An anonymous reader writes "Remember the Facebook News Feed privacy uproar? What about the Beacon scandal from late last year? Privacy activists are rallying around yet another major issue at Facebook, in which the company is secretly sharing user data with third parties. Researchers from the University of Virginia recently announced that in a study of the top 150 Facebook applications, more than 90% were given access to information that was not needed to function correctly. That Scrabble or Superpoke application you really like? Its developers get access to your religion, sexuality and home town. Facebook's position was summed up by Georgetown Law Professor Dan Solove, 'They seem to be going on the assumption that if someone uses Facebook, they really have no privacy concerns.' Do Facebook users deserve privacy? "
If you post it on the 'net, it's public information, no matter how secure or private the application is. One must treat his or her information on social networks this way, no exceptions.
As you know, IQ doesn't necessarily correlate positively with the hours in front of a computer. It may have been true in the 50s, 60s, 70s, and 80s, and to some extent the 90s, but surely not for this decade... The undeniable charm of the Internet destroyed that.:)
I disagree.. mostly. Facebook users aren't really looking for privacy when they post information, but when someone no longer wants the service they should sure AS HELL be able to delete their personal information. Facebook won't delete accounts, they'll only deactivate your account. I've seen no evidence that my account is actually deactivated since I still recieve friend requests. These third party services that Facebook offered has actually made the overall product much more irritating, if thats even poss
Even pictures you didn't know existed get posted on the Internet and become essentially public information tied to you through facebook due to your meddling friends. This is how my privacy was breached: I accepted a friend's invitation to join Facebook. I input my real name, username and a password. That's it, I added no other details because I didn't really want an account, I just wanted to see pictures in his profile. Little did I know that I'd be subsequently deluged with requests from various acquaintan
If you post it on the 'net, it's public information, no matter how secure or private the application is. One must treat his or her information on social networks this way, no exceptions.
Well put. We must run under the assumptions that whatever information we provide to websites will not remain confidential, privileged, private or otherwise secure. Sites have privacy policies for a reason, yet some users seem to get upset when something clearly outlined in the policy comes to light. I, on my part, read the FaceBook applications privacy policy and never had any hopes that my information would be secure.
No they don't. You get a 'your friend has added X, JOIN NOW' and THEN you can decide if you want to join an application you can check the box "share my data with application X"
Yes. They do.
Read the article, and if you're on Facebook, go to "privacy" -> "Applications" -> "Other Applications" and read what it says under "What Other Users Can See via the Facebook Platform" very, very carefully.
Well that's what I thought. But it appears that's actually not the case. If you RTFA and click through, you find a page that explicitly says that friends applications can view my data. Which presumably they can then do more or less anything with, seeing as how keeping that data is only "enforced" by the terms of service. The defaults are set such that my friends apps, any by implication anybody who can code, can view everything except my sexual preferences, basically.
That's pretty surprising, and I'm glad Ms Felt has called this out. It means that anybody who writes a moderately successful app can build a giant database of things that I never intended to be in any database other than Facebooks. Part of the reason Facebook has been successful is that it does actually have privacy controls, and people feel they can share their data with only their friends (and facebook inc, of course, but that's only one company). The fact that it's not true is a pretty gaping oversight.
What I find especially funny is the big bold sign at the top saying "Facebook does not sell your personal data". No, they give it away for free instead. Great.
So you don't do use a bank or credit card that has an optional web interface or send any email or say anything in an instant message or skype conversation that you'd prefer to keep private?
Your advice is wildly overreaching. It's like telling MADD, "if you don't want to get killed by drunk drivers, don't leave your house."
I use online banking, and I damn well expect my account to not be publicly available. Why can't I expect a social networking site to respect my privacy the same way my bank does?
I agree with you that information posted to social networks can't be considered private, but that's because they are broken, and their users have the right to complain about it.
Now, true, half my friends post pics of their drunken parties (yo! Aislinn and Katelyn! love the pics!), but so far I'm not in any of the pics, and I happen to know some of my friends are not the people they say they are...
Nobody trusts the man, man. We all realize you're all pervs.
Personally, given their abysmal track record so far, I'd say that anyone using them at this point should assume they have no privacy at all. To some extent facebook is guilty of false advertising, by seeming to allow you to restrict other users from seeing some of your information. But why anyone who put anything on Facebook would expect any privacy at all, is a mystery to me.
I haven't seen a company this determined to shoot themselves in the foot with bad policy since Real Networks [wikipedia.org]. You'd think they would think Facebook might have realized at least some people actually do care about balancing utility with privacy.
As someone who uses Facebook and cares about privacy I find your assertion ludicrous. With the exception of the beacon debacle, the Facebook 'privacy' issues have really had more to do with the perception of privacy and bandwagon hysteria. Take the news feed for instance. People were up in arms about information being made available that they had already made available. A close analogy would be accusing Google of privacy violations for indexing your public web page.
When you add an application, it asks you quite clearly:
[ ] Know who I am and access my information.
It's the first checkbox.
Or, even better: you don't need to use applications! Hell, you don't even need to use Facebook! There are services like Hushmail for people who want privacy in their communications.
I work in Higher Education and we're just starting to get on the ball with recruiting via Social Networking (we're always years behind the curve -- I'm surprised we're this current actually) and just as with anything that you provide to a third party, you should really think about what that group needs to have from you in order for you to get what you need in return.
Higher Education is still generally based on paper marketing. Yes, we have a mass of information available on the web but it's not enough honestly and from some Noell-Levitz studies it has been found that the majority of students still want to be communicated by traditional mail marketing in addition to everything else. In fact, in the focus groups I have conducted on the topic, 89% of those that responded (pool of ~350) wanted no communication other than direct mail -- that was shocking to me, especially because they were traditional aged students (18 - 24). I have found that most students will give you their name and address (which is more than I normally will give anyone until I actually apply to the college) and not much else (no birthdate, prior education, and especially no phone number or e-mail address).
So, why are these people giving it to Facebook? Why would they trust that site more than an institution of higher education that is actually mandated by law to protect the privacy of those it deals with? I can't turn around and release any part of a student database to any third party unless its cleansed and has no identifiable information.
Personally, while Facebook is the "new big thing" in Higher Education, it's not worth it for our institution to spend all that much time recruiting by it. Our traditional data works just fine to increase enrollment through the traditional mail, phone and e-communication programs I have developed and redeveloped. That said, I really do believe that people should be very careful about what they put out on any social networking site. Contrary to the belief that there are no automated programs allowed to scour the site, they do and the data that comes back is some really interesting stuff to wade through.
89% of those that responded (pool of ~350) wanted no communication other than direct mail -- that was shocking to me, especially because they were traditional aged students (18 - 24). I have found that most students will give you their name and address (which is more than I normally will give anyone until I actually apply to the college) and not much else (no birthdate, prior education, and especially no phone number or e-mail address).
I'm 31, and much more likely to give out my home address than an emai
Wait, last time I checked Facebook doesn't automaticly install apps you have to do it and confirm you are allowing this app to acccess some of your information. They don't give third parties your info, you do.
I have a Facebook account, because as someone in that nebulous realm between college and her 30s, it's the best way to keep loose track of the people I knew in high school, college, grad school, back home, etc. But I consider it sort of a fancy Rolodex -- I've shot down every single application invitation any friend has ever sent me. They don't see why, but then again they're the ones with drunken-party-pictures on their profiles, too.
Wait, last time I checked Facebook doesn't automaticly install apps you have to do it and confirm you are allowing this app to acccess some of your information. They don't give third parties your info, you do.
RTFA (and I quote:)
To restate things--if you set your profile to private, and one of your friends adds an application, most of your profile information that is visible to your friend is also available to the application developer--even if you yourself have not installed the application.
It seems that they do give my info to third parties - third parties being all the stupid applications that my friends installed. I keep very minimal info on my facebook account and don't install any apps because they require full access to my profile, but I still went and turned this sharing off just now. WTF, why did I just learn that every application that any of the 60 of my networked friends has installed could have been happily roaming through my account without my knowledge?
Deserve? Yes, everyone deserves the right to keep their personal lives private. Should they expect privacy? Not likely. There's no free lunch in life, online or offline: why would Facebook spend many millions of dollars maintaining a social network without milking every last bit of profit out of their user base? They're going to do whatever they can get away with, period. I don't know why people find this so hard to grasp: it's like when I try to explain to people that those "free emoticons" they so fondly install are filling up somebody's offshore server with their personal information and filling their monitor with pop-up advertisements.
Maybe I'm just that suspicious, but the first time I went to look at one of those "applications" on facebook, the first checkbox in a list of a half dozen you can select before you hit "go" was a riff on "Allow this application to access my personal info" ---I automatically assumed that meant ALL my info, and promptly cancelled whatever it was.
Did anyone ever really have the assumption that that information was needed to make the app function, and not just a way of tricking users into giving up demographic info to third parties?
Personally I'm not sure Facebook is in the wrong on this one. It's up in big letters that you're giving whatever application it is access to your personal info--and all those things are OPTIONAL to place in your profile. I don't know that it should their fault that users don't think it through and then become surprised/outraged when they find out what it really means.
Totally. No one is forcing users to put their info into facebook. It's possible to register with just an email address these days. No Picture, just a name and an email.
I'm not so sure that it can be considered secret, given that when you install an application, it states up front that you are giving it access to your profile information.
Facebook's position was summed up by Georgetown Law Professor Dan Solove, 'They seem to be going on the assumption that if someone uses Facebook, they really have no privacy concerns.'
"They seem to assume that people who post their name, address, sexual orientation and gender on giant roadside billboards don't care if strangers know their name, address, sexual orientation and gender! It's like they think that people who go out into the crowded streets don't care who knows what shirt they're wearing!"
You are clearly asked if this is okay when you install the application, so facebook is not doing anything unethical. It's all above the board...
It's mostly above board. The part that isn't is that even if you don't install any Facebook applications, if one of your friends (who can see your private profile) decides to install an application, that app now has access to your profile. As TFA explains [news.com]:
Many Facebook users set their profiles to private, which stops anyone but their friends from seeing their profile details. This is a great privacy feature that can protect users from cyberstalkers and is completely gutted by the application system. To restate things--if you set your profile to private, and one of your friends adds an application, most of your profile information that is visible to your friend is also available to the application developer--even if you yourself have not installed the application.
(Emphasis in original.)
You can disable this loophole in Facebook's settings (go to Privacy > Applications > Other Applications and set it to "do not share"), but it isn't made very clear that by default your private details are nevertheless accessible to third-party apps through your friends list. Facebook should make this much more explicit (or perhaps have this setting default to "do not share" for anyone who sets their main profile to private?).
Dude, what is so hard here? It is an API. Do people typically customize an API for every user (as in application using the API) to limit the available calls only to what is needed? It is an interface. The data available in said interface is CLEARLY DOCUMENTED. Yes, technically Scrabble has access to the religion of its users. Yes, it could be storing this.
Seriously, what is confusing here? You have to agree when you add an application that it will be able to access your profile data. When you say 'yes, allow this', why would you be surprised that the application is then allowed to do what you just allowed?
You're right, of course. The fact is that Facebook provides a uniform, generic API. It's up to application developers which bits of information are relevant to their application.
But that's not to say this is the only way to do it. It would be possible, for instance, to have the API set such that the application initially makes a request for which database fields it will need to use. Then the application is only allowed to use those fields; all others are invisible. When a user installs an app, it clearly shows which fields the app will be using. This would allow users to make informed choices about which apps to install. If "SuperPoke" says it will access your friends list, that's fine. If it says it will access your address and phone number, that's suspicious.
My point is that Facebook decided to implement a binary security model: either you don't install the app, or you give it access to everything. This doesn't seem like the best model. As a general security rule, an application should be given access to the absolute minimum breadth of resources/data needed to do its job properly.
This is why I don't install Facebook apps: there is no mechanism for controlling the security or even establishing a chain of trust for the application developer.
I have never bought into the argument that communicating online should always be legally regarded as the equivalent of having a conversation in public. People frequently put access controls and encryption on information sent over the Internet, and it's not like every person on the Internet has the ability to listen in on what you're saying in an IM conversation, emails, etc. There should be a reasonable basis to assume privacy in certain contexts, such as email and IM. IMO, the law should sanction people who eavesdrop on such communications without a good reason.
With Facebook, it all depends on the context. They should be required to show what information they are passing onto their application developers, but there should be no legal protection beyond that. People should be able to sell off their personal information in exchange for something they want. The only reasonable issue here is when the user is not able to reasonably find out and consent to the sharing of the information.
Personally, I am a lot more concerned with things like the FBI's latest attempts to get carte blanche access to email. If there is any institution that will destroy privacy in America, it's the federal government. Every major information/privacy issue that comes back to haunt the average person stems from the law or law enforcement agencies. The reason we worry about identity theft on the financial side of things is that the **law** does not put the onus on the lender to verify the identity of their customer. Why should it be my responsibility to ensure that someone isn't signing up in my name for credit cards? You worry about devastating legal decisions for privacy? The precedents are being set by the DoJ, not corporate America.
It has the potential to be a really great tool, but there's a little too much social in this social network. The boundaries aren't clear and simple, and just about every transaction *REALLY WANTS* to share your information with other people.
I can't count how many times I've received notifications from people who were intending to send a private message to someone else. Whenever I do a quiz or something, I have to go out of my way not to "share with my friends" or "invite my friends to beat my score."
I started reading the virginia.edu piece, and came across this line:
It's been a wild success: the most poopular Facebook applications have around 24 million users[...]
That's just it: no one who adds the applications gives a crap about their privacy. When you add an application, there are several checkboxes, and you don't have to have them ALL checked in order to add an application, but the only one you DO have to have checked is the "Allow this application to know who I am and to access my information" box. If you uncheck that and try to add the application, Facebook tells you that you need to
Facebook users deserve privacy in the same way that swimmers deserve dryness. The whole point of social networks is that it allows one to easily control the information that they radiate. Remember when all we had to go on was rumours? Now we know who is gay, we know whose brother was killed in a car accident last year, we know that our previous significant other is now dating again. All of these things that once might have been awkward to bring up are now just pieces of information. If facebook and myspa
These people are putting their personal information up on a site, the purpose of which is to share your personal information on. Now, granted there are varying degrees of access you can grant people, but I wouldn't assume too much privacy in doing so. I think the real problem here is people just assume they can go handing out whatever willy nilly and it'll just "all work out."
My take? If you don't want your information shared with abandon, don't put it on a site that has made its while business on shar
I got burned once too many times by crappy idiotic third rate nonsense "applications" on facebook. Someone sent me a kiss, so I sent one back, but I had a bunch of windows open and didn't notice that I had just sent a kiss to EVERYONE. Now they all know I love them, that's no big deal, but it's the assumption of broadcasting and the will to spam itself that I find offensive about facebook.
So, one day, I just sat down and yanked most of the applications out. so, if you send me something on the Funwall, sorry - I won't be seeing it. And if you have some dorky movie compatibility quiz, I won't be playing the game. If you want to contact me, there's a facility for sending messages and comments. If you can't get put enough words together to do that, then you're probably not one of my friends, anyway.
Facebook has outlived its usefulness.
Perhaps something like allvoices.com [allvoices.com] will be the next big thing because there, you have to do something - contribution to the data matters more than just being a consuming node for a data mine.
I have a friend who thought that the check box "Allow this application to know who I am and access my information" meant:
Allow it to know my name. Allow it to 'know' the info I put into the application itself. Ie, what I type INTO the funwall. She didn't know that it meant 'access my PROFILE information'.
I think this should be clarified to: "know who I am and access all of my profile information."
I don't see how this is a big secret. When you add an application there is a checkbox that says (and I quote), "Allow this application to... Know who I am and access my information." If you uncheck this box Facebook tells you "Granting access to information is REQUIRED to add applications. If you are not willing to grant access to your information, DO NOT ADD THIS APPLICATION."
I saw this the first time I went to add a Facebook app, and thought "hey, I don't want that, so I'm not going to add it."
Facebook is an advertising platform just like everyone else, so either I'm missing something (which, I'll admit is entirely possible--I recognize that I make mistakes all the time), or is there really a story here?
BTW, just read the terms of service for each application--if it doesn't say what they will do with your data, don't add the app. Then it isn't a whole lot different than putting the same data into any other web application. Also, being aware that this can happen, don't put data on your facebook profile you don't want the rest of the world seeing. It's not rocket science-just common sense.
Net (Score:5, Insightful)
Re:Net (Score:5, Insightful)
Parent
IQ != ? (Score:3, Funny)
-
Re: (Score:3, Insightful)
It's not that simple (Score:3, Informative)
Re: (Score:3, Informative)
If you post it on the 'net, it's public information, no matter how secure or private the application is. One must treat his or her information on social networks this way, no exceptions.
Well put. We must run under the assumptions that whatever information we provide to websites will not remain confidential, privileged, private or otherwise secure. Sites have privacy policies for a reason, yet some users seem to get upset when something clearly outlined in the policy comes to light. I, on my part, read the FaceBook applications privacy policy and never had any hopes that my information would be secure.
http://developers.facebook.com/user_terms.php [facebook.com]
(i) any information provided by you and visible to you on the Facebook Site, excluding any of your Contact Information, and
(ii) the user ID associated with your Facebook Site profile.
If you're concerned about how your information will be shared, read the policies and si
Re:Net (Score:5, Informative)
Yes. They do.
Read the article, and if you're on Facebook, go to "privacy" -> "Applications" -> "Other Applications" and read what it says under "What Other Users Can See via the Facebook Platform" very, very carefully.
Parent
Re:Net (Score:5, Insightful)
Well that's what I thought. But it appears that's actually not the case. If you RTFA and click through, you find a page that explicitly says that friends applications can view my data. Which presumably they can then do more or less anything with, seeing as how keeping that data is only "enforced" by the terms of service. The defaults are set such that my friends apps, any by implication anybody who can code, can view everything except my sexual preferences, basically.
That's pretty surprising, and I'm glad Ms Felt has called this out. It means that anybody who writes a moderately successful app can build a giant database of things that I never intended to be in any database other than Facebooks. Part of the reason Facebook has been successful is that it does actually have privacy controls, and people feel they can share their data with only their friends (and facebook inc, of course, but that's only one company). The fact that it's not true is a pretty gaping oversight.
What I find especially funny is the big bold sign at the top saying "Facebook does not sell your personal data". No, they give it away for free instead. Great.
Parent
Re: (Score:3, Insightful)
Your advice is wildly overreaching. It's like telling MADD, "if you don't want to get killed by drunk drivers, don't leave your house."
Re:Net (Score:4, Insightful)
I agree with you that information posted to social networks can't be considered private, but that's because they are broken, and their users have the right to complain about it.
Parent
Re: (Score:3, Insightful)
If you gave the social networking site as much money as you do your bank, maybe you could.
So basically (Score:5, Interesting)
Parent
The assumption is that we tell Facebook the truth (Score:4, Funny)
Now, true, half my friends post pics of their drunken parties (yo! Aislinn and Katelyn! love the pics!), but so far I'm not in any of the pics, and I happen to know some of my friends are not the people they say they are
Nobody trusts the man, man. We all realize you're all pervs.
Deserve Privacy? (Score:2, Insightful)
At this point, I'd say no.
Personally, given their abysmal track record so far, I'd say that anyone using them at this point should assume they have no privacy at all. To some extent facebook is guilty of false advertising, by seeming to allow you to restrict other users from seeing some of your information. But why anyone who put anything on Facebook would expect any privacy at all, is a mystery to me.
Re: (Score:3, Insightful)
Perhaps they shouldn't expect it, but that's different.
Re: (Score:2)
Wow (Score:5, Interesting)
Re: (Score:2)
With the exception of the beacon debacle, the Facebook 'privacy' issues have really had more to do with the perception of privacy and bandwagon hysteria. Take the news feed for instance. People were up in arms about information being made available that they had already made available. A close analogy would be accusing Google of privacy violations for indexing your public web page.
This application issue is a non-starter. Fa
Information sharing is optional (Score:2, Insightful)
When you add an application, it asks you quite clearly:
[ ] Know who I am and access my information.
It's the first checkbox.
Or, even better: you don't need to use applications! Hell, you don't even need to use Facebook! There are services like Hushmail for people who want privacy in their communications.
Re:Information sharing is optional (Score:5, Informative)
Parent
Re: (Score:2)
Just like security.
conclusion: (Score:2, Interesting)
it's getting to the point where you really don't have to think anymore to solve problems in information technology
just read slashdot headlines. problems, and solutions, present themselves. often in temporal order. right next to each other
(scratches head)
and... (Score:2)
Don't supply it in the first place! (Score:5, Interesting)
Higher Education is still generally based on paper marketing. Yes, we have a mass of information available on the web but it's not enough honestly and from some Noell-Levitz studies it has been found that the majority of students still want to be communicated by traditional mail marketing in addition to everything else. In fact, in the focus groups I have conducted on the topic, 89% of those that responded (pool of ~350) wanted no communication other than direct mail -- that was shocking to me, especially because they were traditional aged students (18 - 24). I have found that most students will give you their name and address (which is more than I normally will give anyone until I actually apply to the college) and not much else (no birthdate, prior education, and especially no phone number or e-mail address).
So, why are these people giving it to Facebook? Why would they trust that site more than an institution of higher education that is actually mandated by law to protect the privacy of those it deals with? I can't turn around and release any part of a student database to any third party unless its cleansed and has no identifiable information.
Personally, while Facebook is the "new big thing" in Higher Education, it's not worth it for our institution to spend all that much time recruiting by it. Our traditional data works just fine to increase enrollment through the traditional mail, phone and e-communication programs I have developed and redeveloped. That said, I really do believe that people should be very careful about what they put out on any social networking site. Contrary to the belief that there are no automated programs allowed to scour the site, they do and the data that comes back is some really interesting stuff to wade through.
Re: (Score:2)
I'm 31, and much more likely to give out my home address than an emai
Automaticly install applications? (Score:4, Insightful)
Re: (Score:2)
I have a Facebook account, because as someone in that nebulous realm between college and her 30s, it's the best way to keep loose track of the people I knew in high school, college, grad school, back home, etc. But I consider it sort of a fancy Rolodex -- I've shot down every single application invitation any friend has ever sent me. They don't see why, but then again they're the ones with drunken-party-pictures on their profiles, too.
Saying, "the average user shou
Re:Automaticly install applications? (Score:5, Informative)
RTFA (and I quote:)
To restate things--if you set your profile to private, and one of your friends adds an application, most of your profile information that is visible to your friend is also available to the application developer--even if you yourself have not installed the application.
It seems that they do give my info to third parties - third parties being all the stupid applications that my friends installed. I keep very minimal info on my facebook account and don't install any apps because they require full access to my profile, but I still went and turned this sharing off just now. WTF, why did I just learn that every application that any of the 60 of my networked friends has installed could have been happily roaming through my account without my knowledge?
Parent
So what's the Facebook Privacy Policy? (Score:2)
Deserve or expect privacy? (Score:5, Insightful)
Re: (Score:2)
As with all things fashionable and yet ultimately empty, Facebook seems to have matured. It's not the next big thing any more. It's so last year.
So why is this news again...? (Score:5, Insightful)
Did anyone ever really have the assumption that that information was needed to make the app function, and not just a way of tricking users into giving up demographic info to third parties?
Personally I'm not sure Facebook is in the wrong on this one. It's up in big letters that you're giving whatever application it is access to your personal info--and all those things are OPTIONAL to place in your profile. I don't know that it should their fault that users don't think it through and then become surprised/outraged when they find out what it really means.
Re: (Score:2)
Secretly? (Score:2)
Translated Quote... (Score:2, Insightful)
uses Facebook, they really have no privacy concerns.'
"They seem to assume that people who post their name, address, sexual orientation and gender on giant roadside billboards don't care if strangers know their name, address, sexual orientation and gender! It's like they think that people who go out into the crowded streets don't care who knows what shirt they're wearing!"
Re:Translated Quote... (Score:5, Informative)
You can disable this loophole in Facebook's settings (go to Privacy > Applications > Other Applications and set it to "do not share"), but it isn't made very clear that by default your private details are nevertheless accessible to third-party apps through your friends list. Facebook should make this much more explicit (or perhaps have this setting default to "do not share" for anyone who sets their main profile to private?).
Parent
It's an API (Score:5, Insightful)
Seriously, what is confusing here? You have to agree when you add an application that it will be able to access your profile data. When you say 'yes, allow this', why would you be surprised that the application is then allowed to do what you just allowed?
http://developers.facebook.com/documentation.php?doc=fql [facebook.com]
Re:It's an API (Score:4, Insightful)
But that's not to say this is the only way to do it. It would be possible, for instance, to have the API set such that the application initially makes a request for which database fields it will need to use. Then the application is only allowed to use those fields; all others are invisible. When a user installs an app, it clearly shows which fields the app will be using. This would allow users to make informed choices about which apps to install. If "SuperPoke" says it will access your friends list, that's fine. If it says it will access your address and phone number, that's suspicious.
My point is that Facebook decided to implement a binary security model: either you don't install the app, or you give it access to everything. This doesn't seem like the best model. As a general security rule, an application should be given access to the absolute minimum breadth of resources/data needed to do its job properly.
This is why I don't install Facebook apps: there is no mechanism for controlling the security or even establishing a chain of trust for the application developer.
Parent
Re:It's an API (Score:4, Informative)
http://developers.facebook.com/documentation.php?v=1.0&doc=misc [facebook.com]
Parent
Yes and no (Score:4, Insightful)
With Facebook, it all depends on the context. They should be required to show what information they are passing onto their application developers, but there should be no legal protection beyond that. People should be able to sell off their personal information in exchange for something they want. The only reasonable issue here is when the user is not able to reasonably find out and consent to the sharing of the information.
Personally, I am a lot more concerned with things like the FBI's latest attempts to get carte blanche access to email. If there is any institution that will destroy privacy in America, it's the federal government. Every major information/privacy issue that comes back to haunt the average person stems from the law or law enforcement agencies. The reason we worry about identity theft on the financial side of things is that the **law** does not put the onus on the lender to verify the identity of their customer. Why should it be my responsibility to ensure that someone isn't signing up in my name for credit cards? You worry about devastating legal decisions for privacy? The precedents are being set by the DoJ, not corporate America.
I've really started to dislike Facebook (Score:2)
It has the potential to be a really great tool, but there's a little too much social in this social network. The boundaries aren't clear and simple, and just about every transaction *REALLY WANTS* to share your information with other people.
I can't count how many times I've received notifications from people who were intending to send a private message to someone else. Whenever I do a quiz or something, I have to go out of my way not to "share with my friends" or "invite my friends to beat my score."
If You Want It Private Keep It Private (Score:3, Insightful)
> no privacy concerns.
Sounds like a reasonable assumption to me.
> Do Facebook users deserve privacy?
Sure. And they can have it. All they need to do is keep the stuff that they want to remain private off Facebook.
It's quite poopular (Score:2, Informative)
It's been a wild success: the most poopular Facebook applications have around 24 million users[...]
That's just it: no one who adds the applications gives a crap about their privacy. When you add an application, there are several checkboxes, and you don't have to have them ALL checked in order to add an application, but the only one you DO have to have checked is the "Allow this application to know who I am and to access my information" box. If you uncheck that and try to add the application, Facebook tells you that you need to
privacy? (Score:2)
The whole point of social networks is that it allows one to easily control the information that they radiate. Remember when all we had to go on was rumours? Now we know who is gay, we know whose brother was killed in a car accident last year, we know that our previous significant other is now dating again. All of these things that once might have been awkward to bring up are now just pieces of information. If facebook and myspa
Well, I kinda agree... (Score:2)
These people are putting their personal information up on a site, the purpose of which is to share your personal information on. Now, granted there are varying degrees of access you can grant people, but I wouldn't assume too much privacy in doing so. I think the real problem here is people just assume they can go handing out whatever willy nilly and it'll just "all work out."
My take? If you don't want your information shared with abandon, don't put it on a site that has made its while business on shar
I don't use any of the applications (Score:3, Interesting)
So, one day, I just sat down and yanked most of the applications out. so, if you send me something on the Funwall, sorry - I won't be seeing it. And if you have some dorky movie compatibility quiz, I won't be playing the game. If you want to contact me, there's a facility for sending messages and comments. If you can't get put enough words together to do that, then you're probably not one of my friends, anyway.
Facebook has outlived its usefulness.
Perhaps something like allvoices.com [allvoices.com] will be the next big thing because there, you have to do something - contribution to the data matters more than just being a consuming node for a data mine.
RS
Allow this application to... (Score:3, Interesting)
Allow it to know my name. Allow it to 'know' the info I put into the application itself. Ie, what I type INTO the funwall. She didn't know that it meant 'access my PROFILE information'.
I think this should be clarified to: "know who I am and access all of my profile information."
"Secretly"? (Score:3, Insightful)
I saw this the first time I went to add a Facebook app, and thought "hey, I don't want that, so I'm not going to add it."
Facebook is an advertising platform just like everyone else, so either I'm missing something (which, I'll admit is entirely possible--I recognize that I make mistakes all the time), or is there really a story here?
BTW, just read the terms of service for each application--if it doesn't say what they will do with your data, don't add the app. Then it isn't a whole lot different than putting the same data into any other web application. Also, being aware that this can happen, don't put data on your facebook profile you don't want the rest of the world seeing. It's not rocket science-just common sense.
Facebook Developer (Score:4, Insightful)
Here's the info I can see for any user that adds my app and clicks the box:
uid*, first_name, last_name, name*, pic_small, pic_big, pic_square, pic, affiliations, profile_update_time, timezone, religion, birthday, sex, hometown_location, meeting_sex, meeting_for, relationship_status, significant_other_id, political, current_location, activities, interests, is_app_user, music, tv, movies, books, quotes, about_me, hs_info, education_history, work_history, notes_count, wall_count, status, has_added_app
(More info on the already-linked http://developers.facebook.com/documentation.php?doc=fql [facebook.com] )
To me this seems like way, way too much. I haven't told our marketing people we can get all this.
Re: (Score:2)
So you're on facebook as George Bush?