Facebook, XMPP and a privacy leak

February 11, 2010 in Software, XMPP by CiaranG | No comments

It’s been in the works a long time, but Facebook have finally switched on their XMPP functionality. Suddenly something like 400m users inside the Facebook walled garden are contactable from the outside world. I don’t know if this makes it the largest single deployment of XMPP – Google may be in a position to argue there, although I’ve sometimes been inclined to call their implementation almost-but-not-quite-XMPP.

Connecting to Facebook’s server is as simple as adding a new account in your favourite client, with chat.facebook.com as the server and your Facebook username as the user. Obviously then, they’re only contactable from the outside world by people who have an account within the walled garden already, but it’s a start. Anyway, it’s handy for people like me who have an account there but, for reasons of taste, common sense, downright dislike of having adverts stuck in their face, etc., don’t ever log in to it.

My first impressions are that their implementation is solid and well thought out. This is to be expected – despite any other criticisms I might have, Facebook have always struck me as a very technically capable organisation. Only one small problem is apparent to me so far, and it’s this: Say Bob is on the Facebook web site and Alice is using her XMPP client. Bob is browsing through the messages on the ‘I Dress Up As A Goat and Eat My Wife’s Underwear’ page, something he does regularly but (uncharacteristically, for a Facebook user) doesn’t want to tell the world about. At this point, Alice uses XMPP to send Bob a link to something on her web site. Bob clicks the link, and blam – his goat/underwear fetish is revealed in Alice’s server logs as the HTTP Referrer.

While I’m thinking of Facebook, something I’ve mentioned elsewhere but is worth repeating, is in relation to this story. Read the story, then look at the two images – in particular the copyright notice on those images. Do Facebook really claim copyright on those images, or have the Daily Mail got it wrong? Either way, it’s definitely something that should be making you go hmmmmm.