Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
I was going to report a malicious app to Facebook, but...
3 points by rhizome on July 4, 2012 | hide | past | favorite | 3 comments
So, yet again, one of my several Facebook friends did a Bad Click and now there's a Facebook Wall entry from them about winning an iPad for free (or something), with a bit.ly URL.

My first instinct is to comment on the post that nobody should click the URL, so that all of our friends are suitably notified, but in this case I had a mind to report the app itself. Lowering my mouse cursor to the similar-to-innocuous name of the app, I was struck by fear: what if this puts some crap on my wall from the app maker (even if I don't install anything). After all, I have to go to the app's site within Facebook. What if there's something malicious stuffed into the description or something?

Just like we saw with Microsoft all those years ago, this is yet another downside of being a big fish target of hackers: why should I contribute to what is apparently a black hole, helping a lost cause with security, and possibly harming my own resources? People just started expecting Windows to be bug ridden, blogging about how quickly an unpatched Windows box would get 0wn3ed on the open Internet (something less than 30sec, IIRC).

These kinds of problems were also demonstrated by Microsoft to be mostly a PR problem, but after a point it really starts to hurt the brand. I don't know what Facebook's internal metric for basic success, like what sales would be to Microsoft, but I have to think that follow-on effects from bad apps factor into it.



FB apps can't post until you explicitly give it permission to do so. Visiting the app page != granting permissions. Watch out for the popup requesting rights.


What if there's something malicious stuffed into the description or something?

You never know.


I've had a few cases of hesitation when I'd like to report a post item but not the posing user. (User is ignorant or compromised.)

Not caring to keep up on every changing detail of FB's self-management, the dropdown options left me uncertain of the effect(s) my reporting (e.g. as "spam") would have.

IMO, FB could put in some work to make the reporting options clearer in terms of effect. (E.g. reporting a spam "post" will or will not ding the post's owner -- your friend.)

Just a suggestion. Use clear communication and information to make it easy for the user to help you (reporting spam).

Of course, I tend to "overthink" these things. Perhapss/likely, most users just ignore or "report" without thinking about the implications of doing so.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: