Problem solve Get help with specific problems with your technologies, process and projects.

How to reassess privacy settings in wake of Facebook cloaking issues

Expert Nick Lewis discusses how Facebook cloaking exposed users' personal info and why it's important to control social media security settings.

What are the dangers of Facebook cloaking? Is it simply a case of someone being capable of seeing information that the user wouldn't necessarily want them to see, or are there more devious attacks that the method will expose?

Ask the expert!

Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous.)

There are two common types of Facebook cloaking. The first is used for potentially illicit search engine optimizing. The second is the more current version that was reported by Technology Review regarding how to make it difficult to be unfriended on Facebook. Facebook responded to the Technology Review report within 48 hours by deploying a modification to its user interface. So, while this may have been an issue, it has been resolved for now.

That second method of cloaking involved deactivating a Facebook account so that users could not remove the account from their "friends" list. This attack required a user to accept an account's friend request before the cloaker could then deactivate the account. At the time of the research, users couldn't unfriend deactivated accounts. This meant that an attacker could enable an account to download all of the content on a user's profile, then disable their account again before someone unfriended them.

Given that many users publish their Facebook updates as public and that few users ever clean up their friends list, it seems that just a few users could have been targeted by a Facebook cloaking attack. This was an important issue that needed a quick resolution because users should be able to remove accounts from their friends list regardless of the status of an account. That said, given Facebook's popularity, it's likely that attackers will continue to find and exploit similar flaws.

The bottom line is that this incident is just the latest wake-up call to remind users that constant vigilance is needed to guard against creative attackers constantly seeking to violate their privacy. If users are concerned enough about their security after this exposure to take steps to enhance their Facebook privacy and avoid security issues such as Facebook cloaking, they should be easily encouraged to use Facebook's privacy settings.

This was last published in September 2012

Dig Deeper on Social media security risks

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.