Facebook Glitch Revealed Thumbnails & Descriptions Of Friends’ Private Videos

Facebook’s labyrinthine privacy controls have sprung another leak.

This time it’s their Videos feature, which lets users share brief clips with their friends and family (Videos launched back in 2007 and Facebook now serves billions of views each month). Of course, videos are often sensitive — even more so than photos — but Facebook’s privacy controls let you restrict who has access to each clip that you’ve uploaded.

Unfortunately, those controls haven’t been working as they should: for the last week it’s been possible to see a full listing of your friends’ Facebook videos, including the name, thumbnail, description, and people tagged in each clip — regardless of whether or not you were supposed to have access to the videos.

Clicking on the thumbnail to a video that was supposed to be private would yield a “This video either has been removed from Facebook or is not visible due to privacy settings” message, so you couldn’t watch it. But in some cases an incriminating thumbnail or lewd title could be enough to get someone into a trouble. And even if a video description didn’t show anything incriminating, it could lead to some awkward questions: “So, why can’t I see your Holiday Bash 2010 video…?”

A Facebook spokesperson has confirmed that the site has now fixed the glitch, and that it was live for just over a week. And to be clear, this only affected videos shared by your Facebook friends — you couldn’t view descriptions of videos shared by people you don’t know.

Here’s an example of what a video thumbnail looks like:

This is only the latest in a long string of Facebook privacy holes, which have run the gamut from sending messages to the wrong people to vulnerability to XSS attacks on partner sites.

Facebook is obviously very complex and engineers are constantly pushing changes to its code, but given how much personal information users upload to the site (and that’s only going to increase), it’s imperative that they lock down these holes. Google+ may be making a lot of headlines, but Facebook’s biggest threat right now is negative perception around privacy and trust, and these bugs don’t help.

Thanks to TC reader Arjun Gadhia for the tip.