Why does Facebook want to hide its source code?
Facebook has suffered another software bug this weekend — one that displays the site's source code on users' screens. How ironic: Instead of violating its users' privacy, as it did last time when a bug let people see other users' personal data, Facebook has now violated its own. The Facebook Secrets blog has posted the code for the curious, as have others. Facebook lawyers have already started sending cease-and-desist letters asking that the code be taken down, and spokesperson Brandee Barker has requested that people not post it. Which raises the question: What's in the code that Facebook doesn't want you to see?
First off, I should say that I'm not a programmer, but I've seen a few pieces of source code in my day, and there's little in here that raises my suspicions, or even my curiosity. From what I can tell, the source code for Facebook's homepage is just a script written in PHP that makes a series of calls to other PHP scripts. (I've asked some programmer friends for more opinions, and welcome yours in the comments.)
There is, of course, the sheer embarrassment of the breach. Barker hastened to point out that the site hadn't been "hacked" by an outsider. Of course. But that's hardly reassuring. Who needs to bother to do the work of laboriously hacking into Facebook's site when the company's sloppy programmers do the work for them? Nik Cubrilovic points out ways Facebook could have avoided the source-code breach — pretty basic steps, apparently.
But Facebook's immediate, forceful legal reaction suggests that there's more to it than sheer embarrassment.
Here's one possibility: What if the code is similar to ConnectU's codebase — code that Facebook CEO Mark Zuckerberg allegedly had access to when he worked on the rival college social network? Any resemblances, coincidental or not, in the code could add fuel to alegal fire; ConnectU's founders are suing Zuckerberg for, they claim, ripping off their site. I have no way of knowing if there are, in fact, any similarities. But you can bet ConnectU's lawyers will be scouring the leaked code before the next hearing in the case.