Click to view large
I Googled my email address (as I occasionally do) to see if it was indexed anywhere, because I like to keep it off the grid as much as I can. As it turns out, Facebook is the ONLY website that publishes my address, and the thing is...I don't even use that address on Facebook.
So what's happening here? Well, Facebook's "Opt out of emails from Facebook" page is getting indexed by Google. I'm assuming (based on critical thinking and moderate fact checking) addresses appear on this page if the following criteria are met:
site:facebook.com "Do you want to stop receiving Facebook emails" - fixed by Facebook
or
site:facebook.com "Do you want to stop receiving Facebook emails" @gmail.com - fixed by Facebook
Queries like this returned thousands of results, and I'm sure with a little digging, you could find more.
One obvious problem is that spammers can easily scrape this data and add easily legitimate address to their lists, many of whom might not give their addresses to Facebook for a reason. I actually remember seeing this problem a while back (maybe 6 months to a year ago), but forgot about it. I'm a little surprised that this one has slipped through the cracks for this long.
Follow me on Twitter and I'll let you know how this thing turns out.
Update: Sachin Agarwal pointed out on Hacker News that a lot of addresses getting indexed are secret addresses that people use to post to blogs (ie: Blogger). Yikes.
Update: It looks like Facebook has fixed the issue by preventing search engines from indexing that page. A big thanks to Blake Ross from Facebook for joining the thread on Hacker News to find the root of the problem and get it fixed. My email address is safe, once again!
source : http://corywatilo.com/a-real-facebook-privacy-issue-email-addresses
So what's happening here? Well, Facebook's "Opt out of emails from Facebook" page is getting indexed by Google. I'm assuming (based on critical thinking and moderate fact checking) addresses appear on this page if the following criteria are met:
- Email address is not tied to an account on Facebook
- Email address has been submitted by a friend using the "Find a friend" feature
site:facebook.com "Do you want to stop receiving Facebook emails" - fixed by Facebook
or
site:facebook.com "Do you want to stop receiving Facebook emails" @gmail.com - fixed by Facebook
Queries like this returned thousands of results, and I'm sure with a little digging, you could find more.
One obvious problem is that spammers can easily scrape this data and add easily legitimate address to their lists, many of whom might not give their addresses to Facebook for a reason. I actually remember seeing this problem a while back (maybe 6 months to a year ago), but forgot about it. I'm a little surprised that this one has slipped through the cracks for this long.
Follow me on Twitter and I'll let you know how this thing turns out.
Update: Sachin Agarwal pointed out on Hacker News that a lot of addresses getting indexed are secret addresses that people use to post to blogs (ie: Blogger). Yikes.
Update: It looks like Facebook has fixed the issue by preventing search engines from indexing that page. A big thanks to Blake Ross from Facebook for joining the thread on Hacker News to find the root of the problem and get it fixed. My email address is safe, once again!
source : http://corywatilo.com/a-real-facebook-privacy-issue-email-addresses