Who is ultimately responsible for privacy?

Who is ultimately responsible for privacy if that privacy is violated through the use of an API? The user of the API? The owner of the API?

I was recently using a photo website that connected to various social networks to display my photos.  I found a security issue where if you change the id variable in the url, you can view another person’s pictures.  I’ll address this in a separate post.  This isn’t even a hack – it’s just changing  one number in the url.

So who is responsible for protecting my data?
Is it Facebook?  I uploaded my photos to Facebook and Facebook is the source of the third-party photo app.  Should Facebook be responsible for checking the apps that connect through it’s API?
Is it the third-party photo app? They’re the one with the security flaw that is exposing my photos.
Is it me, the user? Should I not be posting my photos knowing someone, somewhere, somehow can view them?

I’m leaning towards the third-party application, but it’s not going to look good for Facebook either.

Slapping Beta on a product can be deceiving

Hasbro/EA is now fixing the Scrabble application.

I’m all for using the word “Beta” on something that is not complete, but the application was “pre-Alpha” at the most.  It was not ready for the scale of users on Facebook.
Beta would typically be updated and bug-fixed, but it would not be completely removed for reworking.

Hasbro vs. Scrabulous

Scrabulous brought Scrabble back to life, but Hasbro had to shut it down it to protect their IP.

So they launched their own version on Facebook –  SCRABBLE Beta and it has not been a hit with Scrabulous players.

This was coming a long time ago, but who would have thought Hasbro and EA (developer of SCRABBLE Beta) would put out such a horrible product.

I won’t be playing until they fix Scrabble or bring back Scrabulous.
If I really need a Scrabulous fix, I can always play on the Scrabulous site.