Hacker News new | past | comments | ask | show | jobs | submit login

It's kinda scary to see your own facebook profile being posted on HN out of nowhere... =\



Just to set any minds at ease after the initial shock:

The link I posted is just a generic bad id link that ends up redirecting to your own Facebook profile if you are currently logged into Facebook. Anyone logged into Facebook will see their own profile.

The link joering2 posted OTOH is actually to my Facebook profile. But:

A) I don't really care (anything I put on my Facebook profile is assumed to be 1000% publically available information anyway).

B) Turnabout is fair play


I was confused at first because I use Facebook in a different browser, so it just gave me the login screen.


Interestingly, the string of numbers is a real user id. I presume it defaults to your own profile because facebook.com/profile.php goes to your own profile, and fb simply ignores the malformed parameters.


Nope, the trick is that he's skipping the "id=" part between the '?' and the user ID, so the param is not being passed properly and thus the link is processed as just 'profile.php' without params. The link https://www.facebook.com/profile.php?id=yaddayadda would work propperly.


Didn't know that one :)


Um, your goat is trying to eat your head or something.

That said, nice goat!


I don't want to sound gay or anything, but you're handsome... Oh and the guy who's neck your kissing looks okay too.


That's because you're being redirected back to your profile since the URL the parent posted is incorrect.


yeah, but why doesn't it respond with 404 as would be appropriate?


"You want to see a page we don't have? Let me show you some ads instead!"


Technically, a 404 page with ads on would be fine too ..


Most web sites don't 404 when fed unrecognized get params.


While that's true, I would kind of expect Facebook to do better than most sites. Oh, well.


Facebook tries to do whatever maximizes engagement. Technical correctness only matters when it serves that primary goal.


Some times a benefit can be indirect and hard to see immediately. Being "technical correct" reduces complexity, which again reduces costs down the road. For example, it makes it easier for third parties to integrate with your service, to name one benefit.

It may never be clear for each individual feature, but violations compound to form a mess of unpredictability. Facebook generally appears to me as being a company with a very strong engineering culture and so it surprises me a bit that they would let something like this slip. Maybe I'm just not seeing the whole picture and it is a clearly thought-out tradeoff and not simply negligence.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: