So I noticed an acquaintance of mine added some pictures to her Facebook profile. I could see the images in the new feed and could click on them and see the larger version. I could even scroll through the entire album!
However when I clicked "View Photos of [my friend]" from her profile page, I see that she has restricted the album and I am not able to see any of the photos.
How am I allowed to see the entire album via the newsfeed? What kind of privacy is this?
Just like Picasa Web Albums, the security token needed to access a Facebook album is encoded in the URL. Once you have the URL (via the newsfeed, or because someone forwarded it to you), you can access the album forever.
ReplyDeleteAt least Picasa Web Albums lets you revoke the token later if you realize it's been leaked.
But Facebook encourages the token being leaked by virtue of the newsfeed. Seems like the feed should be re-written to remove the URL.
ReplyDelete