Facebook Sharing Too Much Personal Data With Application Developers

An anonymous reader writes "Remember the Facebook News Feed privacy uproar? What about the Beacon scandal from late last year? Privacy activists are rallying around yet another major issue at Facebook, in which the company is secretly sharing user data with third parties. Researchers from the University of Virginia recently announced that in a study of the top 150 Facebook applications, more than 90% were given access to information that was not needed to function correctly. That Scrabble or Superpoke application you really like? Its developers get access to your religion, sexuality and home town. Facebook's position was summed up by Georgetown Law Professor Dan Solove, 'They seem to be going on the assumption that if someone uses Facebook, they really have no privacy concerns.' Do Facebook users deserve privacy? "

Re:Net

[Altari]

If you post it on the 'net, it's public information, no matter how secure or private the application is. One must treat his or her information on social networks this way, no exceptions.

Well put. We must run under the assumptions that whatever information we provide to websites will not remain confidential, privileged, private or otherwise secure. Sites have privacy policies for a reason, yet some users seem to get upset when something clearly outlined in the policy comes to light. I, on my part, read the FaceBook applications privacy policy and never had any hopes that my information would be secure.

http://developers.facebook.com/user_terms.php [facebook.com]

(i) any information provided by you and visible to you on the Facebook Site, excluding any of your Contact Information, and

(ii) the user ID associated with your Facebook Site profile.

If you're concerned about how your information will be shared, read the policies and simply don't sign up for sites that don't meet your criteria.

Re:Information sharing is optional

[phantomcircuit]

Yeah and if you un-check that box ZERO of the applications will work.

It's quite poopular

[FrameRotBlues]

I started reading the virginia.edu piece, and came across this line:

It's been a wild success: the most poopular Facebook applications have around 24 million users[...]

That's just it: no one who adds the applications gives a crap about their privacy. When you add an application, there are several checkboxes, and you don't have to have them ALL checked in order to add an application, but the only one you DO have to have checked is the "Allow this application to know who I am and to access my information" box. If you uncheck that and try to add the application, Facebook tells you that you need to have this checked, and if you don't feel safe about that, don't add the application. Therefore, IMHO, Facebook gives plenty of warning to those adding applications.

However, I have very few applications on my Facebook - I don't care about the OC, or Dawson's Creek Quotes, or Hot Or Not. I find that the demographic of people that add those kinds of applications don't give two shits about their privacy, and they never read the fine print. They just want to show their friends how much they like the OC or Dawson's Creek. It's just natural selection, internet-style.

Re:Translated Quote...

[kebes]

You are clearly asked if this is okay when you install the application, so facebook is not doing anything unethical. It's all above the board...

It's mostly above board. The part that isn't is that even if you don't install any Facebook applications, if one of your friends (who can see your private profile) decides to install an application, that app now has access to your profile. As TFA explains [news.com]:

Many Facebook users set their profiles to private, which stops anyone but their friends from seeing their profile details. This is a great privacy feature that can protect users from cyberstalkers and is completely gutted by the application system. To restate things--if you set your profile to private, and one of your friends adds an application, most of your profile information that is visible to your friend is also available to the application developer--even if you yourself have not installed the application.

(Emphasis in original.)

You can disable this loophole in Facebook's settings (go to Privacy > Applications > Other Applications and set it to "do not share"), but it isn't made very clear that by default your private details are nevertheless accessible to third-party apps through your friends list. Facebook should make this much more explicit (or perhaps have this setting default to "do not share" for anyone who sets their main profile to private?).

Re:Net

[Anusien]

It's not that simple. If your friends on Facebook add an application, that application's developer gets access to all your information.

Re:Net

[0100010001010011]

No they don't. You get a 'your friend has added X, JOIN NOW' and THEN you can decide if you want to join an application you can check the box "share my data with application X"

Re:It's an API

[yukster]

Yes, technically Scrabble has access to the religion of its users. Yes, it could be storing this.

Actually, the developer terms of service explicitly prohibit storing anything other than ids (pretty much):

http://developers.facebook.com/documentation.php?v=1.0&doc=misc [facebook.com]

Re:Net

[Otter Escaping North]

No they don't. You get a 'your friend has added X, JOIN NOW' and THEN you can decide if you want to join an application you can check the box "share my data with application X"

Yes. They do.

Read the article, and if you're on Facebook, go to "privacy" -> "Applications" -> "Other Applications" and read what it says under "What Other Users Can See via the Facebook Platform" very, very carefully.

Re:Automaticly install applications?

[Mitreya]

Wait, last time I checked Facebook doesn't automaticly install apps you have to do it and confirm you are allowing this app to acccess some of your information. They don't give third parties your info, you do.

RTFA (and I quote:)

To restate things--if you set your profile to private, and one of your friends adds an application, most of your profile information that is visible to your friend is also available to the application developer--even if you yourself have not installed the application.

It seems that they do give my info to third parties - third parties being all the stupid applications that my friends installed. I keep very minimal info on my facebook account and don't install any apps because they require full access to my profile, but I still went and turned this sharing off just now. WTF, why did I just learn that every application that any of the 60 of my networked friends has installed could have been happily roaming through my account without my knowledge?

It's not that simple

[Gordo_1]

Even pictures you didn't know existed get posted on the Internet and become essentially public information tied to you through facebook due to your meddling friends. This is how my privacy was breached: I accepted a friend's invitation to join Facebook. I input my real name, username and a password. That's it, I added no other details because I didn't really want an account, I just wanted to see pictures in his profile. Little did I know that I'd be subsequently deluged with requests from various acquaintances to reconnect after a dozen or more years -- I graciously accepted connect invitations, but refused to add any applications at all. Then a number of my friends who snap pictures at bars we hang out at or football game we go to, started identifying me in various snapshots, and these pictures are forever tied to my account. No I'm not happy about this, but serves me right for even signing up in the first place.