This might not go as far as some would like, since the permission requirement leaves researchers in a tough spot. While this increases the chances that a third party will be aware of and fix a data flaw, it also creates problems if the app or site creator doesn't consent to testing. This doesn't stop tests, but an investigator may have to accept that neither Facebook nor the third party will pay up.

So long as most companies cooperate, though, this could lead to more disclosures and better controls for your data. Facebook has a strong financial motivation to pay more, too. Whatever it spends on bounty rewards it might save by avoiding government fines for its data security.