In association with heise online

29 June 2011, 11:00

Facebook blocked KDE photo applications

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

KIPI Icon Facebook had blocked applications that use the KDE Image Plugins Interface (KIPI) from uploading photographs to the social network and hid existing photos that were previously uploaded via KIPI. KIPI is used by a number of applications such as digiKam, KPhotoAlbum and Gwenview.

The problem appears to be that what was meant to be a secret key and application ID for a now deprecated interface into Facebook was included in the KIPI source code. It is suspected that at some point spammers took the key and id and used it for their own malicious applications on Facebook. This hasn't been a problem for KDE users, but now Facebook has instituted a new scheme to block spam. This new anti-spam scheme correlates negative feedback on applications with their keys and ids and blocks them. The KDE keys, having been apparently poisoned by abusive use by spammers, were then blocked.

The application ID is reported to have been restored, along with photos and albums previously uploaded, after an appeal to Facebook, but the KIPI developers are now considering how they handle private keys belonging to KIPI 2.0.0's in-development OAuth interface.

Developers of open source applications which use secret or private keys need to ensure those keys are not embedded in the source code; one approach is to "inject" the keys from environment variables or a private file when the applications are being compiled. This does mean that other developers or distributors building the application will need to apply for their own secret key and ids to build the application, creating a flurry of keys and ids which actually all refer to the same application compiled by different people.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit