Facebook users: Raise your mallets.

Image from Joe Shlabotnik's Flickr stream under creative commons


 
Niket Biswas posted an entry in the Facebook Developers blog yesterday entitled “Confirming Developer Accounts“. It seems that they are asking application developers to attach either a mobile telephone phone number or a credit card to their Facebook account. The telephone number is verified by way of a validation code sent by SMS, the credit card number is not verified in any two way fashion, in fact Facebook explicitly state that they do not even make a token charge to the card. In their own words;

We’re taking this step to preserve the integrity of Facebook Platform, ensuring that every application is associated with a valid and real Facebook account.

There are a couple of glaring problems with this… Firstly, what guarantees are there that any Facebook account is “valid and real” in the first place? Secondly, proving access to a credit card or mobile phone is a whole different thing to proving ownership. So if criminals or scammers, who we must assume have ready access to disposable mobile numbers and/or stolen credit cards, attach some of these bogus credentials to an already bogus account where does that leave us?
 
Well, with the proposed “Confirmed Developer Accounts”; it leaves us with a fake “confirmed” profile which is once again free to post any application content they choose, and it leaves Facebook incident handlers continuning to play Whac-a-Mole with the scammers.
 
If Facebook really want to turn around the security situation when it comes to malicious or (being charitable) rogue content, then the only effective option open to them is an application approval process such as the ones already in place over on MySpace or on the Apple App Store.
 
The effort that Facebook incident handlers currently put in to tracking down and suspending the ever increasing volume of rogue apps would surely be better channeled into stopping them from appearing in the first place. This is something I first suggested back in February 2009 when two rogue apps in a week was considered shocking (how times change). At the time Mr Zuckerberg was very quick to dismiss my proposal, but with these first steps perhaps we can live in hope.

4 thoughts on “Facebook users: Raise your mallets.

  1. Pingback: Iedereen veilig online » Blog Archive » Facebook verbetert beveiliging

  2. Pingback: Facebook dev move won’t stop rogue apps, say researchers | Hack In The Box

  3. Pingback: Facebook dev move won’t stop rogue apps, say researchers | IT Security, Hacking, Vulnerability alerts, IT Leadership and more

  4. Pingback: Tweets that mention New blog - Facebook users: Raise your Mallets. - -- Topsy.com

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>