Why you aren't wrong to hate new Facebook
Oct. 26th, 2009 02:59 amEvery time Facebook makes a major change, you can hear outrage spread across the globe. Polls spring up with "Do you hate the new Facebook?" and yes is always in the lead. Your friends whine about it incessantly in their status messages. Petitions start asking Facebook to change things back.
It's easy to dismiss the fuss as a bunch of people who need to learn to move on. But it turns out, people are not wrong to hate every change in Facebook. They just might not be right for the reasons that they think.
As a web security researcher, I spend a lot of time thinking about what makes sites more secure, or more insecure. Every major change is likely to introduce new bugs, even as it may fix others. And the way the security model of the web works, any "minor" bug might result in major damage to you, as an individual. People store their whole lives on Facebook, and that means that a minor bug might let anyone in on their own, private stuff.
So every time the interface changes, you should probably be afraid that Facebook may be accidentally or intentionally allowing the entire world access to your stuff.
Does that mean "I hate the new Facebook!" is the new "GIRLS ONLY, NO BROTHERS ALLOWED!!!!" taped to the door? As in, you're worried Dad will leave the door open after vacuuming and you'll find your brother has played with your toys? Uncool, but really, no one who's over the age of 14 will care?
Turns out the security reality says the stakes are a lot higher. Many people keep a lot of private stuff in Facebook. It's more like Facebook said they were coming in to paint your apartment walls, but they rearranged all the furniture too and you have this feeling that they left the door unlocked and thus let strangers traipse through your apartment, maybe installing a wiretap and stealing your panties while they're there. Facebook makes a lousy landlord. Or at least a creepy one.
I don't know how to end this post. As long as Facebook is your landlord, you're subject to their whims, and you might as well get used to it. But if changes in Facebook leave you feeling maybe a little violated, that's probably exactly how you should feel.
It's easy to dismiss the fuss as a bunch of people who need to learn to move on. But it turns out, people are not wrong to hate every change in Facebook. They just might not be right for the reasons that they think.
As a web security researcher, I spend a lot of time thinking about what makes sites more secure, or more insecure. Every major change is likely to introduce new bugs, even as it may fix others. And the way the security model of the web works, any "minor" bug might result in major damage to you, as an individual. People store their whole lives on Facebook, and that means that a minor bug might let anyone in on their own, private stuff.
So every time the interface changes, you should probably be afraid that Facebook may be accidentally or intentionally allowing the entire world access to your stuff.
Does that mean "I hate the new Facebook!" is the new "GIRLS ONLY, NO BROTHERS ALLOWED!!!!" taped to the door? As in, you're worried Dad will leave the door open after vacuuming and you'll find your brother has played with your toys? Uncool, but really, no one who's over the age of 14 will care?
Turns out the security reality says the stakes are a lot higher. Many people keep a lot of private stuff in Facebook. It's more like Facebook said they were coming in to paint your apartment walls, but they rearranged all the furniture too and you have this feeling that they left the door unlocked and thus let strangers traipse through your apartment, maybe installing a wiretap and stealing your panties while they're there. Facebook makes a lousy landlord. Or at least a creepy one.
I don't know how to end this post. As long as Facebook is your landlord, you're subject to their whims, and you might as well get used to it. But if changes in Facebook leave you feeling maybe a little violated, that's probably exactly how you should feel.