Research has laid bare that Diaspora and many other social networking forums have security holes, and many have believed that there is everything you can do about to someone else’s account on Diaspora. Absolutely everything.
It is well known that reporting bugs which affect security is tricky. When an error is reported and you create a code to resolve it; there you have created a bug, unwittingly! Diaspora security and privacy is a much deeper issue than we presume, and can involve unexpected issues which developers rarely expected. The number of errors that you can come across on Diaspora system is such that pervasive ones are counted which totally ignore every class of Diaspora.
It is generally reported that there are 3 genres of errors which affect security.
Every social networking system or for that matter web systems are ridden with a belief that users cannot be believed. When you log on to Diaspora, and are aware of a photo ID on that server, and proceed to alter the URL of the ”destroy” attempt, from your own photo ID to that other photo ID, you will be able to erase the other photo. This leaves to leading of IDs of objects over the net, and it is very easy to interpret actions of the URL, do not feel secure with the ID of your photo or data is confidential.
On the other hand, another error creeps: the code never checks whether or not the HTTP Post has asked for the “destroy action”. Leaving over-reaching browsers to follow the links on the page, and can even delete the photo without user’ knowledge.
You may counter this observation by saying that Diaspora verifies whether the user’s name and confirms that the user has logged in. Of course, their library of user’s name authenticates, but unfortunately it is not responsible for authorization, leaving a big security hole. This simply means that an attacker with Diaspora account can reach various features of the web based systems through others' account!