Phacebook Phishing Phorecast….

Phacebook announced on phriday that they’ve released a JavaScript client library that will allow users to deploy phacebook applications on any site.

Before I saw the gushing praise for this, my phirst reaction was: This is going to end badly. I’m watching a horror movie, and they’re all in it. Curt Duncan is upstairs, everyone watching knows it. Those poor kids.

Does anyone at phacebook know what Cross Site Scripting is?

Considering all the attention that privacy issues are getting these days, and in spite of the numerous 2008 predictions for phacebook privacy breaches, and discussions surrounding exactly these kinds of security breaches, I’m stunned phacebook is moving forward with this.

I’m trying to think of another company so completely tone deaf to the issues surround privacy and security. Beacon. Employee transgressions. Now this.

UPDATE: Dare Obasanjo details what I should have been more clear about:

So unlike the original implementation of Beacon, the Facebook developers arenâ??t automatically associating your Facebook account with the 3rd party site then letting them party on your data. Instead, it looks like the user will be prompted to login before the Website can start interacting with their data on Facebook or giving Facebook data about the user.

This is a much better approach than Beacon and remedies the primary complaint from my Facebook Beacon is Unfixable post from last month.

This is an improvement? Proliferate apps that request credentials to another site?

You’ve got to be kidding…


Subscribe to Blog Updates

Quickly connect apps, data, and devices

Start Free Trial
Contact Us Free Trial