Saturday, May 8, 2010

Yet another Facebook privacy risk: emails Facebook sends leak user IP address


facebook.jpg
We've been covering the mounting privacy violation woes for Facebook users here on Boing Boing in recent weeks—here's another issue to be aware of. Facebook base64-encodes your IP address in every emailed event that you interact with.
Matt C. at Binary Intelligence Blog explains that Facebook's automated email notifications (which go out when, say, a friend comments on your status or sends you a message) appear to contain the IP address of the user who caused that Facebook email to be sent:
The email headers contain a line similar to:
X-Facebook: from zuckmail ([MTAuMzAuNDcuMjAw])
Copy this line out and feed it to this page:
http://www.myiptest.com/staticpages/index.php/trace-email-sender
You will get the IP address of your friend and clicking on it will get a geolocation-based map. This will also show you if your friend used their cell phone to post and who they use as their service provider.
This information is great when a fugitive is taunting law enforcement through their Facebook page, but not when a wife is trying to hide from an abusive husband and assumes Facebook is the best form of communication.
As Matt points out in the blog post, this may not be the most onerous of Facebook's privacy problems, and it's certainly not the only one. But no good purpose for users is served by leaking user IPs, and there are many good reasons not to. Facebook, get your shit together for chrissakes.
Facebook Leaks IP Addresses
(binint.com, thanks Jake Appelbaum / IMAGE: Facebook, a Creative Commons-licensed photo from the Flickr stream of Franco Bouly)

http://feeds.boingboing.net/~r/boingboing/iBag/~3/L7J7nK6ON3E/yet-another-privacy.html


Sent from James' iPhone
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)