Old Facebook Apps Still Plunder Your Privacy

tcd004 writes "If you added the YouTube Facebook app prior to 2009, you've given YouTube free access to nearly all the data in your profile (as well as many of your friends). But if you install the same app today, it gets very limited access. Older versions of Facebook apps, it turns out, still have 'grandfathered' access to data that the social networking service has restricted for new apps. If you're protective of your privacy, it might be a good idea to delete and reinstall any older apps in your profile."

FTFY

[fuzzyfuzzyfungus]

"If you're protective of your privacy, it might be a good idea to delete your profile."

Fixed that for you. No need to thank me.

Re:

[fuzzyfuzzyfungus]

You can't do much about the past; but it should become less valuable as it gets staler(exception, future candidates for political office), and deleted profiles, while visible to Facebook and any of their good buddies, are substantially less likely to show up when joe public goes looking.

Re:

[Junior J. Junior III]

Even if you do delete your own profile, your friends will eagerly put up enough data about you that it won't matter.

Re:FTFY

[characterZer0]

The only winning move is not to play.

I did

[improfane]

I deleted my profile but not before changing me name and deleting lots of stuff.

One thing you should know is that Facebook never deletes anything. Even if you tell it to. The new visibility is just 'appended' to the end of your account. Bit like a journal. TFA does not surprise me.

So if they really wanted to rewind your profile, they could. I imagine the authorities have this privilege.

Think how much time you'll save yourself from FB if you delete it now. I mean you could spend that time on Slashdot instead!

Re:

[Carnivorous Vulgaris]

But like you said, it's undoubtedly journal-like under the hood, so changing and deleting won't achieve anything.

Re:

[mysidia]

But like you said, it's undoubtedly journal-like under the hood, so changing and deleting won't achieve anything.

Yeah.. it will... if you change it subtly enough over time, it will become increasingly difficult and eventually impossible to sort out the facts from the fantasy without lots of manual labor by humans.

Re:

[Culture20]

But like you said, it's undoubtedly journal-like under the hood, so changing and deleting won't achieve anything.

Yeah.. it will... if you change it subtly enough over time, it will become increasingly difficult and eventually impossible to sort out the facts from the fantasy without lots of manual labor by humans.

In the mean-time, while you're spending time making the change subtle enough to be believed, you're letting actual data leak and confusing your friends/family. "mysidia, Grandma wants to know why you listed her as your ex-lover on Facebook. I've also noticed some unusual postings. Is everything okay?"

Re:

[mysidia]

In the mean-time, while you're spending time making the change subtle enough to be believed, you're letting actual data leak and confusing your friends/family.

If you linked your profile to friends/family members' profiles, then in a way, you have already lost the war.

"Hm... I wonder what (user)'s mother's maiden name is? No problem.... search for user > Mutual Friends > Mother > Info > Relationship History > Marriage Date > Full Name History > Prior Full name

Hey again... Mr Ba

Re:

[TheLink]

Do you really have to use your actual mother's maiden name in dealings with a bank?

In my experience, using strong passwords confuses them, so you'd still have to use a bunch of name-like words.

Heck, use a male name, tell them "don't want to talk about it" I'm sure most will shut up and get on with it ;).

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[thetoadwarrior]

I occasionally use it but I've never used my real name or anything that resembles it and I don't recall ever using for more than general crap rather than talking about myself so I'm not terribly bothered. If I want 'friend' someone I'll ask them for their account and likewise they can do the same.

Re:I did

[ConceptJunkie]

It amazes me how so many people think that that is automatically bad.

There's nothing in my profile that I wouldn't mind anyone seeing, and I've shared a fair amount of information.

With regard to potential future employers... if they don't want me because of something I put on FB, then they are definitely not the kind of people I would want to work for.

Anything I've posted on FB with respect to my interests, affiliations, friends, etc, is not something you couldn't find elsewhere with a little legwork or at worst hiring a PI for a few hours. I just don't see what the big deal is provided you show a little common sense in what you are making public, and more importantly, make it a point of not doing things you wouldn't want people to know about. Maybe I'm just old-fashioned that way.

Re:

[omglolbah]

We're at least two people with this view :p

Re:

[drinkypoo]

I just don't see what the big deal is provided you show a little common sense in what you are making public, and more importantly, make it a point of not doing things you wouldn't want people to know about. Maybe I'm just old-fashioned that way.

Or for those who do not let the court of public opinion limit their activity choices, you can show a little common sense about what you put on facebook at all, and therefore not worry about what your profile says about you because it doesn't tell any part of the story you'd like to keep to yourself.

Trusting facebook's privacy settings is like trusting your government to serve your best interests without representation.

Re:

[tlhIngan]

Trusting facebook's privacy settings is like trusting your government to serve your best interests without representation.

More correctly, there are no privacy settings. Everything posted is best assumed to be "for everyone" even if the setting says "friends only". All it takes is one friend to re-post, re-twit, re-something that news and it'll explode, especially since you can't control their privacy settings.

Especially big things - a death, a birth, a wedding, a divorce, a job offer, a job loss, etc. The n

Re:

[PopeRatzo]

There's nothing in my profile that I wouldn't mind anyone seeing, and I've shared a fair amount of information.

If you're just thinking about the data in your profile at any given time, like a snapshot, you're missing the bigger picture.

I just don't see what the big deal is provided you show a little common sense in what you are making public, and more importantly, make it a point of not doing things you wouldn't want people to know about.

You're too smart of a guy to be using the "You don't have to worry if

Re:

[ConceptJunkie]

I understand where you're coming from and don't deny you have a point, but I still don't have a problem with the whole situation.

I guess there's a fine line between discretion and paranoia and I decided long ago that I could not live my life in fear of repercussions from reasonable actions. I know there's a certain level of risk in what I share about myself. First off, as both a Christian and a political conservative, I recognize that a not insignificant number of people will automatically view me as evil

Re:

[PopeRatzo]

First off, as both a Christian and a political conservative, I recognize that a not insignificant number of people will automatically view me as evil.

My friend, I've lived long enough and seen enough of the world to understand that just because you are a conservative Christian does not mean that you are necessarily evil. Just that you bear watching. ;)

"Conservative" and "Christian" are words that are very often misused, unfortunately, but I've seen enough of you around here to believe you have a good gras

Re:

[ConceptJunkie]

My religion doesn't say that. You must have it confused with another.

Re:

[Karl Cocknozzle]

I think the concern isn't so much that people "have things they want to hide" as they just don't want to be "pre-screened" from jobs, education opportunities, and/or political office because the "wrong" person sees the Facebook photo of them with their arm around a person of the "wrong" gender.

Its not right, and its not fair, but that's life.

I'm on FB to control my company's FB page. But I post nothing--and my pictures are all bland and inoffensive. None of them show me drinking a beer, making out with my g

Re:

[Anonymous Coward]

It amazes me that some people would prefer that we live under a rock for 30 years without communicating with a real human being, because that would be safer and it would surely be more likely that no personal information would be leaked that way.

Re:

[Bill, Shooter of Bul]

Yeah, only on Slashdot can you decide who your friend is without their confirmation needed, my newest slashdot Friend.

Re:

[vlm]

(goatse image here) Like

Re:

[Bill, Shooter of Bul]

(X) Hide all posts from application goatse
(X) Hide all posts from vlm (69642)

Re:

[vlm]

Think how much time you'll save yourself from FB if you delete it now. I mean you could spend that time on Slashdot instead!

Farming trolls? Serverfarm-ville?

Re:

[GameboyRMH]

Serverfarm-ville?

Oh crap you just told them how to make a geek farmville...they'd drag all geek-kind into their awful digital opium den with something like that...

Re:

[betterunixthanunix]

People are terrified of doing that. Seriously, they are terrified of what might happen if they were to not be on Facebook anymore. You would think that Room 101 contains nothing but "delete your profile" buttons...

Re:

[mysidia]

"If you're protective of your privacy, it might be a good idea to gradually replace all information in your profile with phony information." (Assuming you already made the mistake of creating a profile)

There, fixed that for you.

Lies

[C_amiga_fan]

Almost everything in my profile is either lies (born in 1900), or left intentionally blank (Favorite Hobbies: _______). I give as little information as possible to Facebook and its partners.

Re:Lies

[betterunixthanunix]

Do you browse your friends' profiles? Do you send Facebook messages to them? Do you use Facebook's real-time chat? Facebook records everything you do on the website -- just using Facebook means giving them information. It does not really matter if you lie about your age -- what matters is if you list your friends (not even accurately -- even if you have 1000 "friends," they will just take a look at the profiles you visit most frequently).

Everything about Facebook is designed to extract information from you. The fact that you lied or left things blank on your profile has probably been detected, and used to construct the real profile about you: what sort of a person you are, what sort of advertisements you are most likely to pay attention to.

Re:

[Servaas]

Except this website is focused primarily on your social life. So I guess a Anonymous Coward has little to fear.

Re:

[vlm]

You might be on to something. Facebook obviously figured this out, and as such began blasting 90% pro-homosexual ads at me.

(insert my best serious Dr Phil wakeup call voice here) ... Oh heck, need I even say it, you all know what we are snickering about.

Re:

[DavidTC]

I suspect it's probably the gays doing that, trying to make you gay with ads alone.

<spooky voice>GaaaaaaaAAAAaaaaaAAAAaaay. Become gaaaaAAAAaaay.</spooky voice>

Don't fall for it.

Re:

[ByteSlicer]

just using Facebook means giving them information.

It's even worse than that. If you previously logged on/off on Facebook, and fail to clear your browser cache and cookies, then Facebook will track every other website you visit afterward that uses some scripts of theirs (such as the Like buttons). And unlike normal cookie tracking, they know exactly who you are from your profile data.

Re:

[Karl Cocknozzle]

OMG, +1 Pants-Peeing Hysterical man...

Re:

[Carnivorous Vulgaris]

Incongruently, the junk from your profile is exactly what financial institutions, and other important accounts demand as security questions.

Re:

[HAKdragon]

That assumes, of course, that the information that you use for security questions is accurate.

Keep multiple profiles

[mlts]

I recommend people keep multiple profiles:

One profile is what they show to prospective employers that is sanitized and easy for people to see.

One profile that is either under a nickname, or a slight misspelling of the normal name, and private. This is for friends only, and for the usual socializing. Make sure to use group permissions so you can friend someone, but they don't have to see all your postings unless you give them access.

Neither of the above have platform apps turned on.

Then, one profile, not c

Re:

[mlts]

That is true. However, when interviewing for jobs, HR people will question your ability to deal with IT technology if you don't have a MySpace/FB/Twitter presence, claiming it is as behind the times to not be on FB as it is not to have a cellphone or computer. Most companies, the HR people will have the say over the IT people, so whatever they think goes when it comes to offers being extended.

Re:

[vlm]

HR people will question your ability to deal with IT technology if you don't have a MySpace/FB/Twitter presence, claiming it is as behind the times to not be on FB as it is not to have a cellphone or computer.

I love the smell of astroturf in the morning, or at least I just work up, anyway.

Also there is a lot of self delusion going on, in general, in social media.

Everyone looking for a date knows they have to post on facebook, because like two people on Oprah were interviewed and supposedly got a date.

Everyone unemployed knows the best place to get a job is linkedin because everyone knows Oprah interviewed a guy whom heard of another guy whom got a job off linkedin.

The funny part is FB is full of unhappy single p

Re:

[vlueboy]

No. HR could not care less, just like when you complain on their demand for "5 years of experience on Windows Vista and 7." Even your specific target department (assuming IT) actually asking to see your presence doesn't care about it --they're only snooping for whether you'll be a problem to avoid. Anyone serious already keeps a non-Myspace/non-FB/non-Twitter website dedicated to their REAL technology presence, completely under their control, or sometimes a leased account on a blog.

We're all IT people, and

Re:

[Nadaka]

I only got a facebook account a couple months ago when I broke of with my crazy ex and realized that I didn't have a practical way of communicating with all my old friends who I had been missing due to crazy ex and moving 2 states away.

Re:Keep multiple profiles

[igreaterthanu]

Then, one profile, not connected in any to the above two, using a nickname or alias, and using a different E-mail address (preferably different domain), perhaps in a separate Web browser and sandbox. This profile is for fertilizing your donkey in Farmville and playing all the FB games

No, no, no, no, NO!

You must play Farmville on the account with all your friends who play Farmville, otherwise you won't do very well at all and they won't be able to know how awesome at Farmville you are and how committed you are that you set multiple alarms at night to go and "[fertilize] your donkey". That is the whole point of these games, if it wasn't for that you may as well be playing something like Crysis. Do you know anything about Farmville?

Re:

[commodore64_love]

>>>playing something like Crysis

I prefer Yoshi's Happy Technicolor Dreamland of Psychedelic Colors (2D platformer). But yeah you're right, Farmland's a waste. As pointless as that Cow Clicker app

Re:

[fishexe]

...This profile is for fertilizing your donkey in Farmville and playing all the FB games

No, no, no, no, NO!

You must play Farmville on the account with all your friends who play Farmville...Do you know anything about Farmville?

Clearly not, he thinks "fertilizing your donkey" is part of the game.

Re:Keep multiple profiles

[vux984]

In other words, you recommend that people directly violate facebooks terms of service:

Section 4:

# You will not provide any false personal information on Facebook, or create an account for anyone other than yourself without permission.
# You will not create more than one personal profile. ...
# You will keep your contact information accurate and up-to-date. ....

Oh, and by recommending people create multiple profiles with false information you are also in violation of Facebook's terms of service yourself:

Section 3:
# You will not facilitate or encourage any violations of this Statement.

This is one of MANY reasons I recommend people not use facebook. I don't think their ToS are at all reasonable. If you have to blatantly violate them to make the site palatable, then don't use the site. Doing what you advocate just rewards them for being assholes, and if you ever have any sort of dispute with them they have you over a barrel because you are blatantly violating their ToS.

Re:

[rrohbeck]

You must be one of the two people in the world who read that.

Re:

[Penguinshit]

I guess we know where you work. Thanks for adding that to your profile.

Re:

[yuhong]

I think using real information is pretty reasonable. I don't put much on Facebook (I don't even visit it often), but I do follow these terms for what I do put.

Re:

[yuhong]

Not to mention that even if what the OP suggests was allowed, I would consider it as a workaround only, as it is not really authentic.

Re:

[vux984]

Most sites have the same ToS conditions if you bother to read them.

I do read them. I rarely have an issue with them. I have also never been advised that one should need to create multiple accounts with falsified information in them in order to make use of a service other than facebook and its social networking ilk.

No bullshit, one account per person.

Yes and no. Its hard to compare "most sites" to facebook. Most sites don't collect anywhere near the same amount of information as facebook does. Most sites don

Re:

[clone52431]

fertilizing your donkey

I can definitely understand why you’d want to use a fake profile for that sort of thing.

keep your business to yourself

[Fujisawa Sensei]

Just don't put anything up there that you don't want somebody else's lawyer holding up in court.

Also, if you're worried about FB apps getting access to your schitt don't use them, any of them.

Are FB apps just PHP webapps?

[improfane]

Are FB apps just an external web page in an internal frame? If they are, surely they're vulnerable to the same attacks as any webapp.

My point being I certainly would not cry if a vigilante blackhat dropped some databases...

Re:

[Fujisawa Sensei]

Are FB apps just an external web page in an internal frame? If they are, surely they're vulnerable to the same attacks as any webapp.

My point being I certainly would not cry if a vigilante blackhat dropped some databases...

Meh, so that happens, not a big deal either.

But I'm certainly not putting my email password into that, or any other social networking site.

I have 'grandfathered' oblivion. I don't exist.

[G3ckoG33k]

I have 'grandfathered' oblivion. I don't exist. I don't have a Facebook account. Zapped future. Amen Ho Tep.

Re:

[DavidTC]

I think you misunderstood the man. He clearly said he doesn't exist.

Everyone, mod grandparent -1: Doesn't exist

Standard Internet Rules Apply

[blueZhift]

I guess the standard internet rules still apply. Once you put something on the internet, it's out there forever. The big problem with Facebook is that now that info is likely linked to your real name which makes it easier for script kiddie level "hackers" to make trouble for you. With that in mind, I think the best advice is to make sure that there's a lot more good stuff that comes up about you than bad! Facebook is too pervasive right now to just ignore, so you just have to engage in more aggressive infor

Re:

[turbotroll]

(especially if anyone ever happened to backtrace her... she probably doesn't want her family knowing that the cute stray they rescued a few years back has been getting its RDA of peanut butter off her muff)

Very interesting and funny cautionary tale. ;) Too bad some schmuck modded you down...

Idiots

[mark72005]

Who, other than bored housewives and tweens, use facebook apps anyway?

Re:

[Dishevel]

Who, other than bored housewives and tweens, use facebook apps anyway?

The /.ers that use Facebook to get sex with bored housewives and the AC pedos going after the tweens.

On the other hand...

[pedantic bore]

While "delete your apps periodically and re-add them as needed" is probably very good advice most of the time, are there any cases where apps are getting worse with respect to privacy, and so having a newer version of an app is worse than having the older version?

It seems likely that someone out there, having gotten a whiff of the money that might be made, is actually getting worse about this...

Re:

[A Friendly Troll]

While "delete your apps periodically and re-add them as needed" is probably very good advice most of the time, are there any cases where apps are getting worse with respect to privacy, and so having a newer version of an app is worse than having the older version?

In a way.

Lately I've been bombarded with more Zynga game requests; some *Ville thing, I don't remember exactly.

If you want to install their game, Facebook presents you with a list of many items that the game requires access to. One of the prerequisites is even your email address. Several months ago, they couldn't get that.

Re:

[Sparrow1492]

Yep. And the Zynga apps have gotten even worse now. To do many of the new in game functions you have to give them even more rights, including the right to automatically stream all of your posts and info. At that point you can't even choose not to share your donkey activities.

Don't use the apps in the first place

[roc97007]

I always felt that using third party apps in Facebook was a little like playing flash games on random websites -- you're giving alien code full access to whatever information you have on Facebook, and may even be opening attack vectors on your local computer.

The friends and family in my close circle range from promoting social networks for a living, to distrusting them entirely and refusing to participate even under an assumed name. I'm somewhere in the middle -- I have a small circle of friends whom I actually know, I have security locked down appropriately with periodic reviews, and I never play the games or use any of the apps. No interest in virtual organized crime, virtual farms, virtual restaurants, or today's fortune, and I don't care that someone has answered a question about me that I need to click to unlock. And I have absolutely no interest in revealing my Netflix queue to my mom. Like any tool, you can use it properly or poke your eye out, your choice.

For the facebook user swamped with lonely little cows and pillow fights in their news feed, do this: Mouse over the little "x" in the upper corner of the item. Observe a popup allowing you to "block user-name" or "block application-name". Choose the latter, and that particular app will never be seen again. Do this consistently for a week or so and you find that your news feed has been reduced from a firehose of banality to a trickle of genuine social interaction. In the rare cases where your nephew finds new crap to plaster on your wall faster than you can update your blacklist, you can always "block user-name" and ban him from your news feed. He'll never know.

Stop using Facebook? It's a little like saying "Why don't you avoid the spam and 419 scams and viruses -- just stop using email!" If you said that in 1995 you might get a few people nodding their heads. In 2010 it's a ridiculous statement.

Re:

[drinkypoo]

Indeed using fb apps is an invitation to ownage, but AFAIK it hasn't (yet?) happened through a mainstream app, just through little bullshit apps of the type prone to be taken over and abused.

Re:

[GrumblyStuff]

Like any tool, you can use it properly or poke your eye out, your choice.

So you're saying after two failures, we can do anything?

One or the other

[rudy_wayne]

Facebook and privacy are mutually exclusive. You can have one or the other but not both. Personally, I think all the worry about "privacy" is extremely exaggerated and overblown. What are they going to do? Show me targeted ads? That's what AdBlock is for.

Unless you're actually stupid enough to put all sorts of personal info on Facebook, like your real name, address, etc. In that case you're a moron who deserves to be ass-raped by every script kiddie hacker wannabe.. The bottom line is very simple. If you really care about privacy, you don't have a Facebook account in the first place.

Re:

[yuhong]

Unless you're actually stupid enough to put all sorts of personal info on Facebook, like your real name, address, etc.

Wouldn't use these as examples.

privacy

[Tom]

If you're protective of your privacy,

...then what the hell are you doing on Facebook???

FACEBOOK IS GAY UP the Arse!

[NSN A392-99-964-5927]

Sorry could not resist. Sue me! Look if you need to join a social networking site, you need a "Reality Check". Buy your own domain name and get hosted or host yourself if you know apache. It is not that hard. Start you own blog etc and people will find you. Not fake "E" friends, then you might make some true friends.