MySpace is NotSafe
A recent article concerning user privacy on MySpace made it known there is a serious flaw in the social network’s security. The reported exploit of the bug allows anyone, not just MySpace account holders, to view private profiles and private photo galleries. Ideally, if a user marks their profile and pictures as private, only friends or individuals they allow to view their information should have access. It was mentioned in the article that URLs were modified to circumvent the privacy security installed on MySpace presently; this exploit is similar to Pablo’s demonstration of the duped CNN page using a modified URL.
As the article mentions, one reason this event came about is due to individuals posting on forums asking how to view these private profiles. Even more disturbing, however, is the fact that these individuals on the forums are targeting teens. It is also reported that this bug has been in circulation on forums for months now, and so it would seem likely that MySpace knew of the bug, but was too lazy to do anything about it. If they did not know, then ignorance is no excuse. From the high-level and brief description of the bug in the article, it seems this event and others like it could have been prevented altogether with a better system architecture to begin with. Since anyone is able to modify the MySpace URLs and input a user’s ID to gain access, it would seem MySpace does not check if the exploiter is logged in. If they do check this, then spoofing a user’s account credentials seems all too easy on MySpace.
Due to MySpace being one of the largest, if not the largest, social networking sites on the web, there is a potentially large societal impact due to this bug. Personal photos and information can be stripped from profiles and placed on other sites for who knows what reasons. Clearly this type of event is an invasion of privacy, and should be prevented from occurring as soon as possible. Not only is this type of act against the rules, it is against the wishes of the victims. How should these victims react? They signed up for a service expecting their information to be protected, but they received a vulnerable service which puts their information at risk. Should MySpace have to compensate individuals somehow due to harming their user base? User’s must pay the consequences when breaking the “Terms and Conditions” of a service oriented site, so should this swing the other way?