[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] Access anyone's Facebook "profile picture" in full resolution regardless of the ACL restriction

To: fulldisclosure@xxxxxxxxxxxx
Subject: Re: [FD] Access anyone's Facebook "profile picture" in full resolution regardless of the ACL restriction
From: Joerg Mertin <smurphy@xxxxxxxxxx>
Date: Wed, 02 Apr 2014 09:48:34 +0200

On Wednesday 02 April 2014 09:21:55 Źmicier Januszkiewicz wrote:
> > the facebook user should not have unrealistic expectation to privacy.
> 
> I think this part says it all. I'd even drop the "unrealistic" out of
> it. Keeping someone "private" on FB is like spraying it over a wall
> and hoping nobody will notice, while a certain person is already
> running an exhibition business out of it.
> 
> The whole concept of "online privacy" is a delusion IMO. How can
> something be private if it leaves traces and records all over the
> place? Traffic, logs, DB records... So please, please let's stop
> thinking that something can be "private" when we share it with a
> multibillion company and its partners, advertisers, developers, and
> whoever makes a legal claim.
> 
> If you want something to be private -- don't share it. Period.

You are right on most of these.
The only way to gain a "small" control over it, is host it on your own hardware 
at home, and 
provide only links on other side on information of your site.
Then, if you want remove it from the net, you cannot just delete the links, as 
these are still 
there (crawler bots, search machines etc.). You'll have to also modify "the" 
information. 
Actually, this is called provide misinformation as to invalidate the 
information you have so far.
The question that then comes to my mind is - how many information/versions do 
the Bots 
cache of your site ? This will determine the number of disinformation changes 
you will have 
to make on your site ... :}

The alternative of course - is to not have a E-Mail address, no contact to 
social sites, no 
Credit card, no Social security number, and live as an hermit :) somewhere in a 
cave (as a 
hermit on a mountain, the spy satellites can spot you :) ) ...

-- 
Ask not for whom the Bell tolls, and you will pay only the station-to-station
rate.
                -- Howard Kandel
------------------------------------------------------------------------
Joerg Mertin in Clermont/France
Web: http://www.solsys.org
PGP: Public Key Server - Get "0x159DC660F946126F"

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

References:
- [FD] Access anyone's Facebook "profile picture" in full resolution regardless of the ACL restriction
  - From: Bipin Gautam
- Re: [FD] Access anyone's Facebook "profile picture" in full resolution regardless of the ACL restriction
  - From: Źmicier Januszkiewicz

Prev by Date: Re: [FD] Access anyone's Facebook "profile picture" in full resolution regardless of the ACL restriction
Next by Date: [FD] iShare Your Moving Library 1.0 iOS - Multiple Vulnerabilities
Previous by thread: Re: [FD] Access anyone's Facebook "profile picture" in full resolution regardless of the ACL restriction
Next by thread: Re: [FD] Access anyone's Facebook "profile picture" in full resolution regardless of the ACL restriction
Index(es):
- Date
- Thread