Today a facebook friend request was in my mail inbox. It was, well, from a friend. The click on ‘Confirm friend’ took me to facebook and as I wasn’t logged in, the login page was presented to me. To my surprise it was suggesting I log in with my friend’s email address, the one I was about to confirm!
facebook suggesting i log in with my friends email address. a new approach to privacy?
Now that’s odd i thought, funny bug. Source reading revealed the confirm friend link does actually contain the requesting person’s email address in clear text and not as one might expect the much less exposing facebook id.
Now with the recipient being someone I’d like to be friends with this isn’t such a big deal, but still, dear facebook people, you should be a bit embarassed about such first semester student privacy glitch, and of course fix it asap.
Pingback: Facebook Has Some Housekeeping To Do
Could you post a picture of the email? I looked back into my friend requests and I didn’t see any of my friends’ emails revealed in the login link.
Here’s the a tag from the request mail:
<a href="http://www.facebook.com/n/?reqs.php&fcode=******7bbb&f=****2656&mid=********47aba1aG2&
n_m=*****_1990%40hotmail.com” >Confirm Friend</a>
Seems facebook got hold of the bug, another request received today does not expose the requestee’s email anymore.