Recently I had an email of Facebook thanking me for the purchase of thousands of poker chips. I don't play poker on Facebook. Unsurprisingly then, next time I tried to log-in I had to go through a surreal bur admittedly ingenious security check in which I was shown a series of photos of my friends whom I had to identify. Thankfully for my account and my friendships, I passed with flying colours.
Rather alarmingly though, the reason for the security check was that whilst I was safely tucked up in Cornwall, knuckling down to some essay writing, some dubious characters in Ireland had been playing around with my account in the early hours of the morning. I’ve written a lot about security problems with Facebook (mainly government access) but I never truly stood back and thought about it until it happened to me. Now I'm thinking, do I really want all my personal details floating around in cyberspace.
And today I found out that It wasn't just my account that has been compromised. Security firm Symantec have discovered that programs are inadvertently sharing ‘access tokens’ which can be used by advertisers. Symantec said “We estimate that over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties."
In order to combat the issue all new applications are required to authenticate with OAuth 2.0, a shared open standard co-authored by several sites including Google and Twitter. Old apps are also required to transfer to the service.
But is it good enough? I'm really starting to wonder if Facebook is secure enough both from a software point of view and a political point of view. Even if it's made un-hackable, if certain 'authorities' demand my details than Facebook are obliged to hand them over.