RealTime IT News

A Phishing Fix For Facebook?

Facebook caulked a few cracks in its platform today, announcing an upgrade to its mark-up language.

In a post on its blog for developers, Facebook called FBML 1.1 "a change that has to do with both technology and the philosophy behind the Facebook Platform."

Put less euphemistically, FBML 1.1 is a security update, intended to fight off spam and phishing, which have threatened to become nagging issues for the social network since it turned over feature development to third parties in May.

Facebook removed tags from FMBL, such as fb:if-user-has-added-app and other fb-if tags that Facebook said some developers use to deliver unwanted content to user profile boxes. Facebook added a new set of tags called fb:visible-to-.

The changes are meant to ensure that users are always aware of exactly what their profiles looks like to those who view them.

When Facebook CEO Mark Zuckerberg and CTO Adam D'Angelo designed and built the Facebook platform, the idea was to let third-party developers do the hard work of creating new features for the site in the form of applications. By virtue of popularity, users would decide which applications would become Facebook fixtures.

But Zuckerberg and D'Angelo knew not to trust their users entirely to third parties so took at least two crucial measures to protect them. They created their own mark-up language for the site, the Facebook Mark-up Language (FBML). Second, Facebook gave users control over which applications should appear in their profiles.

In early August, these measures began to show signs of failure.

In an Aug. 6 post on one of its official blogs, Facebook was forced to warn developers that, as the post's title read, "Misleading Notifications To Users Will Be Blocked."

"Over the last few weeks we have noticed several developers misleading our users into clicking on links, adding applications and taking actions," the post reads. "While the majority of developers are doing the right thing and playing by the rules, a few aren’t – and are creating spam as a result."

Facebook didn't open access to its users just to let spammers and identity thieves at them. Opening users to such threats is a good way to lose the momentum that resulted in what Nielsen//NetRatings called 129 percent growth in unique visits between July 2006 and July 2007.

Something needed to be done. FBML got its first upgrade.