Skip to content
This repository was archived by the owner on Apr 4, 2025. It is now read-only.

[BUG-100875] Destination pages use Facebook identities instead of SL identities. This is not immediately clear and may lead to disclosure of real identities. #387

Open
1 task
sl-service-account opened this issue Jun 22, 2017 · 3 comments
Open
1 task

[BUG-100875] Destination pages use Facebook identities instead of SL identities. This is not immediately clear and may lead to disclosure of real identities. #387

sl-service-account opened this issue Jun 22, 2017 · 3 comments
Labels
project:BUG

Comments

@sl-service-account
Copy link

sl-service-account commented Jun 22, 2017
edited by sl-issues-importer bot
Loading

Changed summary. Was "The new destination pages are mixing authentication in a way that may cause users to reveal RL details" – Soft

I followed a link to an event posted on secondlife.
http://secondlife.com/destination/come-as-you-were-party

The portal clearly shows that I am logged in as Beq Janus
https://i.gyazo.com/3298bf495027b1aaa918e7408ed1f54c.png

yet the comments section shows your currently logged in facebook profile.
(example here shows my SL as I am not posting an RL link even on a SEC)
https://i.gyazo.com/08b828dc38edbc70d4faef093058467e.png

This could easily cause people a lot of problems and embarrassment and is particularly deceptive because it is not aligned to the behaviour elsewhere and at no point has authority to post as FB user been granted.

Repro.
Login to facebook, using your real life personal account
follow the link above and see your RL FB profile picture peeping out at you.
if applicable switch instead to your SL FB account and simply click refresh on the SL portal page.
The face shown will now be your avatar omage from the SL FB account.

Links

Related

Original Jira Fields
Field Value
Issue BUG-100875
Summary Destination pages use Facebook identities instead of SL identities. This is not immediately clear and may lead to disclosure of real identities.
Type Bug
Priority Unset
Status Accepted
Resolution Unresolved
Reporter Beq Janus (beq.janus)
Created at 2017-06-22T00:46:50Z
Updated at 2018-12-26T19:42:43Z 
{
  'Business Unit': ['Platform'],
  'Date of First Response': '2017-06-21T19:51:51.465-0500',
  'ReOpened Count': 0.0,
  'Severity': 'Unset',
  'Target Viewer Version': 'viewer-development',
  'What just happened?': '.',
  'What were you doing when it happened?': '.',
  'What were you expecting to happen instead?': '.',
}
@sl-service-account
Copy link
Author

Soft Linden commented at 2017-06-22T00:51:51Z

Agreed that using Facebook identities in the middle of a site that otherwise uses pseudonyms can be confusing or cause unintentional disclosure. I'm kicking this back to the devs for discussion.

@sl-service-account
Copy link
Author

Whirly Fizzle commented at 2018-12-26T16:54:18Z

This behaviour is still being complained about.
Please see forum thread: https://community.secondlife.com/forums/topic/431251-forcing-facebook-on-second-life-members/

@sl-service-account
Copy link
Author

Beq Janus commented at 2018-12-26T19:42:44Z

updating to public in light of recent forum posts

@sl-issues-importer sl-issues-importer bot mentioned this issue Feb 14, 2024
Closed
1 task
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
project:BUG
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sl-service-account