Austrian Student Group Finds Big Privacy Leak in New Timeline

euvsfbAustrian student group Europe v. Facebook has continually pressed Facebook to make changes to its privacy and data policies in Europe. You might remember the group’s name from a few months ago: they have filed dozens of complaints against Facebook in Ireland, home of the company’s international headquarters, and accuse them of continually violating Europe’s data privacy laws. However, with the release of Facebook’s new timeline feature, the group had more criticism for Facebook, and this time it had to do with a privacy glitch.

The group announced in a media statement that they found a loophole in the new Timeline feature that allowed friends of friends to see every event that a user has attended, even if their privacy settings made content visible to friends only. “When the hundreds of friends of each of my 200 Friends have access to my data, the end result is that some 50K people have an insight,” said the group’s leader, Max Schrem, in the group’s press release. “It is also quite common that one of my colleagues might be friends with my boss, who is then able to pull up all my past events with one click.” They also found that in order to delete events users would have to do so manually, one event at a time, a process that could be extremely time-consuming.

What do you think about the group’s discovery? Should they have called out Facebook publicly like they did?