

Dark Stalking on Facebook - zkz
http://pjf.id.au/blog/?position=590

======
ryanwaggoner
_I didn't sleep well that night._

 _Finding my friends' old events crossed a moral boundary I honestly didn't
expect to encounter._

 _What makes this all rather chilling..._

Over-dramatic much? None of this is secret, or underhanded, or arguably even a
violation of privacy. If you don't want your friends to see stuff, don't post
it on Facebook. And if you don't want a particular person to see it, including
some guy messing around with the API, don't be friends with that person.

It sounds like this guy is trying to make a mountain out of a molehill for the
sake of attention, to be honest.

~~~
thorax
Well, I actually think the guy probably saw a lot of events he wasn't invited
to, and/or some other things that made him realize that it was a violation of
trust to see those things. I don't think the average hacker would get all
choked-up about the principle of the matter quite so easily unless there was
something meaty uncovered in his own life or circle of friends.

------
kwamenum86
Once you put in in the public sector of the Internet it is always there. If
people always operate under this assumption they will be fine (yes I realize
in certain cases information may not be cached before it is removed.)

You shouldn't enter any information on a social networking site that you don't
want everyone to see, no matter what the privacy settings tell you. Personally
I am wary of sending sensitive information of any kind to a remote machine (of
course I do it anyway _ahem_ Gmail, _ahem_ Amazon, _ahem_ etc.) But to expect
that you will be able to enter information on a social network and only have a
subset of that site's users have access to it is much too high an expectation.
No offense to Facebook but it is a difficult enough task to implement an
efficient technical solution to this problem. But that is before you take into
account the difficulty of explaining complex (or even simple) privacy controls
to your users.

This is a really great demonstration of the privacy illusion but the illusion
should not even exist. We should all lower our expectation of privacy on
Facebook. Again, no offense to Facebook, but they can't meet the unreasonable
standard set by some.

[Addendum]

* Facebook is not a private site. The term "privacy controls" is really misleading and should really be called something else that helps people understand how short they can fall of giving you true privacy.

* It is called a social network but our virtual societies have different rules than the real world. One notable issue is the Whiteboard Problem (yes I gave it a stupid name): The Facebook stream is like a whiteboard that you have given your friends access to but you can write comments on your whiteboard and they can write on yours. So whoever can see their whiteboard, whether they know you, can see what you wrote and learn of your existence.

* Another issue, the rules of information are completely different. Referencing the hypothetical swingers in other comments on this submission if I am a) invited to my "swinger conference", b) I accept the invitation, and c) we take lots of pictures only the diffusion of that information has strict constraints in the physical world. Once it is on Facebook a) non-swingers will likely have access to my swinger invite, b) non-swingers can see my response, maybe even in their stream and c) they may find my photos (last time I checked private Facebook photos are relatively easy to access.)

Once again, treat Facebook like a public whiteboard that represents you. For
the most part only people you know wil see it but keep it blemish free just in
case. So no "swinger conferences" on FB.

~~~
billswift
They'd never use the term, it would be a PR disaster, but maybe "blatency
controls" would be more truthful, as in "How blatent do you want to be?".

------
marram
Why does knowing friends' past events cross a moral boundary?!

~~~
endlessvoid94
Not just past events, but past events you/they have DECLINED.

~~~
codyrobbins
Yeah — events they didn’t go to. So?

------
aneesh
> "I didn't expect it to share info when people had declined those events."

Just to clarify, does this mean events you replied "No" to, or events where
you clicked "Remove from My Events"? If an API call surfaces the the latter,
that would indeed be worrying.

~~~
pfenwick
It includes when you click No, Maybe, Yes, or fail to respond.

If you click "Remove from My Events", it appears that you're removed entirely
from the event_member table.

