Forgot your password?
typodupeerror
Privacy Social Networks The Internet Your Rights Online

Facebook Violates Canadian Privacy Law 179

Posted by kdawson
from the over-sharing dept.
Myriad and a number of other readers passed along the news that the Canadian Privacy Commissioner has made a determination that Facebook violates Canadian privacy law in four different respects. Canada has the highest per-capita facebook participation in the world — about a third of the population — according to coverage in The Star. The EU is also expressing similar privacy concerns, though Canada's action "represents the most exhaustive official investigation of Facebook privacy practices anywhere in the world," says Michael Geist. The CBC's coverage spells out the areas of privacy concern, in particular that nearly a million developers of Facebook apps in 180 countries have full access to the entirety of users' private data. Also of concern: Facebook holds on to your data indefinitely after you quit the site. The BBC notes that Facebook is working with the privacy commission to resolve the issues, and quotes a Facebook spokesman thus: "Overall, we are looking for practical solutions that operate at scale and respect the fact that people come to share and not to hide." (Schneier recently blogged about research on "privacy salience," and cited Facebook's practices among others' as practical examples of how social networking sites have learned not to push the privacy issue in users' faces.)
This discussion has been archived. No new comments can be posted.

Facebook Violates Canadian Privacy Law

Comments Filter:
  • Draconian Laws (Score:5, Insightful)

    by A. B3ttik (1344591) on Friday July 17, 2009 @11:58AM (#28730901)
    Does anyone actually expect privacy from these networking sites anymore?

    Besides, who puts something on Facebook that they _want_ to keep _private_?
    • Re:Draconian Laws (Score:5, Insightful)

      by schon (31600) on Friday July 17, 2009 @12:01PM (#28730951)

      who puts something on Facebook that they _want_ to keep _private_?

      People who don't know any better, who are (incidentally) the same people the privacy laws were written to protect.

      • Re: (Score:2, Interesting)

        by Dishevel (1105119) *
        Why as a society do we continue to protect the stupid. Can't we just let them fail and go away. If we continue to prop them up there will be no breeding disadvantage to them and we will all become fucking idiots. Please for the love of the deity of your choice. Let the stupid kill themselves off!
      • Re: (Score:3, Insightful)

        by Ephemeriis (315124)

        who puts something on Facebook that they _want_ to keep _private_?

        People who don't know any better, who are (incidentally) the same people the privacy laws were written to protect.

        People who don't know any better?

        I put a gigantic billboard in my front yard - 20' tall. Plaster all kinds of personal information on it. Maybe some racy photos. And then, when everyone in the world knows the intimate details of my life I can cry foul because some privacy law was supposed to protect me, because I didn't know any better?

        What ever happened to common sense?

        I'm not talking about understanding the intricacies of HTTP or how various web apps share information... I'm talking about basic, commo

        • Re: (Score:2, Insightful)

          by ToadProphet (1148333)
          You're right, but I don't think Joe Sixpack necessarily understands the concepts of data mining, profiling, etc and how they might relate to social networking sites. Nor do I think he, or the average teenager, understands the permanence of data or the associated implications. And frankly, what may make sense to post on a gigantic billboard in your front yard may not make sense, or even be legal, tomorrow. Times change. Governments change. Social mores change. I think expecting your average internet user t
          • Re:Draconian Laws (Score:4, Insightful)

            by Ephemeriis (315124) on Friday July 17, 2009 @01:40PM (#28732323)

            You're right, but I don't think Joe Sixpack necessarily understands the concepts of data mining, profiling, etc and how they might relate to social networking sites. Nor do I think he, or the average teenager, understands the permanence of data or the associated implications.

            And frankly, what may make sense to post on a gigantic billboard in your front yard may not make sense, or even be legal, tomorrow. Times change. Governments change. Social mores change. I think expecting your average internet user to consider these things is asking a little much.

            No it isn't.

            People have been making decisions (sometimes stupid ones) and living with the consequences for centuries. Ok, maybe it's easier to squash a verbally-distributed nasty rumor than a digitally-distributed incriminating photo, but that doesn't mean that common sense no longer applies.

            Look back at some printed statements over the years... Things that were appropriate at the time and showed up very proudly in newspapers all over the united states, and now look very embarrassing.

            Political careers have been ended because of a youthful indiscretion or an incriminating photograph.

            Tons of people have tattoos that they wish they hadn't gotten.

            Plenty of people have taken pictures they shouldn't have, and had it used against them.

            Ever hear of Nixon? Recorded some tapes he probably wished he hadn't.

            How about Sotomayor? Bet she wishes she hadn't said some things right about now.

            This isn't about understanding data mining or profiling, this is about simple common sense - which is apparently in short supply these days. If I proudly proclaim that I like big butts on FaceBook you don't need to mine any data - you know that I like big butts. You don't have to profile anything, I've stated it in plain text. Oh, now my mother read it and I'm embarrassed? I guess I shouldn't have written it where she could see it, now should I?

            Twitter, FaceBook, MySpace, blogs, text messaging, cell phones... They're all just ways of distributing a message. The problem isn't that distribution has become insanely quick, easy, and efficient. The problem is that nobody is thinking about the message anymore.

            Folks will call up a friend and have a running conversation about the random people walking by them and what they're wearing - why? Just because you can tell your friend that somebody wearing a Penny Arcade t-shirt doesn't mean you have to.

            People actually report on their bowel movements! Why?!

            • Re: (Score:3, Insightful)

              by ToadProphet (1148333)

              Yup, however...

              Your examples are ones that have easily recognizable consequences for just about anyone. My point is more about the ones that take considerably more thought. For example, you give a big thumbs up to some fringe political party that, in the not so distant future, is outlawed with the supporters being flagged. Hell, atheism could become illegal someday if some fanatics got their way.

              Extreme examples, for sure, but I believe the point is clear

              • Yup, however...

                Your examples are ones that have easily recognizable consequences for just about anyone. My point is more about the ones that take considerably more thought. For example, you give a big thumbs up to some fringe political party that, in the not so distant future, is outlawed with the supporters being flagged. Hell, atheism could become illegal someday if some fanatics got their way.

                Extreme examples, for sure, but I believe the point is clear

                So, kind of like the folks who liked the Nazis and then looked embarrassed after WWII?

            • The real situation (Score:5, Insightful)

              by Anonymous Brave Guy (457657) on Friday July 17, 2009 @02:42PM (#28733139)

              Twitter, FaceBook, MySpace, blogs, text messaging, cell phones... They're all just ways of distributing a message. The problem isn't that distribution has become insanely quick, easy, and efficient. The problem is that nobody is thinking about the message anymore.

              Actually, the problems being cited by the privacy officials are more the kind of thing the average user probably would not realise/anticipate.

              If I ask a site to delete my personal data when they no longer have any reason to hold it, I might reasonably expect them to delete it — not stick some flag in a database, and then find when they have a security breach in five years' time that the data was still there. If an organisation is unwilling to follow this rule, the law should make them; the consequences of failing to do so with modern technology are demonstrated all too frequently, and often with horrendous, underserved consequences for those affected.

              If I flag my personal data as private and restrict access to only a select group of friends, I might reasonably expect that data to be kept private and accessible only to those friends — not made accessible, in its entirety, to a million arbitrary developers of Facebook apps around the world, many from countries with far less privacy protection than the law in my country (and other countries where Facebook is hosted) provides. Again, if a site that specialises in collecting personal data and attracts that data on the basis that it can be held in confidence is unable to keep that confidence, the law should compel them to do so.

              The way Facebook doesn't really delete data and the way they allow app developers open-ended access to it are the two big reasons I personally don't use their service, and I would be interested to know how many of my Facebook-using friends would agree if they knew the full implications of signing up for one game of Scrabulous or whatever it's called these days.

              The world has changed in the Internet age, because now transgressions that might have been forgotten or overlooked after a while in the past are kept on-file forever and searchable for all to see. That in itself makes both education (particularly for the young/vulnerable), privacy awareness, and explicit legal protections for personal information much more important.

              Personally, I believe personal data protection and privacy laws are far, far too weak in most jurisdictions today, lagging well behind modern technology and its less constructive applications. I would like to see statutory safeguards on all collection, use and distribution of personal data, and awesome, business-destroying penalties for those who are not careful enough to do so.

              Our current path, towards a database state and wholesale aggregation of personal data by private entities, using software that is frequently insecure, with low-level staff unreliable at following even basic security procedures, in a world where leaks can turn a victim's life upside down and the damage may be expensive or impossible to fix, is not a healthy path to follow.

              Basically, it's reasonable to expect some common sense from those old enough to know what they're doing, but it is not reasonable to expect people to make decisions based on information they probably don't know or understand, and in any case, no-one is perfect and I personally think society would be a better place with stronger privacy laws governing organisations that compile massive databases of personal data. As I often comment in these discussions, just because we can do something does not mean we should, and just because someone who is only human once made a mistake does not mean we have to catalogue it and make it searchable by anyone for the rest of their life.

              • Re: (Score:3, Insightful)

                by Ephemeriis (315124)

                Basically, it's reasonable to expect some common sense from those old enough to know what they're doing, but it is not reasonable to expect people to make decisions based on information they probably don't know or understand

                The only thing you need to know is that you're posting information on the Internet.

                If I ask a site to delete my personal data when they no longer have any reason to hold it, I might reasonably expect them to delete it

                Sure, that's a reasonable expectation. But it isn't necessarily reality. If I give you a picture of me doing something lewd to a llama and ask you to destroy it I might reasonably expect you to do so... But that doesn't mean that you actually destroyed anything. And it doesn't mean that you have to destroy it either. Unless we signed some kind of legally binding contract that said you would destroy it... In which case I

                • The only thing you need to know is that you're posting information on the Internet.

                  As I do when I make a payment using on-line banking or give my credit card details to Amazon, you mean?

                  Sure, that's a reasonable expectation. But it isn't necessarily reality.

                  Not today, but it would soon become so if we started fining companies that failed to comply 10% of their annual profit and throwing a randomly selected member of the board of directors in jail for each lapse.

                  So it's limited to those people... Let's say FaceBook doesn't give out the information to other people, doesn't retain it after you deleted your account, etc. But one of your friends shares your information where they shouldn't have - re-posts it to a different website or something.

                  Ah, see, now you're getting to one of the real problems with privacy laws: it sucks that my friend did that, but in the days when it was probably an off-hand comment the damage was limited, whereas in

            • What you say would be true for people who make their facebook profile public, but what about those with private profiles that are visible only to their friends, and are basically being leaked to third parties?

              How would you feel if your cell phone company were selling transcripts of your phone calls to advertisers and potential employers without your consent (ie. considering your use of their system as you granting your implicit consent)?

              • Re: (Score:3, Insightful)

                by Ephemeriis (315124)

                What you say would be true for people who make their facebook profile public, but what about those with private profiles that are visible only to their friends, and are basically being leaked to third parties?

                Your FaceBook profile is only private if your friends don't share anything with people you don't want them to. It doesn't much matter what FaceBook's privacy policy is... Or what kind of mechanics they've got in place to protect you... If you post something on FaceBook you have to assume that it'll wind up somewhere you don't want it to.

                How would you feel if your cell phone company were selling transcripts of your phone calls to advertisers and potential employers without your consent (ie. considering your use of their system as you granting your implicit consent)?

                I wouldn't be terribly surprised, to be honest.

                I'd be even less surprised if they were doing that with my text messages. Or using the photos I take on that camera for pr

              • Or how would you feel if facebook allied with a dozen other unrelated sites to discretely build psychological profiles on you? I was particularly offend wen I was presured to join a facebook ripoff, I entered mostly false data, and yet it already has a good idea of which my contacts were, it's sick.

                Now excuse me I'm going to make another tin foil cap for my tin foild cap.

      • Re: (Score:3, Interesting)

        by Runaway1956 (1322357)

        I'm not sure that privacy laws were written to protect the ignorant, so much as to protect the more savvy individual.

        The guy who runs around bragging that he makes $200,000 a year deserves the parasites who hover around him. They KNOW he has money, because he told everyone. The guy who makes $80,000, and keeps it secret, can legitimately tell hopeful parasites to screw off, his money is none of their business.

        Want to get more "personal"? The person who posts, "I'm a nubile teenage female, and I WANT TO G

      • by BitterOak (537666)

        who puts something on Facebook that they _want_ to keep _private_?

        People who don't know any better, who are (incidentally) the same people the privacy laws were written to protect.

        Laws designed to protect the ignorant can be dangerous things. If you set up your own personal blog site, do you really want to risk running afoul of various countries' laws because your users' postings are visible to the world. Yes, Facebook is larger and more commercial than your typical blog site, but think carefully about the implications of these types of laws when applied to typical blog sites.

      • Why does nobody get, that you can put things up such a site and expect them to be private too, IF:

        You can configure privacy rules for every element of that data. Separately. For a fine grained self-definable set of rules over groups. Just as a firewall or other proper security system.

    • by kent_eh (543303)

      Does anyone actually expect privacy from these networking sites anymore?

      Most Facebook (or any other popular social networking site) don't know (or don't care) any better. Even if someone sat them down and explained it to them

      They only start caring when they mature a bit.
      By which time, it's way to late to do anything about the pictures of them doing naked bong hits.

    • by Locklin (1074657) on Friday July 17, 2009 @12:05PM (#28730987) Homepage

      Everybody seems to expect that Facebook has all this information, the issue is with applications/quizzes. By setting up some stupid quiz, you can collect contact and network data on everyone who fills it out. This could be used for everything from marketing research to "investigation" of various social/political groups.

      • They prompt you (Score:3, Insightful)

        by brunes69 (86786)

        Any time you agree to take one of those quizes etc, Facebook pops up a GIANT box in your face basically saying that if you agree to take that quiz then you give all rights to your information and your first bord child to the developers of that application.

        If the user is too stupid to read a giant disclaimer right in their face and decide it is not worth that risk to find out how much alike their taste in puppies is to Fergie, then I have no sympathy for them.

        • Re:They prompt you (Score:5, Interesting)

          by ceoyoyo (59147) on Friday July 17, 2009 @12:34PM (#28731369)

          I agree with that one, but what if you want to play chess with your friend? You should be able to do that without giving someone access to everything. Either the Facebook API doesn't support requesting limited rights, or a I have never seen an app that uses that capability.

        • Tech the tech teched.

          Tech the teching tech?

          [YES PLAY GAME] (no)

        • Re: (Score:3, Insightful)

          by SydShamino (547793)

          Your American libertarian view of the law sees this as a business transaction, where the user can either use the product (and accept the terms of total data disclosure) or not use it.

          Other countries with more civilized privacy laws prevent companies from demanding unnecessary personal data (i.e. anything not needed for the specific product or application) when providing a product. Terms of business have to comply with the law, just as they must in the U.S.; Canada just has more terms.

          Yes I'm American.

    • by peragrin (659227)

      Unfortunately idiots out number intelligent people. How many cases have you heard of where a kid postssomething stupid they did oy tohave their parents find out about it.

      I don't face a facebook account(I am not narsisstic enough) yet I hear about that crap 2-3times a month.

      • kid postssomething stupid they did oy tohave

        I don't face a facebook account(I am not narsisstic enough) yet I hear about that crap 2-3times a month.

        I hear you man. It's almost pushed me to drink too :(

        • by peragrin (659227)

          That or preview your posts while posting from your smart phone while eating lunch during a busy work day. Spell check will only save you so much.

    • Re:Draconian Laws (Score:5, Interesting)

      by RiotingPacifist (1228016) on Friday July 17, 2009 @12:07PM (#28731013)

      Does anyone actually expect privacy from these networking sites anymore?

      Yes many people do, not all countries believe so strongly in the market as the US and we often want restrictions put on businesses to keep our data the way we want it.

      Besides, who puts something on Facebook that they _want_ to keep _private_?

      People with friends, FB is not myspace (its not a site to go meet random people off the internet with) it's a site to allow friends (of varying levels of technical competency) to keep in touch and communicate. I put stuff i want my friends to see on my facebook profile that perhaps i don't want everybody in the world to know about! embarrassing pictures people take of me can be tagged on facebook, tbh i don't care if my mates see me passed out in a field but i sure as hell don't want everybody on the internet (including prospective employers) to see it. If i have a choice between
      1)total privacy
      2)a convenient way being able to organise events and nights out much easier at the expense of privacy.
      I'm going to choose 2, however if that expense can be reduced then that is great.

      • So, let's say FaceBook has perfect privacy. You can share your information with whoever you want, and nobody else can get at that stuff. App authors can't get at it, FaceBook deletes it as soon as you quit. Perfect privacy.

        You pass out in a field. Somebody takes a picture. You post that picture on FaceBook - only your friends can see it. Great!

        Now one of your friends downloads it and emails it to his buddy, that you don't know, and that buddy re-uploads it to FaceBook.

        Or maybe the guy who took the pic

    • Re:Draconian Laws (Score:5, Interesting)

      by ceoyoyo (59147) on Friday July 17, 2009 @12:09PM (#28731051)

      Some people use Facebook to keep in touch with friends, not to post compromising pictures of themselves. Most Facebook profiles these days are only available to friends of the owner.

      The apps thing has always bothered me about Facebook. The vast majority of apps are stupid and easy to ignore but there are a few interesting ones that I might use except that the only way to do so seems to be to give the free run of any and all personal information. Why did a game of Scrabble need to know anything more than my user number?

      • Re: (Score:3, Informative)

        by Roman Coder (413112)

        Yesterday I saw an IQ Test" app and thought "Why not?", so I took the test (one could argue I failed it by just using Facebook to test my IQ, but I'll leave that for another discussion).

        When I was done, the app wouldn't give me my results until I gave it my cell phone number, so it could send me the results of my test to my cell phone. Not like I could read it off of the web browser, right?

        Pissed me off to no end that the app would so underhandedly try to farm my cell number this way, so I just backed out

    • Re:Draconian Laws (Score:5, Interesting)

      by sodul (833177) on Friday July 17, 2009 @12:12PM (#28731081) Homepage

      There's one thing that disturbed me about Facebook: I wanted to apply for a position there, but you need a Facebook account in order to do so. So why not ? You have to provide some personal information especially your birth date, which is illegal for a prospect employer to ask.

      I understand the recruiters might not look actively look for your birth date, yet now it's there for them to look at, forever in their database.

      • by aclarke (307017)
        My position is to never provide information like my birthdate to any web site, with very few exceptions. If a web site asks for my birth date, I lie.

        I know this doesn't really address your issue, but it's a point worth making for anyone who bothers to read this comment.
    • Re:Draconian Laws (Score:5, Insightful)

      by Beardo the Bearded (321478) on Friday July 17, 2009 @12:40PM (#28731451)

      That's not the point.

      The point is that Facebook is disclosing personal information to any developer that asks for it, without regard to what the information is, or what use the developer has for the information. That's against Canadian law.

      The quote in the article states it most clearly: "Why does a hangman developer have to know your address?"

    • Re:Draconian Laws (Score:5, Insightful)

      by psyklopz (412711) on Friday July 17, 2009 @12:48PM (#28731557)

      It is worth noting that Facebook violates privacy of more than just its members.

      The summary does not mention this, but one of the things the Canadian study found was that users of Facebook can post photos and Tag the names of each person in the photo (whether they are on Facebook or not).

      I believe there are good reasons why a non-Facebook user would not want their images posted, and for that matter, have a searchable Tag posted against that image.

      Presently, I can't 'opt-out' of images of myself being posted by members, even though I am not on Facebook.

      And on the same subject-- should I even need to 'opt-out'? Maybe they should require 'opt-in'?

      • by ivoras (455934)

        Presently, I can't 'opt-out' of images of myself being posted by members, even though I am not on Facebook. And on the same subject-- should I even need to 'opt-out'? Maybe they should require 'opt-in'?

        No, for the same reasons you can't stop anyone creating a web site (e.g. a blog) with a picture of you and the caption "This is $yourname", posting a picture of you with the same caption on a usenet group, or going to a bar, holding your picture in the air and shouting "This is a picture of $yourname".

        Iff t

    • "who puts something on Facebook that they _want_ to keep _private_?"

      http://news.bbc.co.uk/1/hi/uk/8134807.stm [bbc.co.uk]

      The (wife of the) boss of britains MI6 apparently.
    • Re: (Score:3, Interesting)

      by ShieldW0lf (601553)
      Besides, who puts something on Facebook that they _want_ to keep _private_?

      Facebook made it's mark by being a place you could safely share things that were only meant for friends and family. It offered a place where you had some privacy and could put up pictures that you wouldn't put on the general internet. That was what made it go big. People who would never put their kids pictures up on a my myspace profile felt this was a safe way to share pictures with grandma.

      It was all a big snow job, but sti
    • Re: (Score:2, Funny)

      There's a reasonable expectation.
      For example my private information shouldn't automatically be made available to some third party just because some half-wit on my friends list took at 'Which punctuation mark are you?' quiz.

      I can't view other peoples profiles if they don't want me to, unless I make some idiotic quiz that they take.

    • YES. I. FREAKIN. DO!

      I do not think that they will keep it private though.

      But I do think that private data should have a huge price tag on it (think infringement), and that Facebook should then be sued for it, and for making money out of it.

      So much that they not only go down, but will have to work off debt for the rest of their lives.

      But there is one more rule: Give them one, and just one, chance to fix it. A month should be enough, and be realistic. Also bugs are not intended breaches of privacy, and have t

  • by Minion of Eris (1574569) on Friday July 17, 2009 @12:09PM (#28731053)
    DO NOT RUN ANY APPS!!! Sorry for shouting, but I have been saying this to people for years now (since the first time i read the terms for FaceBook apps). I am not knocking FB as a tool in and of itself, in fact I am very grateful to them for letting my daughter find me after 16 years of seperation (true story - she searched my name and sent me a message) but come on, they state clearly that if you want to plant a garden (or whatever) the developer gets to see all of your info. just Don't Do It. thanks for the rant-space.
    • by eln (21727) on Friday July 17, 2009 @12:36PM (#28731389) Homepage
      I agree, but on the other hand it's foolish for Facebook to have taken such a lazy approach to apps. What they should have done (and should do) is allow a developer of an App to determine what information from a user's profile they actually need for their app to operate, and allow that app access to only that information. Further, instead of the blanket "allow this app to see everything about you" screen, they should tell you precisely what information that particular app is asking for (and will be allowed to see), and let the user choose whether or not that particular information is something they're willing to share. Most people will just blindly click through anyway just like they do now, but at least if the information to be shared is clearly spelled out, there's a chance someone will think twice before clicking, and at the very least they'll be more informed of what they're actually giving out.

      In addition, they should review apps (not sure if they do this now or not, if they do their criteria are laughable) before allowing them on to the site...and part of their review of an app should include whether or not the app is asking for more information than it actually needs.

      And for the love of God, instead of making every stupid little quiz a separate app, Facebook should maintain its own in-house developed "quiz app" and allow random idiots to submit quizzes to it. I'm tired of having to block every stupid quiz individually because they're all individual apps. This would also have the side effect of not needing to give all of your information to a random 14 year old so you can find out which Teletubby you are...your information would only be shared by the developer of the Quiz App (Facebook itself). Of course, this would only work in conjunction with the review process mentioned above, as any other quiz apps would be rejected by the review and the developers pointed to the Facebook Quiz App.

      Facebook strikes me as a company with a lackadaisical approach to privacy and a generally lazy approach to the design and implementation of site features. It angers me that the site could be so much better than it is if someone at that company gave a damn about these things.
      • Re: (Score:3, Insightful)

        by Runaway1956 (1322357)

        "allow a developer of an App to determine what information from a user's profile they actually need"

        This sidesteps the issue under discussion. The issue is, some developers might be data mining, and some people don't desire all their data to be mined. Whether or not I am developing a legitimate app or not, I can claim to need personal data, right down to the size of a member's panties and bra. Or, maybe my app is just a front for a personnel screening service. While I claim to be developing the app, I'm

        • by eln (21727)
          That's why the review process would actually look at the app and make sure it really needed what it said it needed. An additional idea to counteract what you're talking about is to review the app to make sure any personal information it uses it only used during the execution of the app, and is not logged or sent anywhere. Of course, implementing a review process like this would require effort on the part of Facebook, so it will probably never happen.
      • by Mr. DOS (1276020)

        In addition, they should review apps (not sure if they do this now or not, if they do their criteria are laughable) before allowing them on to the site...

        Because all we need is another App Store.

        Don't get me wrong, I agree that there should be better control over Facebook apps, especially from the privacy standpoint. However, Apple is doing a fine job of demonstrating that one central point of review isn't the greatest way to go.

        And for the love of God, instead of making every stupid little quiz a separate

    • That was my old policy, however check this [facebook.com] out it does allow much greater control over apps than previously available. At a minimum i have to give the app maker "my name, networks, and list of friends", which is much better than the old choice of everything/nothing, and IIRC the defaults are fairly tight too mine only gave away basic info ("Your basic info consists of your birthday, gender, hometown, political views and when you last updated your profile.") & my profile pic.

    • by garcia (6573)

      The answer is pretty simple DO NOT RUN ANY APPS!!!

      Yeah, the answer to the drug problem is simple: don't buy any drugs!!! Unfortunately just because someone is accepting payment in return for illegal drugs does not mean it's legal. Thus, just because Canadian Facebook users have the option not to run applications doesn't mean that they don't/won't.

    • DO NOT RUN ANY APPS!!! Sorry for shouting, but I have been saying this to people for years now (since the first time i read the terms for FaceBook apps). I am not knocking FB as a tool in and of itself, in fact I am very grateful to them for letting my daughter find me after 16 years of seperation (true story - she searched my name and sent me a message) but come on, they state clearly that if you want to plant a garden (or whatever) the developer gets to see all of your info. just Don't Do It. thanks for the rant-space.

      And you also need to not let any friends who you allow to see your page to run any apps. Another possibility is to not put any information at all on FB that you want to keep private. If a conversation turns toward something private, switch to email, IM, or, you know, spoken words. FB isn't a necessity for fully maintaining anyone's modern social life, despite the frequent claims I see here.

    • by Sporkinum (655143)

      What happens if someone that has you as a friend does an app? Are you compromised then? I have only created 1 account with all bogus information, just to see what the damned facebook thing looks like. That account has no friends. It's a very sad account...;-(

  • Okay, the thing with holding onto your data after you have closed your account is a genuine point, but don't you see the "allow app xzy to access your profile data?" warning clear enough? If you willingly let someone pull your profile data then for sure there is no violation of a law. Well either that or Canada has some crazy laws in this regard.

    It is annoying nevertheless that you can't select what portion of your profile data is visible to some app.

  • Priorities (Score:3, Interesting)

    by MikeRT (947531) on Friday July 17, 2009 @12:25PM (#28731261) Homepage

    How robust is Canada's analog to the 4th amendment? Does it even have one?..

    A lot of the privacy debate in the West is completely ass backwards to the point of being Orwellian. Britain is, right now, the best example of that for the entire West. They have data retention mandates that cover all communications, can force you to divulge encryption keys, no written constitution (and thus no lasting written constitutional limitations like the 4th amendment) and yet they fret about what a fucking supermarket or Facebook might do to your privacy.

    It's a total farce. The only people who can enable the destruction of your life or directly cause it are the government. Even identity theft is an issue created by the law because the government won't make lenders and merchants responsible for ascertaining the identity of the buyer first. So really, when you scratch beneath the surface, on basically all privacy issues that affect your life, liberty and property, the government is at least an active conspirator if not the culprit. Sometimes that's through negligence like with identity theft, but others it's willful like watering down restrictions on the issuing of warrants and wiretaps.

    • Re: (Score:3, Informative)

      by H0p313ss (811249)

      How robust is Canada's analog to the 4th amendment? Does it even have one?..

      Part of the Charter of Rights and Freedoms [wikipedia.org] which is as robust as it gets in Canadian constitutional law.

      8. Everyone has the right to be secure against unreasonable search or seizure.

      • by H0p313ss (811249)
        As a matter of fact it was just invoked in the Supreme Court [www.cbc.ca] and clearly incriminating evidence was thrown out.
    • Re:Priorities (Score:4, Informative)

      by abigor (540274) on Friday July 17, 2009 @12:41PM (#28731471)

      As another poster mentioned, the Canadian equivalent of the 4th Amendment is Section 8 of the Canadian Charter of Rights and Freedoms.

      More to the point, Canada has a very powerful Privacy Act ("An Act to extend the present laws of Canada that protect the privacy of individuals and that provide individuals with a right of access to personal information about themselves") that limits the government's ability to collect and retain private information, and a Privacy Commissioner to enforce it. I don't think there's anything comparable in the US, as Canada's privacy laws are probably the toughest in the western world.

    • by ceoyoyo (59147)

      http://en.wikipedia.org/wiki/Section_Eight_of_the_Canadian_Charter_of_Rights_and_Freedoms [wikipedia.org]

      It's more or less equivalent to the US forth amendment. However, our tougher privacy laws seem to indicate that Canadians are more interested in the government actually obeying the spirit of the charter section, rather than making excuses to try and get around it.

  • Facebook app privacy (Score:4, Interesting)

    by furby076 (1461805) on Friday July 17, 2009 @12:30PM (#28731315) Homepage
    Here is an idea facebook. Give the user an option to not give the app creators 100% access to the facebook users data. I reject all of those apps because all of them expect me to give up my data - all of my data. It is very invasive.

    I'm assuming facebook gives this control to the app makers - but as we know - when you have an option and it is free then why not use it?
  • by RiotingPacifist (1228016) on Friday July 17, 2009 @12:33PM (#28731361)

    Unlike many slashdoters i feel the need to keep in touch with my friends outweighs the need to live in a basement with a tinfoilhot keeping my data (that nobody wants as anyway) private, so i do have a facebook account *gasp*. I have always taken care to keep my data private though, this is so that while i can tell my friends that im a racist, in-bread(hence all the spelling mistakes), thieving, crack addict, hopefully prospective employers will never know about it. It's surprising that facebook is in trouble now, because i was surprised at how well i can keep my data private while still using 3rd party apps. Originally there was no privacy on FB, then you could protect yourself from facebook themselves, but if you installed one bad app all your data goes straight to the CIA, now this page, that i noticed the other day in my regular app clean-up (how could i not accept an invite to pacman), allows you pretty granular control over your data, ranging from all your data (which some apps may use) to "name, networks, and list of friends", which I'm pretty happy to hand out.

    Privacy is not black/white, i was never happy giving a stupid flash game developer access to all my information for whatever evil purposes they have, but tbh ill trade my list of friends and name (which they can surely indirectly get from my friends list of friends) for a stupid flash game anyday! I assume the problem the canadians have is that even without installing any apps, if all my friends do they get access to my name, my list of friends, my wall posts, photos of me taken by others and photos of others including me. Perhaps that will be the next push in the facebook privacy API, stopping friends from giving your data away?

    • Unlike many slashdoters i feel the need to keep in touch with my friends outweighs the need to live in a basement with a tinfoilhot keeping my data (that nobody wants as anyway) private, so i do have a facebook account *gasp*.

      Imagine the thousands of years of humans struggling to create society without having the benefit of Facebook. These poor longers roamed the dark recesses of Earth's caves in a desperate attempt to entertain themselves without the ability to connect socially with other humans.

      Oh wait, that didn't happen. Instead, we as a species and as a collection of cultures evolved to depend on and function with communication that *gasp* didn't depend on Facebook or an analog. If you weren't using FB, you'd be surprise

      • FB is a tool, I use at such, it is useful for organising events/parties/nights out/etc Are you amish? do you shun phones? perhaps letters too? Just because you drive round peoples houses (assuming you don't shun houses/cars) to organise events, doesn't mean its the best way to do it.

        If i didn't use facebook my social life would diminish, I get invites to parties/gigs/etc that i probably wouldn't otherwise, why bother ringing up 30+ people and make definite plans when you can just send put the idea out there

  • Gee a company operating outside of Canada does not adhere to Canadian Law? Impossible!

    Seriously though this is just the Privacy Commissioner's Officer playing the political game. Target some company with "Gee Whiz" factor and make a stink. This is all to get PR and good vibes. See look, we do stuff, aren't you happy? Now back to work!

    Granted Facebook does business in Canada, but it isn't like they are going to lose any business, nor can they be stopped from operating. If anything this warning may scare off

  • People are surprised when I have this conversation with them.

    They think I'm nuts until I make it clear that the reason I don't make stupid little facebook apps is because I don't agree with their information sharing.
    I use facebook (no, I have an account, I seldom use it), but I don't add apps.

    Do what you want, but I think Facebook should make it perfectly clear what type of information is being given to app developers. A checklist confirming what type of information that particular developer gets access to.

  • but the UK ICO has only once taken serious action that I'm aware of and it's had the power to do so for 10 years or more.

    Let's see, under UK law:

    • You mustn't send personal data outside the EU without the user's consent unless processes are in place to ensure that UK data protection law is still followed. All well and good for Facebook itself, but what about applications?
    • You mustn't keep personal data any longer than what you need it for. Yet facebook openly admit that they don't actually delete accounts e
  • by sherriw (794536) on Friday July 17, 2009 @01:20PM (#28732035)

    While many comments here are along the lines of... well then just don't use any apps. Or... just let the people who don't know any better, suffer the consequences of their ignorance. Etc. This is a faulty argument. If we always take the stance that no one should be protected from exploitation because of their ignorance then we will all end up in that boat.

    Maybe you're so smart, you know better than to use Facebook at all or maybe just keep your personal info off it. But many people don't know this and Facebook actively encourages you to fill in and post as much info as possible.

    Ok, you're too smart for Facebook. But are you overweight? Do you read the ingredients and nutrition info of everything you eat? Maybe we should allow restaurants and food companies to fill their products with trans-fats and all kinds of harmful but tasty chemical garbage, or exorbitant calories because well, if you're too stupid to read the ingredients or research the process to make the food- you deserve what you get.

    Ok, maybe you are a conscientious eater and are careful of what you put in your body. You're too smart here. But do you use a cell phone? Maybe we should let cell phone makers create devices that emit tons of radiation and make all the cellphone users who are too stupid to research how much radiation their particular model of phone emits suffer the consequences of their stupidity.

    Do you know the safety rating of your car?
    Do you know the actual interest rates that payday lenders and/or your credit cards are charging you?

    Etc, etc etc.

    None of us are totally free of ignorance in every single area of our lives. User beware will bite all of us in the ass eventually. It needs to be a two way street. Buyers need to be aware and sellers need to be responsible for what they produce and how they treat their customers.

  • Iceland has an astounding 46.89% of its population on Facebook (since you have to be over 13 to join FB, that means over 50% of adults in Iceland are on Facebook). Norway and Denmark also beat out Canada on a per-capita, with 40.25% and 38.28%. Canada is #4 with 34.37%.
    And for those that care, the USA stands at #14 with 19.55%.
    Data taken from http://www.nickburcher.com/2009/04/facebook-usage-statistics-by-population.html [nickburcher.com]
  • The biggest problem I see with Facebook is the stupid, silly apps that get *full* access to your data. I create a dancing Christmas tree that everybody sends to their friends, or similar banality, and I can scam tons of personal data, that I really don't need to show that dancing Christmas tree.

    The Canadian report recommends that these third party apps only request the data they need to perform their function, that the app let's the user know what data is using, and gets the user's approval. If that Danci

I find you lack of faith in the forth dithturbing. - Darse ("Darth") Vader

Working...