> "This was the result of three distinct bugs," said Guy Rosen,
> Facebook’s vice president of product management. "The first bug was
> that when using the 'view as' function, the video uploader shouldn't
> have showed up at all." But for certain types of posts on users'
> timelines, such as prompts to post happy birthday greetings, the
> video uploader function was shown as active. The second bug was that
> when activated, the video uploader was generating a single sign-on
> token—a behavior that Rosen said was incorrect. And the third bug was
> that in the creation of that token, it was using the identity of the
> person the user was viewing the page as—not the user's.
There's a need for lots of people to talk about this, and it will probably end up as "those FB SSO token bugs from 2018." Cataloging/naming/enumerating/identification is an end all by itself.