privacy slip came less than a week after the older sister of Facebook co-founder tripped on the social network's , landing in the midst of a debate about "online etiquette."

Randi Zuckerberg, who launched a themed online after quitting her job handling Facebook public relations, kicked off the controversy after a family photo intended for friends went public.

The picture showed Mark Zuckerberg in a kitchen with family members dramatizing reactions to messages sent with a freshly launched "Poke" feature at the California-based online social network.

Poke lets people send messages that self-destruct in what is seen by many as a spin on popular smartphone application Snapchat.

Randi Zuckerberg posted a copy of the family photo to Facebook for the eyes of only, but evidently it was also shared with friends of those tagged in the picture due to privacy settings at the social network.

That meant the fun photo popped up in the news feed of someone outside Randi Zuckerberg's circle, who then shared it on popular Twitter.

From there, the photo went viral—much to Randi Zuckerberg's chagrin.

"Digital etiquette: always ask permission before posting a friend's photo publicly," Mark Zuckerberg's elder sister said in a Christmas tweet. "It's not just about privacy settings, it's about human decency."

The comment sparked heated debate at Twitter and other online forums, where a vocal contingent saw poetic justice in the Zuckerbergs being exposed by the way the social network handles the privacy of users.

Explore further: Facebook dressed down over 'real names' policy

add to favorites email to friend print save as pdf

Related Stories

Private picture of Mark Zuckerberg's family leaked

Dec 27, 2012

Even Mark Zuckerberg's family can get tripped up by Facebook's privacy settings. A picture that Zuckerberg's sister posted on her personal Facebook profile was seen by a marketing director, who then posted ...

Facebook fixes photo privacy bug

Dec 07, 2011

Facebook has fixed a bug that allowed the viewing of some private photographs of other members and which was reportedly used to access personal pictures of founder Mark Zuckerberg.

Facebook tops 350 million users, tightens privacy

Dec 02, 2009

Facebook is enhancing privacy controls and eliminating its regional framework for online communities as the Internet's most popular social networking service tops 350 million users.

Facebook settles with FTC over deception charges

Nov 29, 2011

Facebook is settling with the Federal Trade Commission over charges it deceived consumers with its privacy settings to get people to share more personal information than they originally agreed to.

Recommended for you

Facebook dressed down over 'real names' policy

6 hours ago

Facebook says it temporarily restored hundreds of deleted profiles of self-described drag queens and others, but declined to change a policy requiring account holders to use their real names rather than drag names such as ...

Yelp to pay US fine for child privacy violation

13 hours ago

Online ratings operator Yelp agreed to pay $450,000 to settle US charges that it illegally collected data on children, in violation of privacy laws, officials said Wednesday.

A Closer Look: Your (online) life after death

Sep 16, 2014

Sure, you have a lot to do today—laundry, bills, dinner—but it's never too early to start planning for your digital afterlife, the fate of your numerous online accounts once you shed this mortal coil.

Web filter lifts block on gay sites

Sep 16, 2014

A popular online safe-search filter is ending its practice of blocking links to mainstream gay and lesbian advocacy groups for users hoping to avoid obscene sites.

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

Telekinetic
2 / 5 (4) Jan 01, 2013
Facebook "privacy"- an oxymoron if ever there was one.