Facebook data bug leaves photos up for grabs
2018 has been a year marked by some pretty big and significant privacy stories in technology. In one sense, this has been a healthy matter, because it’s made a lot more people aware of what it is they’re sharing online, where their data is tracked and what it’s used for.
There’s plenty of data about all of us that we’d probably rather keep secret, but we’re often not all that aware of how private that data might actually be. If you’re right now thinking “but I’ve got nothing to hide”, think again. Would you tell strangers your credit card number or password details? That’s “private” information too.
Facebook has had a pretty bad year in privacy terms, with the whole Cambridge Analytica scandal showing how the firm has sold and traded data over the years, and it’s ending up the year with another privacy problem, although this one appears to have been more of a bug than a business decision.
An error with the Facebook Photos API — in simplest possible terms, it’s the software that allows third party applications and indeed Facebook itself to upload and share your photos across its social media service — may have left up to a whopping 6.8 million users with photos that were less-than-private, including photos that they may have never fully uploaded and posted to Facebook itself.
On the plus side, Facebook has been quite upfront about the issue, with a Facebook internal developer flagging the issue with its development community.
In the normal course of events, apps that you allow to see your Facebook photos can only see pictures you post on the Facebook timeline. The bug meant that other photos, such as those shared on Facebook Stories or Marketplace may have been accessible, even if you never granted those permissions. Even photos you may have started to upload but then cancelled posting could have been snaffled, because Facebook keeps copies of those in case you change your mind.
In order to be affected by the bug, you would have had to have authorised a third party application to access your photos in the first place, and Facebook does say it’s going to work to notify users who may have had one of the 2,500 applications potentially affected in the coming weeks. If you do get an alert from Facebook that you’re an affected user, it would be smart to check which apps you’ve currently got running with access to your data. That cute game that you maybe played once five years ago could still be sitting there, quietly (and possibly not so nicely) harvesting your data.
It’s yet another circumstance where there’s not that much that you, as an individual user can do, given you don’t write Facebook’s code, and this does seem to have been a genuine software bug, not a deliberate hack or data selling scandal.
It does highlight, however, that Facebook as a service, while super-useful for staying in touch with friends and relatives, has become a repository of our data beyond just names and dates of birth.
Lots of people use Facebook Photos to note important moments in their lives, whether that’s the birth of a child or a stunning vista on a well-earned holiday break.
But that data has value to us, and it’s worth remembering that when you upload it, you do lose some control over what happens to it after that. If you rarely post pictures to Facebook this may not be a big concern for you, but if you do post photos all the time, it’s something worth considering, and maybe changing your approach depending on how much you value your privacy — and of course, the nature of the photos you’re posting up!