I have been meaning to link up my modern warfare 3 account with facebook (new feature) so I could see which of my facebook friends play. Today I finally did it and paid very close attention to the permission I was granting to the game. Call of duty asks for permission to access all your basic info, view your photos, and post to your wall. A bit hefty, but I wanted to see who else was playing modern warfare 3 so I agreed. I was logged in, and when I went to my friends list i was informed it found no results so was pretty much pointless. Immediately I checked my account settings on facebook thinking I would just remove access and forget about the whole thing. I was not so shocked to find that call of duty had allowed itself more access than it asked for. I WAS however shocked that there was another app allowed in the last 24 hours called 'Playstation Network' and it had a pagelong list of access permissions all of which were completely open and I had never been asked to allow that. (I'm pretty sure it just opened up every permission setting possible on facebook) Seriously, check it out yourself if you have the game on ps3. I would take a screenshot but I was so disturbed the first reaction was to of course revoke all access. Obviously any information they could access would have been crawled and indexed in sony's servers in those few minutes, but it was all I could do of course. Has anyone else been disturbed by this? It is particularly ironic that sony not so long ago lost all psn users' personal and financial data to crackers, and now they want to underhandedly grab more of it from our facebook accounts. Please help me bring some attention to this.
I'm being pedantic, but "roots your Facebook" is a massive misuse of the word root.<p>I doubt Sony has the ability to do anything it wants with your account (It can't change your password, it can't revoke permissions of another app) so they haven't gained "root access" to your account.<p>I also doubt that Sony is hacking or getting this access through illicit means. Sony doesn't "root" your account through some sort of exploit, Facebook has most likely given them that access. (As a few others have mentioned)<p>You're right that this is disturbing. Poking holes into the security model in other to make the user experience more convenient is something companies do depressingly often. Here's an example that surprised me recently, if you activate your android phone by signing into a google account it ignores two-factor authentication and only asks for your password.<p>[edit, removed a patronizing paragraph]
As TazeTSchnitzel alludes to, HTC and their Sense interface use a similar "special manufacturer" authentication permission to accomplish this.<p>EDIT: To clarify, Facebook has made a special deal with HTC (or Sony in the case of this post) to allow these non-standard browser oAuth flows.
Yeah, Facebook has a special authentication mode for devices where browser OAuth isn't an option.<p>My Samsung feature phone also gets full permissions when it logs in.
> It is particularly ironic that sony not so long ago lost all psn users' personal and financial data to crackers, and now they want to underhandedly grab more of it from our facebook accounts.<p>QFT. You would think that they'd show a little more sensitivity around privacy issues after their recent security fiasco, instead of looking for more ways to steal information that they might very well end up losing.
This is the same company (albeit a different division?) that decided it was OK to install rootkits on users computers. <a href="http://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal" rel="nofollow">http://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootki...</a>
Two years ago we were all handling our social network username + passwords to every service out there. You just did that with your Playstation, what's new? Just don't share things with services you don't trust. OAuth doesn't work in this setting.