28 comments

[ 5.1 ms ] story [ 72.3 ms ] thread
Cute. But Facebook would never allow it. You think they have a delete_user_account() method in their developer API? ;)
You can't delete a facebook account, as far as I can tell, but you can change the data, the email, and randomize the password, which is pretty similar.

Seems to me like that's what they were talking about with the 'last words'

Can also make the account do spammy things or change to a fake name, which could speed the banning.
You have been able to actually delete an account for a while. It's described underneath deactivating on this page: https://www.facebook.com/help/?faq=13016
"There was a problem reaching the FAQ you requested" I think you actually want http://www.facebook.com/help/?page=842

and thanks, I didn't know about that. I'm going to go do that now; I 'deactivated' my account some time ago and facebook is still spamming me, and people are still trying to message me on facebook.

I work on security at FB, and I suspect if someone actually tried this, they'd run into a fair amount of friction. A bunch of accounts logging in from a new place and immediately changing emails / passwords is pretty suspicious.

Even if they did get into the loser's account, I think we offer pretty good tools for the account owner to reclaim it even if the password or email have been changed.

(comment deleted)
Says you have to hand over your password so I think that implies that they would be doing it directly via facebook and not the API.
All four will lose.

4.8: "You will not share your password, (or in the case of developers, your secret key), let anyone else access your account, or do anything else that might jeopardize the security of your account."

Much more importantly the least harmful thing to come from this would be FB account deletion. Chances are for most people that FB password is used somewhere else and more harm could come from it since everything an attacker needs to know about their victim is in their FB profile. I was going to mention that in my initial comment but it seemed obvious.
...Except it takes 30 days of no account activity to take effect.
I'm loving the author's repeated statements in the comments, "To be clear, this is a concept, not a real game."
For a "chance" to win a trip? No way. They'd have to offer something with real value, like an iPod.
My sarcasm-o-meter is failing, is this for real?
Why does the loser get the reward?
(comment deleted)
So you give your username and password to some Russians.

And you trust them to:

- not spam your friends

- not mine your details/friends details for data for phishing and other scams.

- not attempt to use your password (or variations of) on other websites.

Sounds like a smart thing to do.

I never understood how it could get to the point where people would actually enter username and password for something on a completely different website... like e.g. those free SMS websites asking for your yahoo, facebook etc logins to "find friends" and then spam everyone in your address book and countless other sites doing the same thing.

Even facebook has a "feature" like that - does no one think about the implications when they do that at all??

> Even facebook has a "feature" like that - does no one think about the implications when they do that at all??

No, generally people don't and are not encouraged to enough, and I take it as one of the signs that facebook really doesn't care about security any more than it needs to in order to be able to give appropriate sounding lip service when they are asked a question.

Handing out your authentication credentials to a third party in exchange for a little convenience is more often than not a ridiculous action, and anyone who encourages such behaviour (by providing such a feature) is simply irresponsible.

> Handing out your authentication credentials to a third party in exchange for a little convenience is more often than not a ridiculous action, and anyone who encourages such behaviour (by providing such a feature) is simply irresponsible.

Yes, absolutely, exactly my point! But obviously it has not hindered lots of websites to STILL do that and obviously lots (or enough) people buy into it. THAT I cannot understand...

People are stupid. Well, at least most of them act it. And not just the "lowest common denominator" either: I've know otherwise well educated people not be cynical enough to understand why it might be a bad idea.

Half the time they just follow instructions without thinking ("enter your email and password here...") and sometimes they are easily swayed into following them "for convenience".

The only cure for many people is for them to get ripped off or otherwise inconvenienced as a result of such an action at least once. But there are still some who would never learn.

What's up with russians? I wouldn't give a username and password to americans either.
(comment deleted)
Yes, I should have said 'strangers' rather than Russians.

It's just that much of this sort of internet crime comes from Russia and other former soviet countries, most likely due to more lax laws, law enforcement and an inability for westerners to touch them.

Not really. See Max Vision etc.