I talked about Chris Soghoian’s analysis of Facebook’s newly upgrade privacy controls in the last news cast. The net-net is that the changes really don’t enhance privacy in any meaningful way.
I just saw an AP story on The Globe and Mail of a provable security hole that allows perusing of private photos. This is a compelling breach as the expert who found it, Ng, and the AP reporter were pretty much able to view private photos at will. Facebook responded promptly to the report of the issue and claims to have fixed the defect within an hour of the notification.
It is easy to urge caution against sharing personal information. With photos, this is easy advice to follow as the benefit of sharing is largely social so the sacrifice is not too great. Unfortunately the problem isn’t restricted to just photos. Any personal info you share with an online service could be caught out by an inadvertent defect or an intentional attack. And much of that information is the price of admission to fairly valuable services like online banking and other professional services.