Hacker News new | past | comments | ask | show | jobs | submit login

No. This shows that Facebook has no robust security model at all. Either they do not have any mandatory access control for private data, or someone approved of circumventing such access control measures for this feature. Both is in my opinion inacceptable for a company holding so much potentially sensitive data.

One example of a hole does not make a bucket into a sieve.

For a company of FBs size and personal data contents, I agree, they have a rather scary track record. But saying <symptom of X> implies <X> is fallacious, especially when it's also a symptom of <AAA> through <ZZZ>.

but it does make a tire flat. :)

Agree. A sieve is generally more useful than a bucket with a hole.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact