The problem with Facebook’s Open Graph isn’t privacy, it’s security

Image representing Yelp as depicted in CrunchBase
Image via CrunchBase

We wrote not long ago about how Facebook’s Open Graph Protocol would be super-tempting to hackers. Well, right on cue, Techcrunch reported a security hole on Yelp that exposed users’ Facebook data. Yes, the screw-up was on Yelp’s side, but it was still Facebook users’ data that was compromised.

The underlying risk of the Open Graph Protocol — which lets sites import Facebook profile data so the site can “pre-customize” for your likes — is that it puts profile data security in the hands of every site using the OGP. Yelp is a big-boy operation and they dropped the ball. What’s going to happen when everybody starts implementing the Open Graph, including the bootstrapping startups that don’t have a full team of security-conscious coders out there protecting your data?

Moreover, Facebook is getting behind OAuth 2.0, which is going to make Facebook Connect (and eventually, the OGP) even easier to implement, so again your profile data is going to go lots of places outside of Facebook. That means you’ll be putting your Facebook data in the hands of even more sites, so your security risks will escalate accordingly.

Despite all these fears — and some high-profile criticismsFacebook’s social plugins got 100,000 adopters in three weeks. The gravity well of Facebook’s movements can’t be escaped, at least not in the near term. Yes, the smart move is simply not to put data on Facebook, but not many businesses can resist the lure of 500 million Facebook users. Thus, one must place data on Facebook with the full understanding that doing so is an ever-growing security risk, and that data exposure, data corruption, and data loss are likely just a matter of time.

Hope you’ve got a backup plan.