Google+ Badge

Sunday, May 15, 2011

Facebook Apps and Privacy Concerns

Does Facebook allow strangers and the ill-intentioned to collect personal data without the knowledge of its users? Of course, Facebook sits atop mountains of valuable personal information. The safety and security of so much information stored in one place is suspect. By now, the wise know that if information is private and meant to be guarded, they should never post it on Facebook.

Many wonder just what Facebook information is shared by third parties. In other words, what can be viewed publicly, even by people who aren't Facebook friends in a social network, or even by people who aren't members of Facebook?

Many users love Facebook applications. Facebook apps seem like harmless games and fun, but are they?

Here is some recent news:

"Security firm Symantec has discovered a security flaw in Facebook that inadvertently gives advertisers and other outside parties access to people's accounts. But Facebook said it has fixed the problem and found no evidence that any private information was shared with any outside party.

"Symantec said Tuesday that the outside parties may not even have realized that they were able to access users' profiles, photos and chats.

"The problem was leaking "access tokens," which are akin to spare keys that let apps access your profile if you gave them permission, Symantec researcher Nishant Doshi said in a blog post.

"Doshi estimates that some 100,000 applications were enabling the data leak as of April. Over the years, however, hundreds of thousands of applications may have accidentally leaked millions of access tokens to outside parties." (Barbara Ortutay, "Facebook Apps Leaked Data: No Evidence of Misuse," Associated Press Yahoo News, May 11 2011)

When third-party apps are installed, users selectively grant them permission to access profile data. In certain situations, a token can be passed by Facebook to these third-party applications "potentially on purpose and unfortunately very commonly by accident" in the referrer field of Web-based data requests. That data, in turn, can be shared with other third parties. (Bob Sullivan, "Facebook Flaw Leaked Millions Of User Account Access Tokens," The Red Tape Chronicles, 2011)

This incident is not the first time Facebook has been accused of leaking critical data to third parties.  Last fall, The Wall Street Journal found that many popular apps were transmitting Facebook user ID information to third parties, regardless of user privacy settings. (Emily Steel and Geoffrey A. Miller, "Facebook In Privacy Breech," The Wall Street Journal, October 18 2010)

Facebook Apps

What are Facebook apps? "Apps" are pieces of software that let Facebook's 500 million users play games or share common interests with one another. Steel and Miller said that all of the 10 most popular apps on Facebook were transmitting users' IDs to outside companies.

The apps, ranked by research company Inside Network Inc. (based on monthly users), include Zynga Game Network Inc.'s FarmVille, with 59 million users, and Texas HoldEm Poker and FrontierVille. Steel and Miller reported that three of the top 10 apps, including FarmVille, also had been transmitting personal information about a user's friends to outside companies.

Applications are also a growing source of revenue beyond advertising for Facebook itself, which sells its own  virtual currency that can be used to pay for games.

Available Information
  Steven Levy ("Facebook's Stealth Attack on Google Exposes Its Own Privacy Problem," WIRED, May 13 2011) reported, "Facebook used to have an implicit promise with its users. Basically the deal was what goes on Facebook stays on Facebook. But over the past couple of years Facebook has chosen to alter the deal."

But, Levy continued, "Certain profile information became available outside of Facebook, easily searchable via Google and other means. (Users can opt out of showing this but relatively few do.) Some of that profile information includes a few of the people on the user's friend list. By repeatedly pinging public profiles, it's possible for Google or anyone else to figure out pretty much all your friends."

What Is the Bottom Line?

So, it seems that Facebook has put information on the open web by default. Let it be so. What, besides apps, should be regarded as questionable information on Facebook accounts? Certain precautions can be taken by the Facebook faithful to insure a degree of privacy. Still, the question remains: What information will continue to leak into the hands of strangers?

A point or two to consider:

1. Unless people actively take steps to opt out, it's possible for "friends of friends" (i.e., strangers) to view someone's personal information on Facebook.

2. Most people do not take steps to hide their connections and a Facebook user's friend list is open by default to half a billion Facebook users.

Here is a site that titled "How to Protect Your Private Information On Facebook."

Post a Comment