Imagine that you’re interviewing a candidate for a job. Your company’s HR department has recently decreed that you have to check out all candidates’ Facebook pages to see if there’s anything there that might be a problem for the company.
You don’t want to demand that the candidate give you her password. That might create legal problems. So you say to this candidate, I need you to log into your Facebook account and browse around, right here and now, with me looking over your shoulder and telling you what to click on.
That could seriously backfire on you: It might expose you to information that, legally, you’d have been better off not knowing.
Noted hacker (in the original, good sense of the term) Reg Braithwaite explains how.