Furtive Facebook ???

  Batch 17:28 04 Jul 2008

A friend of mine joined Facebook at someone elses behest (i.e. she was sent a Facebook "invite" and so joined so that she could view the other persons profile).

Next thing she knew she was getting loads of emails saying that so and so had accepted her as a friend on Facebook. Well what do you know, Facebook had sent out invite emails to her friends as well now.

But, the question is how did Facebook get hold of the email addresses of her friends? She says that she joined Facebook just to view the other persons profile - and that's all.

So, does Facebook sneakily download something like an ActiveX control (if your security settings permit) that furtively reads your address book and then emails everyone it it without you knowing?

Be interested if anyone can shed some light as she is pretty miffed!

BTW, I'd guess she's using IE6 or IE7.

Also, I don't intend to go anywhere near Facebook as there's been so much bad press.

  wiz-king 18:37 04 Jul 2008

When you sign up for face book it asks if it can read your address book, if you don't say no then it imports all the addresses and sends them an invite.
She did not think about what she was agreeing to - always read each screen properly, don't automatically accept it.

  Batch 18:42 04 Jul 2008

Thanks for that.

So do you know if it downloads ActiveX or what?

  tullie 18:55 04 Jul 2008

Why are you concerned about ActiveX?

  Batch 19:10 04 Jul 2008

Just want to know what specific piece of technology they (Facebook) use to get access to the address book. For example, Active X Control from within browser, .exe downloaded and run or something else.

  Batch 20:35 04 Jul 2008

Thanks Marg7, but if my understanding is correct, just accessing Facebook (or any other website) through your browser doesn't give it access to things like your address book unless you specificaly allow some sort of add-on to be installed. Maybe downloading something like that is an integral part of Facebook anyhow (which is, in itself cause for concern).

  Batch 22:57 04 Jul 2008

AFAIK one's browser does not inherently have the ability to access other data on one's PC. Just ticking a box on the webpage doesn't magically give it such ability - some additional software must be installed (which one would normally have to agree to install [and not just by ticking a box on the webpage]). That's what I'm trying to get to the bottom of - what specific type of additional software does Facebook install (and therefore what mechanism does it use to get teh software installed).

  Batch 09:51 05 Jul 2008

Thanks for your perseverance Marg7. Ultimately I wanted to explain to my friend how she'd ended up with this situation. I can't (easily) go and see what's on her PC as she's in Australia.

For now I've assumed that Facebook uses Active X control(s) for this as I see that they use them for other purposes. Maybe the security settings on her PC are set-up to accept Active X controls automatically by default (bad news that).

  Batch 14:37 05 Jul 2008

I don't think JavaScript or Java have the ability to access other things on your computer (except where there may be flaws in them). They are both used as integral part of web pages (this PCAdvisor web page uses JavaScript) and, if they supported access to other parts of your computer, any website would, inherently, have the potential to snoop around your PC.

By way of contrast, the use of Active X can be readily controlled (downloaded and installed) on a site by site / function by function basis. Active X falls into two categories - signed (trusted) and unsigned (not trusted - e.g. potentially malicious). Active X has much higher "privileges" than JavaScript or Java and has serious access to your PC.

The Facebook ones may be classed as signed (in that they don't deliver malware or spyware etc. and that they only do what they claim to do). But that doesn't mean to say you really want them to do the sorts of things that they do do.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

The Evil Within 2 review-in-progress

InVision Studio takes on Adobe XD and Sketch

iPhone X news: Release date, price, new features & specs

Comment transformer un iPhone en borne Wi-Fi ?