Forgot your password?
typodupeerror
Privacy Social Networks The Internet

Facebook Sharing Too Much Personal Data With Application Developers 165

Posted by Zonk
from the keep-a-lid-on-it dept.
An anonymous reader writes "Remember the Facebook News Feed privacy uproar? What about the Beacon scandal from late last year? Privacy activists are rallying around yet another major issue at Facebook, in which the company is secretly sharing user data with third parties. Researchers from the University of Virginia recently announced that in a study of the top 150 Facebook applications, more than 90% were given access to information that was not needed to function correctly. That Scrabble or Superpoke application you really like? Its developers get access to your religion, sexuality and home town. Facebook's position was summed up by Georgetown Law Professor Dan Solove, 'They seem to be going on the assumption that if someone uses Facebook, they really have no privacy concerns.' Do Facebook users deserve privacy? "
This discussion has been archived. No new comments can be posted.

Facebook Sharing Too Much Personal Data With Application Developers

Comments Filter:
  • Net (Score:5, Insightful)

    by Rinisari (521266) on Thursday February 07, 2008 @01:45PM (#22336246) Homepage Journal
    If you post it on the 'net, it's public information, no matter how secure or private the application is. One must treat his or her information on social networks this way, no exceptions.
    • Re:Net (Score:5, Insightful)

      by CastrTroy (595695) on Thursday February 07, 2008 @01:54PM (#22336418) Homepage
      Exactly. Just look at what happened with the "private" myspace pictures. If you don't want the information getting out, don't post it on the internet.
      • IQ != ? (Score:3, Funny)

        by G3ckoG33k (647276)
        As you know, IQ doesn't necessarily correlate positively with the hours in front of a computer. It may have been true in the 50s, 60s, 70s, and 80s, and to some extent the 90s, but surely not for this decade... The undeniable charm of the Internet destroyed that. :)

        -
      • Re: (Score:3, Insightful)

        by kellyb9 (954229)
        I disagree.. mostly. Facebook users aren't really looking for privacy when they post information, but when someone no longer wants the service they should sure AS HELL be able to delete their personal information. Facebook won't delete accounts, they'll only deactivate your account. I've seen no evidence that my account is actually deactivated since I still recieve friend requests. These third party services that Facebook offered has actually made the overall product much more irritating, if thats even poss
        • by rtb61 (674572)
          The reality is that the majority of facebook users only wont to share their information with potential friends and not with corporations, a bunch of strangers who have no interest in then other than ways by which they can be exploited. While that is rather naive of them, the majority of /. must remember that they are, in IQ terms sub 120s, and more often than not sub 100s, and often don't really understand the ramifications of what they are giving away and how it can be used against them.

          The greatest prob

      • It's not that simple (Score:3, Informative)

        by Gordo_1 (256312)
        Even pictures you didn't know existed get posted on the Internet and become essentially public information tied to you through facebook due to your meddling friends. This is how my privacy was breached: I accepted a friend's invitation to join Facebook. I input my real name, username and a password. That's it, I added no other details because I didn't really want an account, I just wanted to see pictures in his profile. Little did I know that I'd be subsequently deluged with requests from various acquaintan
        • by uhlume (597871)
          http://www.facebook.com/photo_search.php [facebook.com]

          Click on each photo for larger version, then click on the words "remove tag" next to your name beneath the photo. (I believe this also prevents anyone from re-tagging the photo.)

          Unfortunately, there doesn't seem to be any way to opt out completely. (Although it occurs to me that disabling searches for your account may disable tagging as well, since the tagging feature performs an implicit search on the name. Worth an experiment.)
        • by kieran (20691)
          Have you even looked at the privacy settings (so that others cannot see from your profile what photos are tagged of you), or tried untagging yourself from thoses photos? Hint: you can't be retagged if you do.
    • Re: (Score:3, Informative)

      by Altari (1230296)

      If you post it on the 'net, it's public information, no matter how secure or private the application is. One must treat his or her information on social networks this way, no exceptions.

      Well put. We must run under the assumptions that whatever information we provide to websites will not remain confidential, privileged, private or otherwise secure. Sites have privacy policies for a reason, yet some users seem to get upset when something clearly outlined in the policy comes to light. I, on my part, read the FaceBook applications privacy policy and never had any hopes that my information would be secure.

      http://developers.facebook.com/user_terms.php [facebook.com]

      (i) any information provided by you and visible to you on the Facebook Site, excluding any of your Contact Information, and

      (ii) the user ID associated with your Facebook Site profile.

      If you're concerned about how your information will be shared, read the policies and si

      • Re: (Score:2, Informative)

        by Anusien (705743)
        It's not that simple. If your friends on Facebook add an application, that application's developer gets access to all your information.
        • Re: (Score:2, Informative)

          No they don't. You get a 'your friend has added X, JOIN NOW' and THEN you can decide if you want to join an application you can check the box "share my data with application X"
          • Re:Net (Score:5, Informative)

            by Otter Escaping North (945051) <otter.escaping.north@NOSpAM.gmail.com> on Thursday February 07, 2008 @03:51PM (#22338684) Journal

            No they don't. You get a 'your friend has added X, JOIN NOW' and THEN you can decide if you want to join an application you can check the box "share my data with application X"

            Yes. They do.

            Read the article, and if you're on Facebook, go to "privacy" -> "Applications" -> "Other Applications" and read what it says under "What Other Users Can See via the Facebook Platform" very, very carefully.

          • Re:Net (Score:5, Insightful)

            by IamTheRealMike (537420) <mike@plan99.net> on Thursday February 07, 2008 @06:08PM (#22341154) Homepage

            Well that's what I thought. But it appears that's actually not the case. If you RTFA and click through, you find a page that explicitly says that friends applications can view my data. Which presumably they can then do more or less anything with, seeing as how keeping that data is only "enforced" by the terms of service. The defaults are set such that my friends apps, any by implication anybody who can code, can view everything except my sexual preferences, basically.

            That's pretty surprising, and I'm glad Ms Felt has called this out. It means that anybody who writes a moderately successful app can build a giant database of things that I never intended to be in any database other than Facebooks. Part of the reason Facebook has been successful is that it does actually have privacy controls, and people feel they can share their data with only their friends (and facebook inc, of course, but that's only one company). The fact that it's not true is a pretty gaping oversight.

            What I find especially funny is the big bold sign at the top saying "Facebook does not sell your personal data". No, they give it away for free instead. Great.

    • Re: (Score:3, Insightful)

      by Pendersempai (625351)
      So you don't do use a bank or credit card that has an optional web interface or send any email or say anything in an instant message or skype conversation that you'd prefer to keep private?

      Your advice is wildly overreaching. It's like telling MADD, "if you don't want to get killed by drunk drivers, don't leave your house."
    • Re:Net (Score:4, Insightful)

      by heinzkunz (1002570) on Thursday February 07, 2008 @02:33PM (#22337124)
      I use online banking, and I damn well expect my account to not be publicly available. Why can't I expect a social networking site to respect my privacy the same way my bank does?

      I agree with you that information posted to social networks can't be considered private, but that's because they are broken, and their users have the right to complain about it.
      • I was going to say a similar thing, but the difference is that I dont allow anyone else to see my banking information. Its pretty much just used by and for me. Facebook is designed to network whatever you put on there, unlike a bank. I dont think you should have any expectation of privacy on a social networking site. Then again, I really dont understand the need to be in the spotlight or see the usefulness of knowing what some person I went to highschool with is having for dinner.

        If you want to broadcast y
      • Re: (Score:3, Insightful)

        by Tim Browse (9263)

        Why can't I expect a social networking site to respect my privacy the same way my bank does?

        If you gave the social networking site as much money as you do your bank, maybe you could.

        • Privacy is not a matter of money, it is a matter of will.

          And in some cases a matter of compliance with the law, I would be very surprised if they are not breaking EU or UK law... An enterprising solicitor will get them by the short hairy ones.
          • by Tim Browse (9263)

            My point was also that you deal with your bank in the matter of currency.

            In Facebook, that currency is your personal info, and your eyeballs on adverts. It's like saying why can't you deal with your bank without them having to keep hold of your money, and earn interest on it, etc. It's what they do. It's how it works.

            Facebook makes most of this reasonably obvious, but they're banking (ha!) on the average person not caring or reading what they're told.

            I don't have much opinion on whether this is good

    • So basically (Score:5, Interesting)

      by WormholeFiend (674934) on Thursday February 07, 2008 @03:33PM (#22338262)
      the title of this post should read "People are sharing too much personal data with Facebook"...
    • by Saxerman (253676)

      If you post it on the 'net, it's public information, no matter how secure or private the application is. One must treat his or her information on social networks this way, no exceptions.

      So what restrictions, if any, does this mean those who handle our information on the 'net are under to keep our information private? Does this free pass to treat our information as public only apply to 'social networking sites' and what then qualifies as a social networking site? If I do my taxes online, does that become

  • by WillAffleckUW (858324) on Thursday February 07, 2008 @01:45PM (#22336250) Homepage Journal
    Do you really think I'm a Pastafarian?

    Now, true, half my friends post pics of their drunken parties (yo! Aislinn and Katelyn! love the pics!), but so far I'm not in any of the pics, and I happen to know some of my friends are not the people they say they are ...

    Nobody trusts the man, man. We all realize you're all pervs.
  • Deserve Privacy? (Score:2, Insightful)

    by FuzzyDaddy (584528)
    Do Facebook users deserve privacy?

    At this point, I'd say no.

    Personally, given their abysmal track record so far, I'd say that anyone using them at this point should assume they have no privacy at all. To some extent facebook is guilty of false advertising, by seeming to allow you to restrict other users from seeing some of your information. But why anyone who put anything on Facebook would expect any privacy at all, is a mystery to me.

    • Re: (Score:3, Insightful)

      by geekoid (135745)
      of course the deserve privacy, everybody does.

      Perhaps they shouldn't expect it, but that's different.
    • by vanyel (28049) *
      The whole point of facebook is to share information; if you want it to be private, don't put it online.
      • by xaxa (988988)
        The whole point of Facebook was to share information with people at your school/college/university.

        I was not impressed to find out one day that what was previously available only to people with an email address belonging to my university was suddenly available to anyone claiming to be from London (i.e. in the London 'network').

        Now, it seems the whole point of Facebook is to make as much money as possible through advertising. It's time for the next networking site.
    • by quantaman (517394)
      Just like security privacy isn't a binary state. Do I want everyone in the world to know my relationship status? Maybe not. If someone is really interested, pokes around, and finds out, do I really care? Maybe, though if it was non-private enough to let some people know than that nosey 3rd person probably had a bunch of other ways to find out anyway.
  • Wow (Score:5, Interesting)

    by sjbe (173966) on Thursday February 07, 2008 @01:47PM (#22336298)
    I haven't seen a company this determined to shoot themselves in the foot with bad policy since Real Networks [wikipedia.org]. You'd think they would think Facebook might have realized at least some people actually do care about balancing utility with privacy.
    • As someone who uses Facebook and cares about privacy I find your assertion ludicrous.

      With the exception of the beacon debacle, the Facebook 'privacy' issues have really had more to do with the perception of privacy and bandwagon hysteria. Take the news feed for instance. People were up in arms about information being made available that they had already made available. A close analogy would be accusing Google of privacy violations for indexing your public web page.

      This application issue is a non-starter. Fa
      • by sjbe (173966)

        the Facebook 'privacy' issues have really had more to do with the perception of privacy

        Right. That's why the CEO publicly apologized for the news feed [facebook.com] and beacon [facebook.com] and there has been widespread discussion about a host of other issues [wikipedia.org] and concerns. Companies that are responsible with privacy issues pretty much don't typically get this much bad press. It's not just once or twice.

        People can make public whatever information about themselves they choose and I support that. But if a company is going to make money from potentially sensitive information then they have a responsibility to be carefu

        • Right. That's why the CEO publicly apologized for the news feed and beacon...

          I believe your intelligence is sufficiently adequate to imagine situations where an apology might be issued even if one is not technically or actually at fault. So, I find this particular argument disingenuous rather than compelling. ...and there has been widespread discussion about a host of other issues and concerns.

          Again, with the caveat of beacon, the linked issues are:

          1. Concerns about the privacy policy itself. Since Faceboo
          • Easily dealt with through Facebook's privacy controls.

            Serious question, but could you tell me how I can stop sharing, say, my demographic with, say, Scrabulous? I clicked on 'Edit Settings' at the application, and got the following stuff:-

            Left Menu: Show this in my left-hand menu.
            News Feed: Publish stories about this in my News Feed.
            Mini-Feed: Publish stories about this in my Mini-Feed.
            Profile Links: Add a link below the profile picture to any profile.
            Email: Allow this application to contact me vi

            • Serious question, but could you tell me how I can stop sharing, say, my demographic with, say, Scrabulous?

              Don't install it. If you want to use an application you have to provide access to your information. On the other hand, the application is not allowed to store the information. (AFAICT, basically the application uses your information to run and/or to serve targeted ads.)

              If you haven't installed the application go to the "Other Applications" area of the applications privacy area and you can choose what in

  • When you add an application, it asks you quite clearly:

    [ ] Know who I am and access my information.

    It's the first checkbox.

    Or, even better: you don't need to use applications! Hell, you don't even need to use Facebook! There are services like Hushmail for people who want privacy in their communications.

    • by phantomcircuit (938963) on Thursday February 07, 2008 @02:14PM (#22336736) Homepage
      Yeah and if you un-check that box ZERO of the applications will work.
      • by B3ryllium (571199)
        Privacy has always been achieved at the expense of convenience.

        Just like security.
      • Would you just rather it be a form that says "You understand that your information will be shared with the application" with "I understand" and "I do not want to share my information" boxes? If a user installs a photo-sharing application, where does he/she think the application gets it's photos from? What's your point?
        • by novakyu (636495)

          If a user installs a photo-sharing application, where does he/she think the application gets it's photos from? What's your point?

          On the other hand, what business does a flash game have to do with any of anybody's personal data? Or, for that matter, why should the photo-sharing application be able to see which groups you are in, who your friends are (well, just *maybe* this has some use, such as privacy control of pictures, but even this ought to be centralized in Facebook itself, not in a third-party app), or what notes you have written?

          This kind of thing is not difficult to implement and has been done since the days of Titanic (if

    • by dlim (928138)

      Sure, sharing information is optional; but it would be wise for Facebook to present more detail when installing 3rd party applications. Facebook's data service should require that an application specifies the information (on a field basis) that it wants to use before it can access the data. Facebook could then easily report to the user what information the application wants to use. This would give Facebook users a reasonable idea of whether the application appears trustworthy or not. It should also requ

    • by novakyu (636495)

      There are services like Hushmail for people who want privacy in their communications.

      Because that has a proven record of working so well [slashdot.org]?

      No, if you really want privacy in your communication, you encrypt the plaintext on your own computer and never transmit on the net anything that is not encrypted. You trust no one. Especially people who say that they will keep your stuff private. It's not paranoia when there are people out to get you.

      Having said that, I don't care about my (several) Facebook profiles (and privacy of those profiles) either, because it's all filled with lies, damned lies, a

  • conclusion: (Score:2, Interesting)

    facebooks should just adopt openid

    it's getting to the point where you really don't have to think anymore to solve problems in information technology

    just read slashdot headlines. problems, and solutions, present themselves. often in temporal order. right next to each other

    (scratches head)
  • ...cue mass Facebook protest in 5, 4, 3, ...
  • by garcia (6573) on Thursday February 07, 2008 @01:51PM (#22336346) Homepage
    I work in Higher Education and we're just starting to get on the ball with recruiting via Social Networking (we're always years behind the curve -- I'm surprised we're this current actually) and just as with anything that you provide to a third party, you should really think about what that group needs to have from you in order for you to get what you need in return.

    Higher Education is still generally based on paper marketing. Yes, we have a mass of information available on the web but it's not enough honestly and from some Noell-Levitz studies it has been found that the majority of students still want to be communicated by traditional mail marketing in addition to everything else. In fact, in the focus groups I have conducted on the topic, 89% of those that responded (pool of ~350) wanted no communication other than direct mail -- that was shocking to me, especially because they were traditional aged students (18 - 24). I have found that most students will give you their name and address (which is more than I normally will give anyone until I actually apply to the college) and not much else (no birthdate, prior education, and especially no phone number or e-mail address).

    So, why are these people giving it to Facebook? Why would they trust that site more than an institution of higher education that is actually mandated by law to protect the privacy of those it deals with? I can't turn around and release any part of a student database to any third party unless its cleansed and has no identifiable information.

    Personally, while Facebook is the "new big thing" in Higher Education, it's not worth it for our institution to spend all that much time recruiting by it. Our traditional data works just fine to increase enrollment through the traditional mail, phone and e-communication programs I have developed and redeveloped. That said, I really do believe that people should be very careful about what they put out on any social networking site. Contrary to the belief that there are no automated programs allowed to scour the site, they do and the data that comes back is some really interesting stuff to wade through.
    • 89% of those that responded (pool of ~350) wanted no communication other than direct mail -- that was shocking to me, especially because they were traditional aged students (18 - 24). I have found that most students will give you their name and address (which is more than I normally will give anyone until I actually apply to the college) and not much else (no birthdate, prior education, and especially no phone number or e-mail address).

      I'm 31, and much more likely to give out my home address than an emai
      • by garcia (6573)
        Which are you going to think about and more carefully consider before sending to me?

        Actually, we send out far more snail mail than we do e-mail and being that *I* am the determiner of what and how much gets sent, I do my best to limit it to a single communication at the start and less than 5 (currently) for the rest of the year.

        The cost of the snail mail isn't so bad and it's not like we're not used to the volume. In our case we don't recruit quite like other schools do as our budget is smaller but we stil
    • I think the shift you're noting has more to do with the overwhelming bulk of e-mail than any perceived lack of privacy. I am finding that many of the e-newsletters and things I used to think were so entertaining/useful/enlightening/etc. are now just junking up my overcrowded inbox. I would much rather get a brochure in the mail than to try to save a dozen huge online brochures and have to read them on my screen... or to have an e-mail volley with some recruiter who may or may not ever stop spamming me.
    • by syousef (465911)
      Why would they trust that site more than an institution of higher education that is actually mandated by law to protect the privacy of those it deals with?

      Experience with the institution, lake of experience with the site.
  • hubris. outrageous, but expected. facebook is becoming too corporate and moving away from its roots. maybe the reason i barely go there anymore.
  • by moogied (1175879)
    Privacy Violation Concerns.. TRIPLE WORD POINTS!
  • by zbend (827907) on Thursday February 07, 2008 @01:54PM (#22336412)
    Wait, last time I checked Facebook doesn't automaticly install apps you have to do it and confirm you are allowing this app to acccess some of your information. They don't give third parties your info, you do.
    • by EtoilePB (1087031)
      Ding ding! That's absolutely correct.

      I have a Facebook account, because as someone in that nebulous realm between college and her 30s, it's the best way to keep loose track of the people I knew in high school, college, grad school, back home, etc. But I consider it sort of a fancy Rolodex -- I've shot down every single application invitation any friend has ever sent me. They don't see why, but then again they're the ones with drunken-party-pictures on their profiles, too.

      Saying, "the average user shou
    • by Mitreya (579078) <(mitreya) (at) (gmail.com)> on Thursday February 07, 2008 @04:40PM (#22339618)
      Wait, last time I checked Facebook doesn't automaticly install apps you have to do it and confirm you are allowing this app to acccess some of your information. They don't give third parties your info, you do.

      RTFA (and I quote:)

      To restate things--if you set your profile to private, and one of your friends adds an application, most of your profile information that is visible to your friend is also available to the application developer--even if you yourself have not installed the application.

      It seems that they do give my info to third parties - third parties being all the stupid applications that my friends installed. I keep very minimal info on my facebook account and don't install any apps because they require full access to my profile, but I still went and turned this sharing off just now. WTF, why did I just learn that every application that any of the 60 of my networked friends has installed could have been happily roaming through my account without my knowledge?

  • If it is, essentially, "You have zero privacy anyway, Get over it" then the users shouldn't expect anything more.
    • It is "Facebook will not sell your data" in bold letters. They also have fine grained controls for how much of your profile your friends/your 'friends' and your fellow network members can see. As people outside your networks can not see your profile at all, there is an illusion of privacy. What you have little control over (and the control is fairly well hidden) is the data that your FRIENDS' applications can see on your account. I think there is a clause in the developer code of conduct that apps aren'
  • by gravyface (592485) on Thursday February 07, 2008 @01:55PM (#22336438)
    Deserve? Yes, everyone deserves the right to keep their personal lives private. Should they expect privacy? Not likely. There's no free lunch in life, online or offline: why would Facebook spend many millions of dollars maintaining a social network without milking every last bit of profit out of their user base? They're going to do whatever they can get away with, period. I don't know why people find this so hard to grasp: it's like when I try to explain to people that those "free emoticons" they so fondly install are filling up somebody's offshore server with their personal information and filling their monitor with pop-up advertisements.
    • by owlnation (858981)

      They're going to do whatever they can get away with, period.
      Absolutely. Tom is not really your friend, nor are Facebook.

      As with all things fashionable and yet ultimately empty, Facebook seems to have matured. It's not the next big thing any more. It's so last year.
    • That's exactly the way I look at it. Is it morally reprehensible and possibly illegal for Facebook to be sharing that information? Of course. Does that mean you should assume they're not going to do it? Nope. I don't put anything on there that I wouldn't want potential future employers to know about me.
  • by NeoSkandranon (515696) on Thursday February 07, 2008 @01:55PM (#22336444)
    Maybe I'm just that suspicious, but the first time I went to look at one of those "applications" on facebook, the first checkbox in a list of a half dozen you can select before you hit "go" was a riff on "Allow this application to access my personal info" ---I automatically assumed that meant ALL my info, and promptly cancelled whatever it was.

    Did anyone ever really have the assumption that that information was needed to make the app function, and not just a way of tricking users into giving up demographic info to third parties?

    Personally I'm not sure Facebook is in the wrong on this one. It's up in big letters that you're giving whatever application it is access to your personal info--and all those things are OPTIONAL to place in your profile. I don't know that it should their fault that users don't think it through and then become surprised/outraged when they find out what it really means.
    • by kninja (121603)
      Totally. No one is forcing users to put their info into facebook. It's possible to register with just an email address these days. No Picture, just a name and an email.
  • by mc moss (1163007)
    Although I understand that if you post something on the internet, info or pics may be viewed by people that you don't want viewing them (ex: a friend of yours on facebook finds a pic you uploaded really funny and posts it somewhere else), this does not mean that facebook should start giving away info to whoever requests it. I currently have a facebook account and only my closest friends are facebook friends with me. Everything else is private and nobody can even search for me or know I exist on facebook. I
  • I'm not so sure that it can be considered secret, given that when you install an application, it states up front that you are giving it access to your profile information.
  • by Spasemunki (63473)
    Facebook's position was summed up by Georgetown Law Professor Dan Solove, 'They seem to be going on the assumption that if someone
    uses Facebook, they really have no privacy concerns.'


    "They seem to assume that people who post their name, address, sexual orientation and gender on giant roadside billboards don't care if strangers know their name, address, sexual orientation and gender! It's like they think that people who go out into the crowded streets don't care who knows what shirt they're wearing!"
  • It's an API (Score:5, Insightful)

    by mattwarden (699984) on Thursday February 07, 2008 @01:58PM (#22336510) Homepage
    Dude, what is so hard here? It is an API. Do people typically customize an API for every user (as in application using the API) to limit the available calls only to what is needed? It is an interface. The data available in said interface is CLEARLY DOCUMENTED. Yes, technically Scrabble has access to the religion of its users. Yes, it could be storing this.

    Seriously, what is confusing here? You have to agree when you add an application that it will be able to access your profile data. When you say 'yes, allow this', why would you be surprised that the application is then allowed to do what you just allowed?

    http://developers.facebook.com/documentation.php?doc=fql [facebook.com]
    • Re:It's an API (Score:4, Insightful)

      by kebes (861706) on Thursday February 07, 2008 @02:14PM (#22336744) Journal
      You're right, of course. The fact is that Facebook provides a uniform, generic API. It's up to application developers which bits of information are relevant to their application.

      But that's not to say this is the only way to do it. It would be possible, for instance, to have the API set such that the application initially makes a request for which database fields it will need to use. Then the application is only allowed to use those fields; all others are invisible. When a user installs an app, it clearly shows which fields the app will be using. This would allow users to make informed choices about which apps to install. If "SuperPoke" says it will access your friends list, that's fine. If it says it will access your address and phone number, that's suspicious.

      My point is that Facebook decided to implement a binary security model: either you don't install the app, or you give it access to everything. This doesn't seem like the best model. As a general security rule, an application should be given access to the absolute minimum breadth of resources/data needed to do its job properly.

      This is why I don't install Facebook apps: there is no mechanism for controlling the security or even establishing a chain of trust for the application developer.
    • by SteveAyre (209812)
      Yes, technically Scrabble has access to the religion of its users. Yes, it could be storing this.

      However if they do so for longer than 24 hours (for caching), show it to anyone unless the Facebook user requested it and a few other things they're breaking their agreement with Facebook [facebook.com], so any application caught doing so could be kicked off of Facebook.

      (Of course spotting applications doing so could be rather tricky...)
    • Re:It's an API (Score:4, Informative)

      by yukster (586300) on Thursday February 07, 2008 @03:37PM (#22338354)

      Yes, technically Scrabble has access to the religion of its users. Yes, it could be storing this.
      Actually, the developer terms of service explicitly prohibit storing anything other than ids (pretty much):

      http://developers.facebook.com/documentation.php?v=1.0&doc=misc [facebook.com]
      • So technically Scrabble could simply make a call, though Facebook, to get the religion of its users whenever they wanted it.

        Only 1 out of a half-dozen phone companies told the NSA to go fuck themselves when they came asking for call records. How many application developers are there? How many people does the CIA have to ask until they find out what my favorite movies are?

  • Yes and no (Score:4, Insightful)

    by MikeRT (947531) on Thursday February 07, 2008 @02:00PM (#22336534) Homepage
    I have never bought into the argument that communicating online should always be legally regarded as the equivalent of having a conversation in public. People frequently put access controls and encryption on information sent over the Internet, and it's not like every person on the Internet has the ability to listen in on what you're saying in an IM conversation, emails, etc. There should be a reasonable basis to assume privacy in certain contexts, such as email and IM. IMO, the law should sanction people who eavesdrop on such communications without a good reason.

    With Facebook, it all depends on the context. They should be required to show what information they are passing onto their application developers, but there should be no legal protection beyond that. People should be able to sell off their personal information in exchange for something they want. The only reasonable issue here is when the user is not able to reasonably find out and consent to the sharing of the information.

    Personally, I am a lot more concerned with things like the FBI's latest attempts to get carte blanche access to email. If there is any institution that will destroy privacy in America, it's the federal government. Every major information/privacy issue that comes back to haunt the average person stems from the law or law enforcement agencies. The reason we worry about identity theft on the financial side of things is that the **law** does not put the onus on the lender to verify the identity of their customer. Why should it be my responsibility to ensure that someone isn't signing up in my name for credit cards? You worry about devastating legal decisions for privacy? The precedents are being set by the DoJ, not corporate America.
    • by wwahammy (765566)
      I think you bring up a good point in saying that assuming everything online should be public is wrong but we need to take it a step further. If people are unable to express themselves online without fear of retribution from an employer or school, then isn't the internet an anti-free speech zone?

      A few years ago a couple posted pictures and videos of themselves online. The woman was fired from the hospital she worked at as a nurse because of that. Now did she commit a crime? No, it's totally legal. Does it
  • It has the potential to be a really great tool, but there's a little too much social in this social network. The boundaries aren't clear and simple, and just about every transaction *REALLY WANTS* to share your information with other people.

    I can't count how many times I've received notifications from people who were intending to send a private message to someone else. Whenever I do a quiz or something, I have to go out of my way not to "share with my friends" or "invite my friends to beat my score."

  • by John Hasler (414242) on Thursday February 07, 2008 @02:14PM (#22336732) Homepage
    > They seem to be going on the assumption that if someone uses Facebook, they really have
    > no privacy concerns.

    Sounds like a reasonable assumption to me.

    > Do Facebook users deserve privacy?

    Sure. And they can have it. All they need to do is keep the stuff that they want to remain private off Facebook.
  • I started reading the virginia.edu piece, and came across this line:

    It's been a wild success: the most poopular Facebook applications have around 24 million users[...]

    That's just it: no one who adds the applications gives a crap about their privacy. When you add an application, there are several checkboxes, and you don't have to have them ALL checked in order to add an application, but the only one you DO have to have checked is the "Allow this application to know who I am and to access my information" box. If you uncheck that and try to add the application, Facebook tells you that you need to

  • Facebook users deserve privacy in the same way that swimmers deserve dryness.

    The whole point of social networks is that it allows one to easily control the information that they radiate. Remember when all we had to go on was rumours? Now we know who is gay, we know whose brother was killed in a car accident last year, we know that our previous significant other is now dating again. All of these things that once might have been awkward to bring up are now just pieces of information. If facebook and myspa
  • These people are putting their personal information up on a site, the purpose of which is to share your personal information on. Now, granted there are varying degrees of access you can grant people, but I wouldn't assume too much privacy in doing so. I think the real problem here is people just assume they can go handing out whatever willy nilly and it'll just "all work out."

    My take? If you don't want your information shared with abandon, don't put it on a site that has made its while business on shar

  • by Ralph Spoilsport (673134) on Thursday February 07, 2008 @02:25PM (#22336952) Journal
    I got burned once too many times by crappy idiotic third rate nonsense "applications" on facebook. Someone sent me a kiss, so I sent one back, but I had a bunch of windows open and didn't notice that I had just sent a kiss to EVERYONE. Now they all know I love them, that's no big deal, but it's the assumption of broadcasting and the will to spam itself that I find offensive about facebook.

    So, one day, I just sat down and yanked most of the applications out. so, if you send me something on the Funwall, sorry - I won't be seeing it. And if you have some dorky movie compatibility quiz, I won't be playing the game. If you want to contact me, there's a facility for sending messages and comments. If you can't get put enough words together to do that, then you're probably not one of my friends, anyway.

    Facebook has outlived its usefulness.

    Perhaps something like allvoices.com [allvoices.com] will be the next big thing because there, you have to do something - contribution to the data matters more than just being a consuming node for a data mine.

    RS

  • I've turned off the API (had to remove all the applications that aren't built-in to Facebook to do so, but I knew that) ...And I still get spam in my news feed from some friend adding an Application.

    I block every single one my friends add, mainly because blocking an application turns off the spam in the news feed from all the applications. It's common knowledge on Slashdot: blacklists suck.

    I'm actually trying to use Facebook in the manner it was prescribed, but in order to protect some semblance of my infor
  • by sherriw (794536) on Thursday February 07, 2008 @02:36PM (#22337194)
    I have a friend who thought that the check box "Allow this application to know who I am and access my information" meant:

    Allow it to know my name. Allow it to 'know' the info I put into the application itself. Ie, what I type INTO the funwall. She didn't know that it meant 'access my PROFILE information'.

    I think this should be clarified to: "know who I am and access all of my profile information."
    • by Dhalka226 (559740)

      Clarification is always good. No problem with that.

      However, it seems to me that the easiest and best solution is to simply add a field to a user's account: "Treat Facebook Applications as a [Friend|User|Guest|whatever other access levels they might have]." In other words, to pretend there's some "Facebook Applications" account. If you "friend" apps, they can see all the information that your friends could see if they went to your page. If they're a guest, they get whatever a guest can see based on you

  • I was a sophomore when Facebook was put onto the series of tubes. At first I was reluctant to sign up, and for the same reason most are inciting right now: loss of privacy. I mulled it over and realized that Facebook was a good tool to keep in touch with people you could not or would not see that often. This can be important, especially in the college environment the site was designed for. You'd have one class with someone you were interested in - either as a friend or something else - and then you'd never
  • "Secretly"? (Score:3, Insightful)

    by quadelirus (694946) on Thursday February 07, 2008 @02:44PM (#22337344)
    I don't see how this is a big secret. When you add an application there is a checkbox that says (and I quote), "Allow this application to... Know who I am and access my information." If you uncheck this box Facebook tells you "Granting access to information is REQUIRED to add applications. If you are not willing to grant access to your information, DO NOT ADD THIS APPLICATION."

    I saw this the first time I went to add a Facebook app, and thought "hey, I don't want that, so I'm not going to add it."

    Facebook is an advertising platform just like everyone else, so either I'm missing something (which, I'll admit is entirely possible--I recognize that I make mistakes all the time), or is there really a story here?

    BTW, just read the terms of service for each application--if it doesn't say what they will do with your data, don't add the app. Then it isn't a whole lot different than putting the same data into any other web application. Also, being aware that this can happen, don't put data on your facebook profile you don't want the rest of the world seeing. It's not rocket science-just common sense.
  • Facebook Developer (Score:4, Insightful)

    by justfred (63412) on Thursday February 07, 2008 @03:27PM (#22338150) Homepage
    I'm a newbie Facebook app developer.

    Here's the info I can see for any user that adds my app and clicks the box:

              uid*, first_name, last_name, name*, pic_small, pic_big, pic_square, pic, affiliations, profile_update_time, timezone, religion, birthday, sex, hometown_location, meeting_sex, meeting_for, relationship_status, significant_other_id, political, current_location, activities, interests, is_app_user, music, tv, movies, books, quotes, about_me, hs_info, education_history, work_history, notes_count, wall_count, status, has_added_app

    (More info on the already-linked http://developers.facebook.com/documentation.php?doc=fql [facebook.com] )

    To me this seems like way, way too much. I haven't told our marketing people we can get all this.
  • Stupid Question (Score:2, Insightful)

    by dwye (1127395)
    From someone who, for the most part, cannot conceive why people would want to use an Internet-based something like Facebook, in the first place (seriously, why post your life to 1 billion Chinese, let alone any other group?):

    Why is the application not treated as-if it were another user? From what I understand, there is a reasonable granularity of privacy settings for users. Let each app be a unique user, and you automatically get these benefits.

    Or are the apps client-based, so that my Facebook on machine

  • From the Fine Summary: ...Do Facebook users deserve privacy?

    Deserve privacy? Probably, but these are same people who post pictures of themselves engaging in illegal/inappropriate activities (underage drinking, drug use, etc.), and then wonder why "the wrong people" got into their "personal" files.

    What they truly deserve is "common sense" to know that posting things on the net (or on any computer/space outside YOUR control) means others could have access to that information, and to think and consider what t

    • Define Underage.

      In France, it's legal to drink when you're 6. If your parents say you can. At 16 it's legal to drink without their permission.

      And 16 is drinking age in the UK too.

      How do you know it's underage? When I was in the military, federal drinking age was 18, so while it might be 21 in the state I was in, I can drink on base at 18.
      • by powerlord (28156)

        Define Underage.


        That's exactly why I DIDN'T use a specific number. You are underage if you were below whatever you're jurisdictions age was. If you weren't to young, then you wouldn't have a problem later, although the pictures of being completely shitfaced that employers might dig up, are usually a bad idea in most cases.
      • by Vegeta99 (219501)
        I think that Federal rule still applies. I was on a Parks Service campground drinking with a few friends one time and the park police came by and saw the beers in our hands. We thought we were fucked, but he rolls his window down, says "You all 18?", we showed him our IDs, and he thanked us.

        We all just kinda stood there... uhhh.... wtf? We had to get a 21 year old to BUY it why can we DRINK it?
  • Just a few thoughts I've had about the so called social networking revolution: Initially, I didn't mind facebook and I had one of my own. I used to keep in touch with people at school. It was simple, you couldn't add any ridiculous templates to the site like MySpace. It was visually appealing, etc. Then they decided to introduce feeds. Everyone pretty much hated this, and I think eventually they scaled it back a little bit, but you essentially knew every time someone entered something into someones wall. No
  • When you meet strangers the get the first name, at most. Never the full name.

    At that point I decided not to join this "revolution"....

"You tweachewous miscweant!" -- Elmer Fudd

Working...