top | item 13204690

(no title)

rnovak | 9 years ago

I'm confused as to why anyone would think facebook's security is good? Their entire profit model is based entirely on sharing information that most people would consider private (and have no clue is being sold to third parties).

Furthermore, however, how would you design a Content Delivery system that was performant that also had the level of security/privacy that you'd consider appropriate? keep in mind that cookie/session based security requires extra network traffic and coordination, whereas a simple GET request is pretty simple.

Considering the massive amount of traffic they deal with (nearly 1B people, right?), I think their use of UUID type strings (though I don't think they're specifically UUIDs) is pretty appropriate.

I guess let me ask it this way: what threat do you feel they've left you open to?

discuss

No comments yet.