Facebook has a link problem. Earlier this week, a security researcher named Inti De Ceukelaire detailed a curious fact about how Facebook Messenger treats privately shared links. Through the right API call, De Ceukelaire was able to summon links shared by specific users in private messages. The links were collected by the Facebook crawler, where De Ceukelaire discovered they were easily accessible to anyone running a Facebook app. Those links could be anything from a popular news story to directions to an abortion clinic. As long as they’re shared in private messages, they’re logged in Facebook’s database, and accessible to API calls.

It would be hard to exploit that bug at scale for a few different reasons. De Ceukelaire was only able to make the API call because he's registered as a Facebook developer, and if he started pulling those links en masse, Facebook would quickly catch on and pull his credentials. Still, the bug points to a number of lingering problems with the conflicting way web services treat URLs, and how those conflicts can put private information into public view.

View the full article

The more issues I hear with Facebook the more I despise it. If you link someone to a picture on imgur, you have to wait to send your message until Facebook gets the thumbnail there. It's annoying.