I was digging around Facebook’s API and found a few flaws that still enable apps to get at lists of your friends without their permission.  They’ve made it harder than the Cambridge Analytica days, but not hard enough.

Facebook fixed two of the three flaws I pointed out – saying one they were already working on and another they will soon pay me a bounty for.

Read the full story @ The Tyee

Update – Facebook did pay out a bounty, and I accepted in BitCoin.  The process was very Facebookesque and very not White Hat (i.e. private/anonymous) and I will write more about it more soon.