I b have almost nothing to do with Facebook, and
little knowledge about it, but as I read the nyt, the claim is that device makers (e.g., BlackBerry, in the example they presented) could access a user's FB friends and FoF and so on. This doesn't seem right. It makes more sense if the claim is that the cell providers (e.g., Verizon) can do that. But it seemed that what really was involved was the user accessing the data through the BlackBerry Hub, which he hhad configured to do just that. The article made no claim that anyone but the phone user actually accessed any FB data.
The Register article doesn't seem to clarify that completely. It would be very interesting to know the truth. Given the nyt general cluelessness about computer technology I don't expect it from the. Hopefully, a follow-up by this publication or its commentariat can shine some light here.
Until then I am assuming this is another try at stirring up a moral panic.