I had decided to set up a test account for an app I'm developing, so I googled "Facebook test account" and found this blog entry at position #1:<p>http://developers.facebook.com/blog/post/35/<p>I skimmed it for a link and clicked. The page loaded, I clicked the big button in the middle that said something like "Make [Your Name] a Test Account"...<p>...and my Facebook account was made unable to interact with friends and apps.<p>My real Facebook account. The one I use (well, formerly used) to admin multiple apps. The one I formerly used to keep in touch with hundreds of friends.<p>Instead of making a test account <i>for</i> me, it had made a test account <i>out of me.</i><p>I contacted Facebook support, but other developers on the forum have done so with no luck. This is sickening.
<i>Who in their right mind creates a button labeled "create test account" that irreversibly destroys the account of the person using the system?</i><p>And who, having committed such an atrocity of design, doesn't even help the people who accidentally click it? It is incomprehensible.<p>[Edit: It gets WORSE, if that is possible. The method that blog post talks about is outdated. It shouldn't be used any more. There is a much cleaner way to manage test users through official apis. They could at least edit that post to point to the up-to-date information. ]
To be safe, I browsed with "links."<p>"To make a test account, register on Facebook as you normally would. Then, when logged in to the test account, go to this URL: <a href="http://www.facebook.com/developers/become_test_account.php" rel="nofollow">http://www.facebook.com/developers/become_test_account.php</a><p>Personally from reading only to this point I would assume that it makes a new account, rather than make the current account become a test account. Even though that description is embedded in the URL, it isn't in the English text.<p>The warnings come afterwards, starting "A few important things to note". I think the description is ambiguous, and don't get the impression that it will trash your personal FB account.<p>This is such a nasty security problem it's not even funny. I haven't (and daren't) try. But if people start putting that URL on lots of public sites, and people click on it, then it will make a lot of people angry with FB. That suggests a solution - post the direct link to HN and other sites and get enough people to click on it that FB has to respond. Not a nice solution though.<p>Even worse, it looks like it's a regular GET request, which isn't supposed to have these sorts of side effects. (Again, I haven't tried.)
EDIT: I just confirmed this no longer works. =(<p>I think all you need to do is disassociate your account from the Developer Test Accounts network via your profile settings page: <a href="http://www.facebook.com/editaccount.php?networks" rel="nofollow">http://www.facebook.com/editaccount.php?networks</a><p>That should revert it to a regular account.
Does Firesheep still work with Facebook? How many times do you have one teenager at another teenager's house, with access to the computer? It just takes a minute and the damage is done.<p>Why on Earth would they have a misfeature like this?
Is this relevant?<p><a href="http://www.skybondsor.com/blog/undo-test-account-on-facebook" rel="nofollow">http://www.skybondsor.com/blog/undo-test-account-on-facebook</a><p>If so, the lesson here is that Google is your friend...
I got my account back! Someone at Facebook evidently saw this, and (1) updated the blog post and (2) brought my account back to life. Thank you!<p>However, unless this was a general fix, it looks like other developers are still stranded:<p><a href="http://news.ycombinator.com/item?id=2258827" rel="nofollow">http://news.ycombinator.com/item?id=2258827</a>
Glad to hear you're unstuck jpadvo (<a href="http://news.ycombinator.com/item?id=2258827" rel="nofollow">http://news.ycombinator.com/item?id=2258827</a>). If anyone else's real account is stuck in the Facebook Test Account network, please write in to us at <a href="http://www.facebook.com/devhelp" rel="nofollow">http://www.facebook.com/devhelp</a> and we'll help get you out. We've updated the old blog post you reference with a link to our new test account architecture (<a href="http://developers.facebook.com/blog/post/429" rel="nofollow">http://developers.facebook.com/blog/post/429</a>) which you should use exclusively for creating and managing test accounts going forwards. Sorry for the confusion.
This is why I never use my real Facebook account when developing apps. I have a special John Doe account from which I manage all my apps. I think this is the only solution to their incompetences.
I know at least a few of you thought it... what would happen if people were tricked into clicking that link and button. Kind of an a-hole thing to do.<p>However, it does make me wonder how fast they might find a fix for it if it were to happen to enough people to make it a priority. Or even, how many people it would take to make it a priority.
You say there was a button that said "Make [Your Name] a Test Account". I think it's pretty clear what that button does. If it were actually labeled "create test account" it might be different.
I think it's interesting that the idea of deleting an account on a web service is "incomprehensible" (a bit out of context, but still relevant). It's kind of funny how reliant we've become on a few companies and services.