Facebook Connect Exposes Hulu User Data 60
An anonymous reader writes "Over the weekend, Hulu rolled out Facebook Connect integration. Almost immediately after launch, Hulu had to pull the feature as the company discovered a technical issue affecting a limited number of users. More specifically, some users weren't seeing their own Hulu account information upon login, but someone else's."
The title should be (Score:5, Insightful)
Ahh that old bug (Score:2, Insightful)
The good old static variables (or class variables in a singleton) causing a network application to leak data between sessions.
Doesn't generally show up in most testing as that's generally done by one tester at a time.
Relatively innocent to do and relatively major crap-storm that follows because one programmer accidentally used the wrong variable scope for probably 1 or a few variables.
Facebook as an "Identification Badge" (Score:5, Insightful)
This is why it worries me that Facebook is increasingly becoming a sort of ID badge for the internet--many blogs, for example, now support Facebook Connect as the primary (or only!) way to comment; social networking games (even ones living outside of Facebook) urge or even force users to connect their accounts, etc.
What control do I retain over my own information? For some sites, sure, it's useful to be able to authenticate my login info with one click (assuming my Facebook is logged in) and it's nice to have a populated friends list for applications such as online games so I know who I can play with, but for some sites (Hulu included), I don't want to give my name, profile picture, and friends list up.
I use a different, strong password for all of my accounts online, so a website I visit being compromised by hackers doesn't concern me much, but if a flaw in implementation of the Facebook Connect API can leak any information that Facebook gives them out to other people (and potentially out to hackers), I could be facing some serious issues.
A name and friend list forms a unique thumbprint for my identity that can contribute to identity theft. Hell, I have even seen Facebook hacks that clone your profile and friend your entire friends list--sort of the reverse of having your profile hacked and having to create a new one.
Bottom line: Facebook has information that I barely trust Facebook to handle, much less other websites, and the use of the Facebook Connect API by a site can have dangerous consequences for its users.
Re:Facebook as an "Identification Badge" (Score:4, Insightful)
Don't worry. Google+ will take care of everything.
(I jest but it would be unwise to ignore the lessons of current predicaments.)
Re:Hulu's problem (Score:5, Insightful)
Re:Facebook as an "Identification Badge" (Score:3, Insightful)
Not that I think Google+ is going to succeed, but isn't Google an OpenID provider?
So is facebook.
I would prefer that both were also OpenID consumers (or whatever the heck that is called these days) instead.
Re:Hulu's problem (Score:5, Insightful)
Good PR: the cure to shitty coding.
You seem to be implying that Hulu is dancing around the fact that they fucked up when they clearly admitted that they fucked up.