.png)
8 months ago
65 BOOK THIS SPACE FOR AD
ARTICLE AD
Introduction:
You know how we use Facebook Messenger to chat all the time, right? Meta added a new feature to edit the send messages in Facebook Messenger some months ago. Well, there’s this sneaky little problem with it that I’ve been trying to get fixed. Picture this: you send a message, then realize you made a typo or said something wrong. No biggie, you just hit the “edit” button to fix it. But here’s the kicker: even after you edit it, the original message sticks around. It’s like trying to erase something on a whiteboard, but the mark still faintly remains. I’ve been trying to get Facebook to sort this out, but it’s been like talking to a brick wall. I’m actually at risk of losing some of my Hacker Plus Bonus payout because of an automated response from the bot! Can you believe it?
Let me break down the response I got from Facebook about that bug I reported in Messenger.
So, they basically said that unsending messages isn’t foolproof, which we kinda expected. But here’s the kicker: they closed my report, saying it’s not applicable.
Now, here’s where it gets interesting. They mentioned how once data is received by a device, users can save it in different ways, like taking screenshots or saving from device storage. But here’s the thing: my report wasn’t about that. It’s about how even after you edit a message, the original one still sticks around, which is a big privacy concern.
They also talked about how they don’t guarantee that unsending messages will always work, which is fair. But again, my issue wasn’t about unsending messages — it’s about the fact that edited messages aren’t replacing the original ones like they should.
The Core of the Issue:
So, here’s the deal with this problem: when you edit a message on Facebook Messenger, you’d expect the old version to disappear, right? But nah, it’s still there, lurking in the background. It’s like if you wrote a letter, changed your mind, rewrote it, but the first draft was still in the envelope. It’s not just a little glitch; it’s a serious breach of privacy.
My Frustrations:
I’ve been on Facebook’s case about this bug not once, not twice, but a whopping four times! Can you believe it? I figured maybe they just missed it the first couple of times, but nope, same old story. They asked for more details, which I dutifully provided, but it feels like they’re just not listening. Their response?
“Unsending messages is tricky”,
“Your report describes one of the scenarios that we do not have any control over”
But seriously, that’s not the problem here! It’s about ensuring our edited messages stay private.
But get this: their latest response? They basically said they don’t consider the editing feature a privacy control, so being able to see the original message isn’t a bug in their eyes. I mean, come on! It’s like talking to a wall sometimes.
Facebook’s Lackluster Response:
You won’t believe how Facebook responded to my concerns. They basically brushed it off, saying something about how unsending messages is complicated. But guess what? This isn’t about unsending; it’s about making sure the old message doesn’t hang around like a bad smell. And it’s not just me; other people have reported similar problems, only to be told it’s “not applicable.” It’s frustrating, to say the least.
Why It Matters:
Think about it: when you edit a message, you’re doing it because you want to correct something or change what you said, right? But if the old message is still there for anyone to see, what’s the point? It’s like trying to stop a chaiwala from making tea by hiding his kettle — he’ll find a way around it sooner or later. Our privacy matters, and Facebook needs to do better.
What Can Be Done:
It’s pretty simple, really. Facebook just needs to update their system so that when you edit a message, the old one actually disappears. It’s not rocket science; it’s just common sense. Until they do that, though, our privacy is still at risk.
Conclusion:
So, whether it’s me, you, or anyone else, let’s keep pushing until Facebook listens and fixes this glitch. Our privacy matters, and every report brings us one step closer to a safer online space. Together, we can make sure our chats stay private and secure.
And hey, why not give it a shot yourself? Reporting this issue to Facebook could not only help fix the problem but also earn you a nice bounty. It’s like hitting two mangoes with one stone! So, go ahead and give it a try. You never know, you might just strike gold!
Below is one of my report of what I submitted.
Title
Critical Privacy Bug in Facebook/Messenger Message Editing Feature
Vulnerability Type
Read Data Improperly
Description
In Facebook/Messenger, users can edit sent messages for 15 minutes. The edited message should replace the original one.
But, when you edit a message, the first version is still visible, even after the edit. Although this does not happen on regular Facebook but it is visible on Basic Facebook and in DYI Backup files. This is a problem because people might think their edits are private, but they’re not.
There are ways to keep messages once they’re on a device, like saving notifications or taking screenshots. But here, the issue is the original messages show up without any action from the receiver.
This problem is about how Facebook deals with edited messages, which users expect to be private and secure. The risk here is Facebook accidentally showing original messages that users think are replaced or gone. This could lead to big privacy issues, as users trust that their edits are the final version of the chat.
This seems like a problem that could be fixed by updating Facebook’s system. It should make sure that once a message is edited, the original is completely replaced everywhere, including backups.
Impact
This bug poses significant privacy risks and could lead to unintended data leaks, as users, instead of unsending, often edit messages to correct sensitive information or errors. The ability to access the original content of edited messages via the backup file is contrary to user expectations and can lead to misunderstandings, breaches of confidentiality, or other serious issues.
Reproduction Steps
1. User A sends a message to User B on Facebook Messenger.
2. User A edits this message.
3. If User B wants to see the original message, he goes to http://mbasic.facebook.com/ or downloads the messages backup from the DYI
4. User B looks at the messages with User A and sees the original message there.
Bengali (Bangladesh) · 
English (United States) ·