Scrupuli
blunt essays with sharp points
Privacy Risks of Facebook Applications
by ScrvpvlvsJan 8, 2009 6:54 PM–I was just asked about the privacy risks of what are called Facebook applications. It is well worth looking at, and I had given it only superficial attention.
I will begin with what a Facebook application is. Then I will present the personal data that is at stake. I will share my beliefs about how far you can trust a Facebook application with this data. Finally, I will suggest Facebook settings that I think are safe.
-
What is a Facebook application?
A Facebook application is an add-on to Facebook. Facebook offers a few of its own, such as Marketplace. The rest are contributed by web programmers all over the world. Whenever you get the message:
Allow Access?
Allowing (application name) access will let it pull your profile information, photos, your friends' info, and other content that it requires to work.
Allow or cancelThat is a Facebook application wanting your personal data.
-
What information can a Facebook application get from Facebook?
Almost everything you were willing to tell Facebook.
According to Facebook, when you “Allow” an application, the application sees the same personal data that your friends do, except contact data (your address, phone, e-mail, IM, or website). It does not see unshared data such as your password.
When a friend of yours “Allows” a Facebook application, the application sees limited data about you, too. This limited data can be extensive or it can be nothing at all, depending on your preference.
-
How far can you trust a Facebook application?
You might as well trust Facebook’s own applications, since you were willing to give the information to Facebook. But what about contributed applications? BBC looked into this in 2008. A BBC web programmer created an innocent looking Facebook application which secretly skimmed personal data from any user who allowed it, plus their friends. (This is called a Trojan horse attack.) It was three hours of effort. I looked into Facebook programming, and saw for myself how easy it would be.
But BBC knows of no badly behaving Facebook applications (other than theirs). They say Facebook has a team that monitors the site for bad applications. If it is so easy to do, why isn’t Facebook overrun with bad applications? One possibility is that Facebook’s team is doing its job: when a bad application is released into the wild, it is detected and removed. A more grim possibility is that there are bad applications in the wild, but they have avoided detection. BBC did not release their bad application into the wild, so we don’t know if it was detectable.
I think you can trust contributed applications to keep your personal data private only if you think Facebook is policing them perfectly, and I don’t think that’s been proven.
-
So what do I do about Facebook applications?
I treat anything I post to Facebook (other than my password and contact information) as if it might be available for anyone in the world to see. If I would be uncomfortable with that, I don’t post it.
However, that does not work for your birthdate. Facebook requires you to supply it, and it is potentially useful for identity theft. Nevertheless, it is part of the personal data that applications can see.
For that reason, when an application asks to be allowed, I check it out first. And until I feel pretty sure that it is not more than what it seems to be, I don’t allow it. Also, I have denied my “Basic Info” to applications allowed by friends, because that protects my birthdate from applications which I have not checked out personally.
Another way to secure your birthdate is to supply the wrong date. The Facebook terms of service only require you to say truthfully whether you are 13+ or 18+. As long as the date you supply does not misrepresent your age category, you are not violating the terms of service. You could save your friends some confusion by supplying the true month and date, and changing only the year.
You control which applications you allow to access your personal data on these pages:
http://www.facebook.com/editapps.php?v=allowed
http://www.facebook.com/editapps.php?v=additional
You control what personal data your friends’ applications can access on this page:
http://www.facebook.com/privacy/?view=platform&tab=other
Facebook keeps a list of all applications on this page:
http://www.facebook.com/apps/
Facebook documents the personal data available to applications on this page:
http://wiki.developers.facebook.com/index.php/FQL_Tables
Here is the BBC article.
http://news.bbc.co.uk/2/hi/programmes/click_online/7375772.stm
Please comment if you have anything to add or correct in this article. I would like it to be as accurate and useful for Facebook users as possible.
Labels: application, BBC, birthdate, birthday, contributed, data center, developers, Facebook, identity theft, password, personal information, privacy, profile, programmers, risks, security, skimming, trojan horse, trust, web
(go to complete article)
about.me
Follow
vs.
Recent Articles
Open letter re: Grinnell College alumni “lifetime”...
Spybot – Search & Destroy interferes with Lync 201...
Howard Schultz of Starbucks: firm on support for m...
In each of us, two natures are at war
Clorox does not understand how to measure bleach
Archives
November 1999June 2000
July 2000
September 2001
October 2001
February 2002
March 2002
June 2003
February 2004
June 2004
July 2004
August 2004
September 2004
February 2005
March 2005
November 2005
July 2007
March 2008
April 2008
May 2008
October 2008
November 2008
December 2008
January 2009
April 2009
September 2009
December 2009
February 2010
March 2010
May 2010
June 2010
September 2010
October 2010
November 2010
December 2010
January 2011
April 2011
June 2011
July 2011
August 2011
September 2011
December 2011
February 2012
April 2012
May 2012
June 2012
July 2012
August 2012
September 2012
November 2012
January 2013
February 2013
April 2013
February 2014
May 2014
October 2014
June 2017
February 2019
Finish each day and be done with it. You have done what you could. Tomorrow is a new day; begin it well and serenely and with too high a spirit to be encumbered with your old nonsense. —Ralph Waldo Emerson
Sometimes they fool you by walking upright.
What part of “Ph’nglui mglw’nafh Cthulhu R’lyeh wgah’nagl fhtagn” don’t you understand?
Build a man a fire, and he’ll be warm for a day. Set a man on fire, and he’ll be warm for the rest of his life. —Terry Pratchett
Never try to teach a pig to sing; it wastes your time and it annoys the pig. —Robert Heinlein
Do not ask why the past was better than the present, for this is not a question prompted by wisdom. —Ecclesiastes 7:10
Power lines abruptly stopped causing cancer in 1997 after the U.S. National Cancer Institute conducted a better study. —Robert Parks
Встретимся под столом! (Vstretimsja pod stolom: To meeting you under the table!)
The more you cry, the less you’ll pee.
Relish the love of a good woman.
It’ll never get better if you keep picking at it. —advice from Judge “Maximum” Bob Gibbs