Facebook MITMed My Email

I prefer email to social media. I do have a Facebook page, but I don’t post anything there, and I made sure that my primary personal email address, gerv[at]gerv.net, was displayed in the profile so that people could contact me directly.

Today, I happened to visit my Facebook profile, and noticed that they had changed the displayed email address to gerv.markham[at]facebook.com! The old one was still in the database, but it had been hidden. Email to the Facebook address is forwarded by Facebook to the other one, so it ends up in the same place. [Update: I now think this is not correct. The email instead goes to my Facebook inbox, and I don’t get a notification email to say it’s there. Which is, IMO, even worse – they don’t just pass it through their servers on the way to where it would have gone, they keep it, and fail to send me a copy!]

In other words, Facebook silently inserted themselves into the path of formerly-direct unencrypted communications from people who want to email me. In other contexts, this is known as a Man In The Middle (MITM) attack. What on earth do they think they are playing at?

125 thoughts on “Facebook MITMed My Email

  1. Thanks for pointing this out! It was the same for me; now fixed… bit surprised as that seems like a pretty strange thing for them to do. :-\

  2. This is an absolute attack on personal liberties and privacy. However, it would also be nice if you stopped using google’s feedproxy as your rss redirector, which somewhat does the same thing to your rss subscribers through planet Mozilla. having the rss hosted by them is fine (although blogspot now truncates postings for tracking purposes), but having the redirect go throuh them is another privacy issue.

    • I use Google’s feed proxy to get metrics on how many people are accessing my feed. If you have suggestions for alternative services, with an explanation of how using them is better for me or my readers, I’d be happy to hear them.

      • Which is the same reasoning Facebook applies to use a third party service (themselves) to intercept clicks and read counts of messages.

        I don’t have a better solution for you and your readers, just pointing out the obvious. Another mans privacy intrusion is another mans analytics tool. There is no right answer.

      • Could you write your own analytics script and direct clicks through your own site? eg track.gerv.net ?

      • Hey Gerv,
        Fellow Mozillian Otto de Voogd (who you’ve met in person) wrote an open source website statistics program called StatEye that I’ve been using for several years on a few of my sites that has some nice features.
        Since it’s a self-hosted solution, you’d be in full control of your data which is the greatest thing about it.
        http://www.7is7.com/software/stateye/

        I’m sure that Otto would be happy to help you to get it installed and setup.

  3. Ironically, this was done in the name of privacy.

    When users were switched over to the new privacy system, all of their previous personal information was hidden. (More accurately, all contact information was hidden — as for how much of the other information was shared, I don’t recall). This was because users on the old system often did not know exactly how much was being shared, or how to change those settings. Starting users off with some reasonable defaults while they adjusted is probably the better idea, since they could always opt to be more public in the future if they chose.

    When Facebook added @facebook.com emails as part of its Messaging initiative, those addresses were made public for people who had previously set their privacy settings to allow all users to message them. Since emails to the Facebook address also go to the Facebook inbox, this was also seen as a reasonable default. Consider the use of email as identity — with a new Facebook address, people can work from a familiar interface (email) while at the same time associating that email with a certain online identity on Facebook.

    Personally, I believe that users should be actively managing their privacy online. This means staying on top of changes to online services with which they have a relationship. Otherwise, they are effectively outsourcing privacy management to a third-party whose interests may not align with their own. I do not believe that simplifying something as complicated as this down to a single bolded phrase does not properly recognize the challenges of online privacy, and turns reasonable discussion of the pitfalls and perils of trying to the right thing into a soundbite.

    • The right thing would have been to leave my personal information the way I put it. Is that such an unreasonable thing to ask?

      If I set up an email alias, “john.larson@gerv.net”, which forwarded to you, and then tried my best to contact all your friends and tell them to email you via that instead of any other address they might have been using, you’d think it was entirely unreasonable and would be contacting them all to tell them that I was some sort of stalking nutter and not to believe me!

        • Andres, I interpreted your workaround comment as being tongue-in-cheek. The fact that one might have to do such a workaround is ridiculous. That’s why I think creating an image with your contact info on it (a photo of a handwritten piece of paper showing your real (original) profile email address) would make a better awareness meme. The meme would be in “protest” of Facebook taking such liberties with user profiles. It would be “protest” and not protest because the latter would require real action like deactivating your FB profile. Few people will do so over this but if similar actions continue, users eventually will go back to Myspace. (Just kidding.)

    • Anyone using Facebook is already outsourcing most of this responsibility. There’s no changelog or release notes for Facebook, AFAICT, so I can’t tell what changed this week (unless I happen to see a blog post about it like this). Usually any changes relating to the privacy policy do have documentation, but I haven’t seen any this time.

      Providing contact information, photos, videos, locations, activities, and relationship information to *any* free service is quite literally outsourcing privacy management to a third-party whose interests almost certainly do not align with my own. I don’t see this as a valid excuse, though. I pay my taxes to the IRS, for example, and their interests do not align with mine at all, but I still expect that they respect my privacy.

      It seems a bit disingenuous for Facebook to simultaneously (1) provide a service whose purpose is to handle privacy for users (as opposed to the bad old way, e.g., everybody sets up their own web servers and manually manages identity for all of their friends), and (2) frequently change the privacy system and policies, and (3) when things go bad to wash their hands of it and say they expected users to manage it themselves, while (4) providing insufficient documentation to do so.

      When I set the privacy settings and contact info in a web service like Facebook, I mean what I say: these are the settings I want. Facebook is assuming that I didn’t say quite what I meant, and that it’s in ‘my best interest’ to second-guess what I said.

      I guess if I wanted stability or reliability, I shouldn’t be on Facebook, and that’s probably a fair point.

  4. I would assume that this was done to hide your actual email and reduce spam (because facebook can run spam filters on the messages passing through their system).

    If you’re concerned about facebook reading your email, then what about all the networking equipment that your message will be passing through, much of it owned by companies you’ve never even heard of let alone configured any privacy settings with.

    • If I wanted my email hidden, I’d have hidden it. If Facebook want to offer me a spam filtering service, they should do that – not opt me in without my consent.

      The networking equipment the emails pass through is not generally owned by companies which have a personal profile on me which they can associate with the data, plus a business model based on data mining.

      • Not that you don’t have a point, but most people would not have hidden their email address, because they didn’t know they needed to and/or couldn’t find the settings to do that. However, it’s a bit of stretch to say that showing the Facebook email address instead is a necessary part of that switch.

        Having email servers not owned by companies which have a personal profile on you is also something of an exceptional situation these days.

        Also, Facebook’s messaging system also integrates with mobile texts, encouraging people to send and receive their text messages through Facebook – their goal is to bring all of people’s communication together, with Facebook as the hub.

    • It amazes me sometimes when people read blog post and the comment thread, and then post something like this where they pull a phrase entirely out of thin air. “Concerned about Facebook reading your email?”

      Where in the world did you get that? It’s not even in the ballpark of what’s been discussed here. Go ahead and Ctrl-F the thread since reading it didn’t work for you. Nobody is suggesting Facebook Corp is reading your emails (although, with their nonchalant attitude about privacy, that’s where this is all headed some day).

      The fact is that when you put an email address on your profile in Facebook, you had to choose whether you wanted it displayed to all your contacts through Facebook, or hidden.

      They’ve decided to ignore the specific choice that you’ve made, and make a new one for you. EG, that “you” want a 12345678@facebook.com address listed as your public point of contact to everyone on your Facebook list.

      As already pointed out, this is a power play.. they want to con as many people as possible into using their email service, but there’s so certain their product is crap that rather than promoting it they “opted in” everyone who is already using their other services. And they did so by removing the primary means of contact people use other than Facebook so that people will have no choice but to contact you through Facebook, or not talk to you at all.

      Imagine you have two phone numbers.. one is through AT&T and you use it as a fax number, the other is through Verizon and is your voice line. This is the equivalent of AT&T one day deciding they’re going to give you long-distance voice service on the fax line, hiding all references to your Verizon voice line from the phone books, and creating a new entry listing your voice line as the phone number through AT&T.

      It’s muscling out the competition through completely unethical means.

  5. This is not quite right and you guys should double check before lambasting Facebook. What they did was reset your settings for showing e-mail on your profile.

    The default setting appears to be hiding all emails from your profile except your @facebook.com address. On top of that you should double check who you are sharing this address with. I was apparently only sharing it with myself.

    Set your email as visible on your profile and it will be back the way it used to. It is, however a big problem that facebook from time to time reset things on your profile. I assume it is caused by a poor setting transfer for new settings, but I don’t know.

    • You assume, but you don’t know… Do you work for Facebook? Why the trust… why don’t we assume that they actually want to control people’s channels of communication…

      Assholes…

    • Facebook doesn’t allow you to change the settings, though.

      I just tried to remove the facebook.com email address. It wouldn’t let me.

      I tried to hide it. It wouldn’t let me.

      I finally had to make it visible to me, only, and make my regular email address available to the intended audience (in this case, my friends.)

      This is just bloody rude.

  6. Facebook is already a de facto replacement for e-mail for many people. With this this move, they are consolidating their position as an e-mail replacement instead of a complement. This is simply unacceptable to me. I hope a popular, widely-deployed, decentralized communication system (such as e-mail) will always be available, and that we don’t give away our independence to a single company (let alone Facebook).

  7. I think your case is abnormal, and most people wold have a problem with Facebook showing a personal address (I don’t know if that’s the default).

    Having said that, I think Facebook needs to inform users when it makes a change to your profile (content and/or privacy).

    • Really bizarre that anyone would think that Facebook is doing this for anyone’s benefit other than Facebook.

  8. “Facebook MITMed My Email”

    No. No, they didn’t. YOUR e-mail is untampered with, they simply made it default behavior to display an address associated with your facebook profile that routes into facebook’s messaging system… which you’ve already chosen A) to be a part of and B) to give information to. The behavior can be disabled in a few clicks – simply hide the username@facebook.com entry and display the one you want. Do I like it? No. But if you’re worried about it, disable it and don’t respond to facebook messages. Problem solved.

  9. No tin foil here but while we’re on the subject. I did NOT update my FB app in my phone specifically because of this…(it was in the EULA).and I quote….”Hardware controls…..Allows application to access the audio record path.
    Take pictures and videos…..Allows application to take pictures and videos with the camera. This allows the application at any time to collect images the camera is seeing.” OK, I’m puttin’ foil on the ceiling….

  10. It also does not seem to pass on emails that do not come from an account related to facebook.

    For example, I have my personal email address associated with my FB account. If I email someone from this address it appears. If I use my uni email address, FB swallows the email and does not notify the recipient AT ALL.

  11. And… so Facebook will read all these emails and take over the world? or will they steal all your little secrets? Big fucking deal.
    I can’t see how Facebook could do anything with the 100 million emails that must be sent through the site every day. What information could be important to them?
    When most of the emails will be this:
    Dear XXX,
    I see you are on Facebook, but I don’t know your email address, this is kinda weird but call me, maybe.
    XCCC

  12. If you have taken care, facebook (but also google) and a few other companies slowly but surely try to get all your data (personnal or not). Officially to serve you. In reality to sell this data to advertisers and soon to banks (to see if you can have a credit), HR departments (to see if you have the profile for the job) and of course government in less liberal coutries.

    The obvious reason for the facebook mail being the default is to make you switch to facebook mail a day or another when you might find yourself using it a lot. All other things are just excuses. Facebook would not even have an email service otherwise. Do facebook computer exploit the content of your mails. I don’t know. But google already is. They use it to profile you and the ads are linked to the mail you read or write.

    Up to a point this is ok. I can accept to have better tageted ads based on my data. But I do not want to share my data by any mean and that anybody can use my data without my concent to make any decision of any importance to me based on that data.

    I have already seen many time facebook crossing the line and I find it anoying. The thing is I don’t have a facebook account, neither a google+ one and don’t plan on having one or another.

    I do have a twitter account, but there a reason. Explicitely all things you put on twitter is public, there is no privacy setting. It is a broadcast system and you know it. The rules are clear. And no fear that some private thing is shared.

    This already set the problem that everybody is now like a public person with its throughs, actions etc recorded. If you change opinion, if you said something stupid or controversial you have a problem. This is not like saying something to your friends in a bar. You have to be very carefull and to educate your child to be cautious too. So they don’t have unwanted content gone public on the web.

    Facebook provide what? The equivalent of a adress book + blog. The only feature is the linling between the blog and the address book.

    Does this really deserve to give away all control?

  13. Pingback: Privacidade? Facebook muda todos os e-mails de seus usuários para @facebook.com | Limbotech

  14. Pingback: Facebook does e-mail?! - OZNB FoundationOZNB Foundation

  15. Pingback: Facebook's Lame Attempt To Force Its Email Service On You - Forbes

  16. This is a super annoying abuse of Facebook’s ability to make edits to users’ profile pages. To do this with no notification was a tacky move. I covered at Forbes and gave you a tip of the hat. Nice catch.

  17. Pingback: Facebook Switched Your Email Address to One You've Probably Never Used

  18. Pingback: Facebook Switched Your Email Address to One You’ve Probably Never Used | AppsPlanner.com Blog

  19. Pingback: Facebook Changed Your Email Address And Forgot to Tell You

  20. Pingback: Facebook Switched Your Email to One You’ve Probably Never Used | Tech News

  21. Pingback: Facebook changes everyone’s listed emails to ‘@facebook.com’ – Los Angeles Times | Dubai News|Dubai Hotels|Dubai Business

  22. Pingback: Facebook Changes Your Email Without Your Permission

  23. Pingback: Facebook Switched Your Email to One You’ve Probably Never Used : hotNews Indian News | India Newspaper | India Latest News | News From India | India News Daily | Current India News

  24. Pingback: Facebook changes everyone’s listed emails to ‘@facebook.com’ | DesiP2P.com

  25. Pingback: Facebook Switched Your Email to One You’ve Probably Never Used | Social Media News and Technology News The Social Media Guide

  26. Pingback: Facebook Switched Your Email to One You’ve Probably Never Used | Round Rockit Media

  27. Pingback: Facebook forces all users over to @facebook.com e-mail addresses | SnaggStuff.com Blog

  28. Pingback: Facebook changes everyone’s listed emails to ‘@facebook.com’ | Listed.me

  29. Pingback: Facebook Switched Your Email to One You’ve Probably Never Used | Ready Made Facebook Like Website

  30. Pingback: Facebook Now Changing Users’ Default Email Addresses, Says More Changes Coming | junglejournalist

  31. Pingback: Facebook changes everyone’s listed emails to ‘@facebook.com’ | The RealN3ws Post

  32. Pingback: Facebook Hacked Your Default Email Account - How To Get It Back

  33. Pingback: Ey, Facebook! | K. [Journal]

  34. Pingback: Facebook forces all users over to @facebook.com e-mail addresses | Ars Technica

  35. Pingback: Slate Asset Blog Network » Blog Archive » Facebook Switched Your Email to One You’ve Probably Never Used » Slate Asset Blog Network

  36. Facebook public relation policies seem to be consistently through being hated for what they do in the back office! If it wasn’t so annoying to the user I am, I would find it hilarious. Their mishaps and privacy attacks are fascinating to watch. They remind me of a brat in a family!

  37. Pingback: News: Facebook quietly swaps email addresses on profiles | News Aggregator for you

  38. Pingback: Facebook changes users' default email to @facebook.com address | Digital Trends

  39. Pingback: Facebook is trying to hijack your email address

  40. Pingback: Facebook’s Brazen Switch: User Email Addresses Change to @Facebook.com - Tea Party Tribune

  41. Pingback: Facebook is trying to hijack your email address | Blog

  42. Pingback: Facebook is trying to hijack your email address

  43. Pingback: Facebook is trying to hijack your email address | AppsPlanner.com Blog

  44. Pingback: News: Everyone, freak out! Facebook changes users’ default email to @facebook.com … – Digitaltrends.com | News Aggregator for you

  45. Pingback: Everyone, freak out! Facebook changes users’ default email to @facebook.com … – Digitaltrends.com

  46. Hi Gerv, just found a link to this post on the web, it was funny to hear a friend referenced! Thanks for this. Hope you are well – we should be facebook friends! Andy

  47. Pingback: Everyone, freak out! Facebook changes users’ default email to @facebook.com … | SnaggStuff.com Blog

  48. Pingback: Facebook is trying to hijack your email address | CNNnews.info

  49. Pingback: Everyone, freak out! Facebook changes users’ default email to @facebook.com … – Digitaltrends.com | Daily News Pages

  50. Pingback: Before It's News

  51. Pingback: Facebook changes users' default email to @facebook.com address

  52. Pingback: Facebook is trying to hijack your email address – CNN International «

  53. Pingback: Facebook email change ignites new user uproar – Daily Caller | The Time of Press

  54. I’have Notice FB and Google (as well) are maliciously pushing their subscribers “at all time” to use all personal email contacts ‘ I personally never did it mainly because I try to save the privacy of everyone (mine included). I have closed my Google account just for this matter and I never use Google Bar again to browse just due at those reasons. After all I’ve lost a lot of business in the past due to the “Google monopoly” (people are so Googollians that, they never uses other search bars and therefore when they input a business domain address they have to browse 1000 links while Google, makes money on every click. I recall reporting Google to the

  55. I have noticed “FB and Google” (as well) are maliciously pushing their subscribers “at all time” to use all personal email contacts ‘ I personally never did it mainly because I try to save the privacy of everyone (mine included). I have closed my Google account just for this matter and I never use Google Bar again to browse just due at those reasons. After all I’ve lost a lot of business in the past due to the “Google monopoly” (people are so Googollians that, they never uses other search bars and therefore when they input a business domain address they have to browse 1000 links while Google, makes money on every click. I recall reporting Google to the

  56. Hm. I’m not techie enough to figure out how to make this quirk go away. When you get into your profile and see that you now magically have an @facebook.com address, the only way you can change it is to change your username, and all that does is give you a new @facebook.com e-mail address. If there’s a way to change your address back to whatever you want, it’s not obvious.

    One thing after another with this outfit. I’m thinking it’s time to close that account and erase as many of my tracks from there as possible.

  57. Pingback: Facebook is trying to hijack your email address « Breaking News « Theory Report

  58. Pingback: Facebook is trying to hijack your email address - All About Forex Market

  59. Pingback: Facebook is hijacking your email address - All About Forex Market

  60. Pingback: WHOA! Did Facebook Just Pulled a FAST One On Us? | JanelleMcLeod.com

  61. Pingback: Everyone, freak out! Facebook changes users’ default email to @facebook.com address | welcome to globalmastizone.com

  62. Pingback: Facebook is trying to hijack your email address - Latest Technology - News & Articles

  63. Pingback: Facebook zamijenio email na onaj koji vjerovatno nikad niste koristili | Mario Kovačević

  64. Pingback: فيس بوك تغير ايميلات الحسابات اجباريا يا لها من وقاحه !!!|مجنون كمبيوتر| | |مجنون كمبيوتر|

  65. I noticed that Facebook changed my contact email address to a @facebook.com account a few weeks ago. I changed it back to a regular email address and then Facebook changed it to @facebook.com. So frustrating! Still can’t believe that FB would make such a change without notifying users before doing so. Makes me wonder what FB is planning to do with my acct without permission or notification next. Sad….. I really liked FB for a while, but not so much anymore.

  66. Pingback: Beware of Facebook! | OXGLOBE.COM

  67. Pingback: Facebook Changes Users’ Default Email to @Facebook.com Address  | Truth Is Scary

  68. Please contact the Irish Data Protection Commissioner on this with Facebook’s answer.
    He has the power to obligue Facebook (Ireland Limited, according to the SRR) to revert the changes.
    I have deleted my FB account due to the new SRR, so I am not able to file a real complaint on my own.

  69. Pingback: Facebook Users Upset About New Email Format | SNS Post

  70. Pingback: Facebook is hijacking your email - Latest Technology - News & Articles

  71. Pingback: You have a new Facebook email address. (Er, thanks Facebook.) - Red Robot - Red Robot

  72. Pingback: Facebook Email Address Change Incites Backlash | About International Business

  73. Pingback: Hey, Facebook Changed The Email Address On My Profile – Yours Too!

  74. Pingback: Facebook Email Address Change Incites Backlash ‹ EnvisionForce

  75. Pingback: Facebook’s recent grab for your email traffic … « slappHappe

  76. Pingback: Anonymous

  77. Pingback: Facebook Email Follow-up | Hacking for Christ

  78. Pingback: Facebook Email Address Change Incites Backlash : Cheap Web Hosting Reviews |Top 10 Web Hosting Sites | Compare Prices

  79. Pingback: Facebook zmienił ci adres e-mail | Informacje USA - Informacje Chicago, Nowy Jork, USA

  80. Pingback: Facebook Changes Users’ Default Email to @Facebook.com Address | The Illuminati

  81. Pingback: Facebook’s Latest Trick: Replacing Users’ Email Addresses by Wendy Davis » TechLatino

  82. Pingback: Hatalmas felháborodás a Facebook legutóbbi lépése miatt | TradeCommands

  83. Pingback: Trendwire – Facebook Changes

  84. Pingback: Topcatt, website development, SEO and social media consultants | areyou@facebook.com?

  85. Pingback: Facebook Changes Users Email « applesvsbananas

  86. Pingback: Facebook is hijacking your email - All About Forex Market

  87. Pingback: Facebook quietly swaps email addresses on profiles | Tech News

  88. Pingback: Ny Facebook email adresseTrending.dk

  89. This can be reversed, with 5 minutes, 7 steps, and something for the headache:

    1) Click your name/picture on the top of your Facebook page to go into your profile.
    2) Click Edit Profile.
    3) Click Contact Information
    4) If you’ve entered an email address in the past, you’ll see two or more emails listed here. If you haven’t entered one before, you’ll just see the 1234567@facebook.com address – I suggest clicking Add/Remove Emails link and adding one, even if it’s not your actual email address. Then go back to Contact information.
    5) Next to each email address are two buttons with dropdown menus. For the 1234567@facebook.com address, click the left dropdown and chose “Only Me” which means this will be visible to only yourself, no one else. There is no way to delete their email address, sadly.
    6) On the right dropdown next to 1234567@facebook.com, click on Hidden From Profile. That’s right, you have to hide it twice.
    7) Next to your actual email address (or a fake one just to send an FU to Facebook) repeat 5) and 6), only this time choose “Friends” in the left dropdown, and “Shown on Profile” on the right dropdown.

  90. Pingback: Adifusora » Lembra-se do e-mail do Facebook? Não, pois você não tinha este e-mail! » Adifusora

  91. Pingback: Sebastian Gehart | Facebook Email | Facebook is Getting Creepy

  92. Pingback: Facebook’s Lame Attempt To Force Its Email Service On You | Open Source Thinktank

  93. Pingback: Cómo deshacer el cambio de correo de contacto que Facebook te ha hecho sin preguntarte | Stralunato

  94. uhh … to the person who questioned how could facebook read 100 million emails, etc. and was fairly ignorant with regards to their actions … This is actually incredibly easy especially with a company that has the resources that Facebook does … Facebook wouldn’t mine your emails for personal information (spying so to speak as I believe you were referring to in your question) nor do they have a workforce endless going through emails, but rather they use analytics engines and mine the email databases for keywords and phrases to push profile-based advertising to your Facebook page. They are already doing something similiar with the posts in your profile now. Google does this now with gmail accounts and they are very, very successful with it. This is why Facebook wants a piece of your email traffic. Facebook probably calls it “business strategy”. And if you’re so upset about your email address being changed, you shouldn’t use their service. You’re willingly using their service and their resources. If you have a problem with their frank disregard for your privacy then you shouldn’t be using their service or maybe start your own. But you should probably realize that it’s pretty expensive to run a huge site such as Facebook and well, there’s a lot of money to be made by hijacking the “google” model of advertising (see Google’s huge pile of cash) and using it … so eventually, someone is going to try to make an easy buck off of you. If the service is good enough to warrant your everyday use, then my advice to you is suck it up and take it. If the service isn’t worth your perceived invasion of privacy, then you shouldn’t use it.

  95. Pingback: Facebook tries to intercept it’s users e-mail :: Henrik Carlsson's Blog

  96. Pingback: @Facebook.com Email Address Pushed to Profiles & Contact Info | Vermont Design Works

  97. 1.30.401.7 may be the one particular which is supposed
    to resolve the fragmented hindrances (missing safe-keeping).
    Us throughout Malaysia is TWO improvements behind. Even now no news
    pertaining to Asia, innit?

  98. Pingback: Facebook: Post IPO « Cupfone Blog

  99. Pingback: Facebook E-mail Debacle Takes a Turn for the Worse | SiliconANGLE

  100. Pingback: Facebook changes default emails to @facebook.com – Jun. 25, 2012 « Ye Olde Soapbox

  101. Pingback: Should Facebook Be Fined For Its Insane Email Fiasco? - Forbes

  102. Pingback: Suspect Syndication | Hacking for Christ

  103. Pingback: Will Facebook Be Fined For Its Insane Email Fiasco? | Facebook Zone

  104. I didn’t read all of the posts, but I just wanted to mention the following:
    The new facebook email address @facebook.com
    can be used as the login email address, so user enumeration is not needed anymore.

    This sucks in my opinion.