Facebook: Would you rather be insecure or illegal?

Sunday, July 20, 2008 15:49 | Filed in Scams & Spams, Technology

If you’re a facebook member, current thinking would suggest that you either need to be at risk of information being exposed which could potentially be used in a social engineering attack against you or you can break the law. It’s your choice.

Why is this?

Well, according to Graham Cluley from Sophos:

…last night I found a flaw on Facebook which allowed me to view other people’s full dates of birth. Their dates of birth were exposed even if they had set them to be invisible or had told Facebook to hide the year.[...]

I’ve told Facebook about the flaw, and it appears for now that they have fixed the problem – but who knows if it will resurface again in the future

Sophos Blog

Graham therefore suggests that as your date of birth is mandatory, even though it theoreticallly doesn’t have to be public, you should simply use a false date of birth. Graham suggests that your friends would know your birthday anyway. This suggests that Graham’s friends are significantly better organised than mine, and more importantly, as Graham points out, this is in breach of Facebook’s terms and conditions:

you agree to (a) provide accurate, current and complete information about you as may be prompted by any registration forms on the Site…Facebook Terms & Conditions

…and at least in the US, breaching the terms and conditions of a site in this manner has been held to be a criminal offence.

…would have had to sign up to MySpace, providing false information to create an account for the fictional Josh Evans. That would have involved giving at least a fake name and date of birth, both banned under the terms and conditions.

Prosecutors said that because her activity was conducted in violation of the terms and conditions of the site, it became unauthorised use of the service.


So on this basis, you need to choose between leaving your correct date of birth in Facebook, and the security risk associated with that, or you risk being kicked off Facebook and getting a criminal conviction. In this case, I don’t think I’ll be following Sophos’s recommendation, although I would argue that I don’t see why Facebook needs to know my date of birth (beyond “am I 18 or over”)…

You can leave a response, or trackback from your own site.

1 Comment to Facebook: Would you rather be insecure or illegal?

  1. jp says:

    July 20th, 2008 at 10:50 pm

    i have noticed other problems with facebook settings. if a friend comments on one of your photos any of their friends can click to see the comment from their ‘News Feed’ and look at the entire album while they’re at it even if your profile is set to only let your friends see your pictures. users beware

Leave a comment