Facebook Social Plugins’ World Domination

by David Maciejak
May 12, 2010 at 5:00 am

Recently, Facebook unveiled its strategy to conquer the web. The company introduced a new kind of plugin deemed “Social Plugins“, essentially allowing third-party “partner” sites to access your Facebook profile information upon visiting them — in order to “improve your experience”.

While the idea is great, from a webmaster’s point of view, there are obvious privacy concerns for Facebook users. The first week, about 50,000 third parties websites had already integrated it. It adds up to the recent changes at Facebook’s policies, implying that users have to explicitly opts-out to share its confidential data (and the sole fact that there are forum postings and blogs detailing how to do so suffices to assume that there is no will from Facebook to facilitate this).

Now, beyond the evident targeted advertisement and data mining potential, allowing third-party sites to access your Facebook profile personal info may give rise to burlesque situations, as noted with humor by French blogger Korben in this photo-montage:
fake_youporn
To address the related privacy concerns expressed by our customers, the IPS and Application-Control Team at Fortinet released a detection pattern named “Facebook.Plugins”, available on FortiOS 4.0 MR2. Should a customer choose to enable it, social plugin calls from third-party sites will be blocked, and the Facebook identity of users behind the FortiGate will remain unknown to those third-party sites. All this without impacting the use of the main Facebook web social application.

Author bio: David Maciejak works as a security researcher for Fortinet. His primary role is to follow vulnerability trends and provide preventative protection to customers.

Leave a Reply