I doubt this would be the case if the feature was not popular amongst common users
I don’t agree that just because it’s there means it’s used. I’ve never forwarded an sms, and have never had one forwarded to me, but if you believe people use this (and often) then I’ll just have to trust you on that. I’ve never seen or heard of such a thing.
Regardless, to forward the facebook link requires deliberate action by the user. Just like how I’ve never deliberately forwarded an SMS I can guarantee I’ve never accidentally forwarded one, either. I’ve also never copy and pasted a conversation from an SMS to somewhere else.
Is this login link a new thing to keep an eye on and make sure facebook have not left it exploitable? Sure. But assuming they have taken sensible steps then this is not much different to a password reset link, or links for other services that similarly take you right into your account (I’m pretty sure I’ve seen/used that before, elsewhere).
IMHO the amount and types of mistakes required for someone to make the links accessible to another person is too high to lose a moments sleep over. I think you have better chances winning the lottery than exposing a silly facebook link that only gives a person access to defaceable areas of facebook.
IRL there is far more risk to a persons facebook account when they walk away from their computer or phone to go to the bathroom. I’m sure we all remember the mind-numbing wall posts of “my facebook was hacked” when some friend borrows their phone or gets on their computer and starts making dumb posts about random garbage.
I don’t see any risk here greater than a person being able to send email through gmail on someone elses computer/device.
As long as there is a mechanism in place to invalidate the existing url’s, just like how you can clear all other login sessions (and therefore log-out other devices), then there is little to nothing to be concerned about.
You know more about this feature than I do at this point, and I’ve no interest in messing about with it just for the sake of it… but I wonder if the URL’s are single-use only, or perhaps expire after a day, or some other mechanism that gives them a short lifespan regardless of if they are clicked or not?
I have hope that facebook has a clue what they are doing, but sure, it’s good to be cautious. Personally, I don’t assume there is danger here at all.
It could ruin lives for all we know.
Totally irrelevant. That was two people who somewhat knew each other with one of them dox’ing and swat’ing the other. Two shitbags who brought the world down upon each other.