Facebook Sharing Too Much Personal Data With Application Developers 165
An anonymous reader writes "Remember the Facebook News Feed privacy uproar? What about the Beacon scandal from late last year? Privacy activists are rallying around yet another major issue at Facebook, in which the company is secretly sharing user data with third parties. Researchers from the University of Virginia recently announced that in a study of the top 150 Facebook applications, more than 90% were given access to information that was not needed to function correctly. That Scrabble or Superpoke application you really like? Its developers get access to your religion, sexuality and home town. Facebook's position was summed up by Georgetown Law Professor Dan Solove, 'They seem to be going on the assumption that if someone uses Facebook, they really have no privacy concerns.' Do Facebook users deserve privacy? "
Net (Score:5, Insightful)
Re:Net (Score:5, Insightful)
IQ != ? (Score:3, Funny)
-
Re: (Score:3, Insightful)
Re: (Score:2)
The greatest prob
It's not that simple (Score:3, Informative)
Re: (Score:2)
Click on each photo for larger version, then click on the words "remove tag" next to your name beneath the photo. (I believe this also prevents anyone from re-tagging the photo.)
Unfortunately, there doesn't seem to be any way to opt out completely. (Although it occurs to me that disabling searches for your account may disable tagging as well, since the tagging feature performs an implicit search on the name. Worth an experiment.)
Re: (Score:2)
Re: (Score:3, Informative)
If you post it on the 'net, it's public information, no matter how secure or private the application is. One must treat his or her information on social networks this way, no exceptions.
Well put. We must run under the assumptions that whatever information we provide to websites will not remain confidential, privileged, private or otherwise secure. Sites have privacy policies for a reason, yet some users seem to get upset when something clearly outlined in the policy comes to light. I, on my part, read the FaceBook applications privacy policy and never had any hopes that my information would be secure.
http://developers.facebook.com/user_terms.php [facebook.com]
(i) any information provided by you and visible to you on the Facebook Site, excluding any of your Contact Information, and
(ii) the user ID associated with your Facebook Site profile.
If you're concerned about how your information will be shared, read the policies and si
Re: (Score:2, Informative)
Re: (Score:2, Informative)
Re:Net (Score:5, Informative)
Yes. They do.
Read the article, and if you're on Facebook, go to "privacy" -> "Applications" -> "Other Applications" and read what it says under "What Other Users Can See via the Facebook Platform" very, very carefully.
Re:Net (Score:5, Insightful)
Well that's what I thought. But it appears that's actually not the case. If you RTFA and click through, you find a page that explicitly says that friends applications can view my data. Which presumably they can then do more or less anything with, seeing as how keeping that data is only "enforced" by the terms of service. The defaults are set such that my friends apps, any by implication anybody who can code, can view everything except my sexual preferences, basically.
That's pretty surprising, and I'm glad Ms Felt has called this out. It means that anybody who writes a moderately successful app can build a giant database of things that I never intended to be in any database other than Facebooks. Part of the reason Facebook has been successful is that it does actually have privacy controls, and people feel they can share their data with only their friends (and facebook inc, of course, but that's only one company). The fact that it's not true is a pretty gaping oversight.
What I find especially funny is the big bold sign at the top saying "Facebook does not sell your personal data". No, they give it away for free instead. Great.
Re: (Score:3, Insightful)
Your advice is wildly overreaching. It's like telling MADD, "if you don't want to get killed by drunk drivers, don't leave your house."
Re:Net (Score:4, Insightful)
I agree with you that information posted to social networks can't be considered private, but that's because they are broken, and their users have the right to complain about it.
Re: (Score:2)
If you want to broadcast y
Re: (Score:3, Insightful)
If you gave the social networking site as much money as you do your bank, maybe you could.
Utter bullshit. (Score:2)
And in some cases a matter of compliance with the law, I would be very surprised if they are not breaking EU or UK law... An enterprising solicitor will get them by the short hairy ones.
Re: (Score:2)
My point was also that you deal with your bank in the matter of currency.
In Facebook, that currency is your personal info, and your eyeballs on adverts. It's like saying why can't you deal with your bank without them having to keep hold of your money, and earn interest on it, etc. It's what they do. It's how it works.
Facebook makes most of this reasonably obvious, but they're banking (ha!) on the average person not caring or reading what they're told.
I don't have much opinion on whether this is good
Re: (Score:2)
It shouldn't be a requirement to "allow this application to access my personal information". Why a Tetris application REQUIRES such access is the reason i have a boring, application-less profile.
Unfortunately, those applications are developed by people who want your personal information. There's very little chance of them allowing you to use the app without you giving them access to that info. It's what they want. It's why they're doing it. They just want to advertise to you, and targetted advertising is even better.
Have a look at the facebook dev boards. It's full of people asking how many users they can get, how to get more users, how they can get around the restrictions FB keep adding,
So basically (Score:5, Interesting)
Re: (Score:2)
So what restrictions, if any, does this mean those who handle our information on the 'net are under to keep our information private? Does this free pass to treat our information as public only apply to 'social networking sites' and what then qualifies as a social networking site? If I do my taxes online, does that become
The assumption is that we tell Facebook the truth (Score:4, Funny)
Now, true, half my friends post pics of their drunken parties (yo! Aislinn and Katelyn! love the pics!), but so far I'm not in any of the pics, and I happen to know some of my friends are not the people they say they are
Nobody trusts the man, man. We all realize you're all pervs.
It's called Facebook not Maskbook (Score:1)
Deserve Privacy? (Score:2, Insightful)
At this point, I'd say no.
Personally, given their abysmal track record so far, I'd say that anyone using them at this point should assume they have no privacy at all. To some extent facebook is guilty of false advertising, by seeming to allow you to restrict other users from seeing some of your information. But why anyone who put anything on Facebook would expect any privacy at all, is a mystery to me.
Re: (Score:3, Insightful)
Perhaps they shouldn't expect it, but that's different.
Re: (Score:2)
Re: (Score:2)
I was not impressed to find out one day that what was previously available only to people with an email address belonging to my university was suddenly available to anyone claiming to be from London (i.e. in the London 'network').
Now, it seems the whole point of Facebook is to make as much money as possible through advertising. It's time for the next networking site.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I was just being cranky... damn this cold.
Yes, we all deserve privacy, and facebook ought to be respecting that. Part of my crankiness, no doubt, is that I don't "get" facebook. I don't know why people would want to put all those personal details online. That's perhaps because I do value my privacy, quite a bit, and wouldn't put information online for the sole purpose of having people I've never met look at it.
Our privacy is being taken away in leap
Wow (Score:5, Interesting)
Re: (Score:2)
With the exception of the beacon debacle, the Facebook 'privacy' issues have really had more to do with the perception of privacy and bandwagon hysteria. Take the news feed for instance. People were up in arms about information being made available that they had already made available. A close analogy would be accusing Google of privacy violations for indexing your public web page.
This application issue is a non-starter. Fa
Re: (Score:2)
the Facebook 'privacy' issues have really had more to do with the perception of privacy
Right. That's why the CEO publicly apologized for the news feed [facebook.com] and beacon [facebook.com] and there has been widespread discussion about a host of other issues [wikipedia.org] and concerns. Companies that are responsible with privacy issues pretty much don't typically get this much bad press. It's not just once or twice.
People can make public whatever information about themselves they choose and I support that. But if a company is going to make money from potentially sensitive information then they have a responsibility to be carefu
Re: (Score:2)
I believe your intelligence is sufficiently adequate to imagine situations where an apology might be issued even if one is not technically or actually at fault. So, I find this particular argument disingenuous rather than compelling.
Again, with the caveat of beacon, the linked issues are:
1. Concerns about the privacy policy itself. Since Faceboo
Re: (Score:2)
Serious question, but could you tell me how I can stop sharing, say, my demographic with, say, Scrabulous? I clicked on 'Edit Settings' at the application, and got the following stuff:-
Re: (Score:2)
Don't install it. If you want to use an application you have to provide access to your information. On the other hand, the application is not allowed to store the information. (AFAICT, basically the application uses your information to run and/or to serve targeted ads.)
If you haven't installed the application go to the "Other Applications" area of the applications privacy area and you can choose what in
Information sharing is optional (Score:2, Insightful)
When you add an application, it asks you quite clearly:
[ ] Know who I am and access my information.
It's the first checkbox.
Or, even better: you don't need to use applications! Hell, you don't even need to use Facebook! There are services like Hushmail for people who want privacy in their communications.
Re:Information sharing is optional (Score:5, Informative)
Re: (Score:2)
Just like security.
Re: (Score:2)
Re: (Score:2)
If a user installs a photo-sharing application, where does he/she think the application gets it's photos from? What's your point?
On the other hand, what business does a flash game have to do with any of anybody's personal data? Or, for that matter, why should the photo-sharing application be able to see which groups you are in, who your friends are (well, just *maybe* this has some use, such as privacy control of pictures, but even this ought to be centralized in Facebook itself, not in a third-party app), or what notes you have written?
This kind of thing is not difficult to implement and has been done since the days of Titanic (if
So don't use them (Score:2)
That said, it would be nice if they had granular control over what is released to apps, like they do for every other aspect of the site.
Re: (Score:2)
Sure, sharing information is optional; but it would be wise for Facebook to present more detail when installing 3rd party applications. Facebook's data service should require that an application specifies the information (on a field basis) that it wants to use before it can access the data. Facebook could then easily report to the user what information the application wants to use. This would give Facebook users a reasonable idea of whether the application appears trustworthy or not. It should also requ
Re: (Score:2)
There are services like Hushmail for people who want privacy in their communications.
Because that has a proven record of working so well [slashdot.org]?
No, if you really want privacy in your communication, you encrypt the plaintext on your own computer and never transmit on the net anything that is not encrypted. You trust no one. Especially people who say that they will keep your stuff private. It's not paranoia when there are people out to get you.
Having said that, I don't care about my (several) Facebook profiles (and privacy of those profiles) either, because it's all filled with lies, damned lies, a
conclusion: (Score:2, Interesting)
it's getting to the point where you really don't have to think anymore to solve problems in information technology
just read slashdot headlines. problems, and solutions, present themselves. often in temporal order. right next to each other
(scratches head)
and... (Score:2)
Don't supply it in the first place! (Score:5, Interesting)
Higher Education is still generally based on paper marketing. Yes, we have a mass of information available on the web but it's not enough honestly and from some Noell-Levitz studies it has been found that the majority of students still want to be communicated by traditional mail marketing in addition to everything else. In fact, in the focus groups I have conducted on the topic, 89% of those that responded (pool of ~350) wanted no communication other than direct mail -- that was shocking to me, especially because they were traditional aged students (18 - 24). I have found that most students will give you their name and address (which is more than I normally will give anyone until I actually apply to the college) and not much else (no birthdate, prior education, and especially no phone number or e-mail address).
So, why are these people giving it to Facebook? Why would they trust that site more than an institution of higher education that is actually mandated by law to protect the privacy of those it deals with? I can't turn around and release any part of a student database to any third party unless its cleansed and has no identifiable information.
Personally, while Facebook is the "new big thing" in Higher Education, it's not worth it for our institution to spend all that much time recruiting by it. Our traditional data works just fine to increase enrollment through the traditional mail, phone and e-communication programs I have developed and redeveloped. That said, I really do believe that people should be very careful about what they put out on any social networking site. Contrary to the belief that there are no automated programs allowed to scour the site, they do and the data that comes back is some really interesting stuff to wade through.
Re: (Score:2)
I'm 31, and much more likely to give out my home address than an emai
Re: (Score:2)
Actually, we send out far more snail mail than we do e-mail and being that *I* am the determiner of what and how much gets sent, I do my best to limit it to a single communication at the start and less than 5 (currently) for the rest of the year.
The cost of the snail mail isn't so bad and it's not like we're not used to the volume. In our case we don't recruit quite like other schools do as our budget is smaller but we stil
I doubt is has much to do with privacy... (Score:2)
Re: (Score:2)
Experience with the institution, lake of experience with the site.
hubris (Score:1)
Hmm (Score:1)
Automaticly install applications? (Score:4, Insightful)
Re: (Score:2)
I have a Facebook account, because as someone in that nebulous realm between college and her 30s, it's the best way to keep loose track of the people I knew in high school, college, grad school, back home, etc. But I consider it sort of a fancy Rolodex -- I've shot down every single application invitation any friend has ever sent me. They don't see why, but then again they're the ones with drunken-party-pictures on their profiles, too.
Saying, "the average user shou
Re:Automaticly install applications? (Score:5, Informative)
RTFA (and I quote:)
To restate things--if you set your profile to private, and one of your friends adds an application, most of your profile information that is visible to your friend is also available to the application developer--even if you yourself have not installed the application.
It seems that they do give my info to third parties - third parties being all the stupid applications that my friends installed. I keep very minimal info on my facebook account and don't install any apps because they require full access to my profile, but I still went and turned this sharing off just now. WTF, why did I just learn that every application that any of the 60 of my networked friends has installed could have been happily roaming through my account without my knowledge?
So what's the Facebook Privacy Policy? (Score:2)
Re: (Score:2)
Deserve or expect privacy? (Score:5, Insightful)
Re: (Score:2)
As with all things fashionable and yet ultimately empty, Facebook seems to have matured. It's not the next big thing any more. It's so last year.
Re: (Score:2)
So why is this news again...? (Score:5, Insightful)
Did anyone ever really have the assumption that that information was needed to make the app function, and not just a way of tricking users into giving up demographic info to third parties?
Personally I'm not sure Facebook is in the wrong on this one. It's up in big letters that you're giving whatever application it is access to your personal info--and all those things are OPTIONAL to place in your profile. I don't know that it should their fault that users don't think it through and then become surprised/outraged when they find out what it really means.
Re: (Score:2)
Re: (Score:2)
While you are dead right in saying that humans are predictable (in this case following the crowds in installing these things just because "all my friends have it") but I fail to see how anything is going on here save for users failing to examine what th
WTF (Score:1)
Secretly? (Score:2)
Translated Quote... (Score:2, Insightful)
uses Facebook, they really have no privacy concerns.'
"They seem to assume that people who post their name, address, sexual orientation and gender on giant roadside billboards don't care if strangers know their name, address, sexual orientation and gender! It's like they think that people who go out into the crowded streets don't care who knows what shirt they're wearing!"
Re:Translated Quote... (Score:5, Informative)
You can disable this loophole in Facebook's settings (go to Privacy > Applications > Other Applications and set it to "do not share"), but it isn't made very clear that by default your private details are nevertheless accessible to third-party apps through your friends list. Facebook should make this much more explicit (or perhaps have this setting default to "do not share" for anyone who sets their main profile to private?).
It's an API (Score:5, Insightful)
Seriously, what is confusing here? You have to agree when you add an application that it will be able to access your profile data. When you say 'yes, allow this', why would you be surprised that the application is then allowed to do what you just allowed?
http://developers.facebook.com/documentation.php?doc=fql [facebook.com]
Re:It's an API (Score:4, Insightful)
But that's not to say this is the only way to do it. It would be possible, for instance, to have the API set such that the application initially makes a request for which database fields it will need to use. Then the application is only allowed to use those fields; all others are invisible. When a user installs an app, it clearly shows which fields the app will be using. This would allow users to make informed choices about which apps to install. If "SuperPoke" says it will access your friends list, that's fine. If it says it will access your address and phone number, that's suspicious.
My point is that Facebook decided to implement a binary security model: either you don't install the app, or you give it access to everything. This doesn't seem like the best model. As a general security rule, an application should be given access to the absolute minimum breadth of resources/data needed to do its job properly.
This is why I don't install Facebook apps: there is no mechanism for controlling the security or even establishing a chain of trust for the application developer.
Re: (Score:2)
However if they do so for longer than 24 hours (for caching), show it to anyone unless the Facebook user requested it and a few other things they're breaking their agreement with Facebook [facebook.com], so any application caught doing so could be kicked off of Facebook.
(Of course spotting applications doing so could be rather tricky...)
Re:It's an API (Score:4, Informative)
http://developers.facebook.com/documentation.php?v=1.0&doc=misc [facebook.com]
Re: (Score:2)
So technically Scrabble could simply make a call, though Facebook, to get the religion of its users whenever they wanted it.
Only 1 out of a half-dozen phone companies told the NSA to go fuck themselves when they came asking for call records. How many application developers are there? How many people does the CIA have to ask until they find out what my favorite movies are?
Re: (Score:2)
Comment removed (Score:4, Insightful)
Re: (Score:2)
A few years ago a couple posted pictures and videos of themselves online. The woman was fired from the hospital she worked at as a nurse because of that. Now did she commit a crime? No, it's totally legal. Does it
Re: (Score:2)
I've really started to dislike Facebook (Score:2)
It has the potential to be a really great tool, but there's a little too much social in this social network. The boundaries aren't clear and simple, and just about every transaction *REALLY WANTS* to share your information with other people.
I can't count how many times I've received notifications from people who were intending to send a private message to someone else. Whenever I do a quiz or something, I have to go out of my way not to "share with my friends" or "invite my friends to beat my score."
If You Want It Private Keep It Private (Score:3, Insightful)
> no privacy concerns.
Sounds like a reasonable assumption to me.
> Do Facebook users deserve privacy?
Sure. And they can have it. All they need to do is keep the stuff that they want to remain private off Facebook.
It's quite poopular (Score:2, Informative)
It's been a wild success: the most poopular Facebook applications have around 24 million users[...]
That's just it: no one who adds the applications gives a crap about their privacy. When you add an application, there are several checkboxes, and you don't have to have them ALL checked in order to add an application, but the only one you DO have to have checked is the "Allow this application to know who I am and to access my information" box. If you uncheck that and try to add the application, Facebook tells you that you need to
privacy? (Score:2)
The whole point of social networks is that it allows one to easily control the information that they radiate. Remember when all we had to go on was rumours? Now we know who is gay, we know whose brother was killed in a car accident last year, we know that our previous significant other is now dating again. All of these things that once might have been awkward to bring up are now just pieces of information. If facebook and myspa
Well, I kinda agree... (Score:2)
These people are putting their personal information up on a site, the purpose of which is to share your personal information on. Now, granted there are varying degrees of access you can grant people, but I wouldn't assume too much privacy in doing so. I think the real problem here is people just assume they can go handing out whatever willy nilly and it'll just "all work out."
My take? If you don't want your information shared with abandon, don't put it on a site that has made its while business on shar
I don't use any of the applications (Score:3, Interesting)
So, one day, I just sat down and yanked most of the applications out. so, if you send me something on the Funwall, sorry - I won't be seeing it. And if you have some dorky movie compatibility quiz, I won't be playing the game. If you want to contact me, there's a facility for sending messages and comments. If you can't get put enough words together to do that, then you're probably not one of my friends, anyway.
Facebook has outlived its usefulness.
Perhaps something like allvoices.com [allvoices.com] will be the next big thing because there, you have to do something - contribution to the data matters more than just being a consuming node for a data mine.
RS
Blacklists suck (Score:2)
I block every single one my friends add, mainly because blocking an application turns off the spam in the news feed from all the applications. It's common knowledge on Slashdot: blacklists suck.
I'm actually trying to use Facebook in the manner it was prescribed, but in order to protect some semblance of my infor
Allow this application to... (Score:3, Interesting)
Allow it to know my name. Allow it to 'know' the info I put into the application itself. Ie, what I type INTO the funwall. She didn't know that it meant 'access my PROFILE information'.
I think this should be clarified to: "know who I am and access all of my profile information."
Re: (Score:2)
Clarification is always good. No problem with that.
However, it seems to me that the easiest and best solution is to simply add a field to a user's account: "Treat Facebook Applications as a [Friend|User|Guest|whatever other access levels they might have]." In other words, to pretend there's some "Facebook Applications" account. If you "friend" apps, they can see all the information that your friends could see if they went to your page. If they're a guest, they get whatever a guest can see based on you
It wasn't like this when I first signed up (Score:2)
"Secretly"? (Score:3, Insightful)
I saw this the first time I went to add a Facebook app, and thought "hey, I don't want that, so I'm not going to add it."
Facebook is an advertising platform just like everyone else, so either I'm missing something (which, I'll admit is entirely possible--I recognize that I make mistakes all the time), or is there really a story here?
BTW, just read the terms of service for each application--if it doesn't say what they will do with your data, don't add the app. Then it isn't a whole lot different than putting the same data into any other web application. Also, being aware that this can happen, don't put data on your facebook profile you don't want the rest of the world seeing. It's not rocket science-just common sense.
Facebook Developer (Score:4, Insightful)
Here's the info I can see for any user that adds my app and clicks the box:
uid*, first_name, last_name, name*, pic_small, pic_big, pic_square, pic, affiliations, profile_update_time, timezone, religion, birthday, sex, hometown_location, meeting_sex, meeting_for, relationship_status, significant_other_id, political, current_location, activities, interests, is_app_user, music, tv, movies, books, quotes, about_me, hs_info, education_history, work_history, notes_count, wall_count, status, has_added_app
(More info on the already-linked http://developers.facebook.com/documentation.php?doc=fql [facebook.com] )
To me this seems like way, way too much. I haven't told our marketing people we can get all this.
Stupid Question (Score:2, Insightful)
Why is the application not treated as-if it were another user? From what I understand, there is a reasonable granularity of privacy settings for users. Let each app be a unique user, and you automatically get these benefits.
Or are the apps client-based, so that my Facebook on machine
"Do Facebook users deserve privacy?" (Score:2)
Deserve privacy? Probably, but these are same people who post pictures of themselves engaging in illegal/inappropriate activities (underage drinking, drug use, etc.), and then wonder why "the wrong people" got into their "personal" files.
What they truly deserve is "common sense" to know that posting things on the net (or on any computer/space outside YOUR control) means others could have access to that information, and to think and consider what t
Re: (Score:2)
In France, it's legal to drink when you're 6. If your parents say you can. At 16 it's legal to drink without their permission.
And 16 is drinking age in the UK too.
How do you know it's underage? When I was in the military, federal drinking age was 18, so while it might be 21 in the state I was in, I can drink on base at 18.
Re: (Score:2)
That's exactly why I DIDN'T use a specific number. You are underage if you were below whatever you're jurisdictions age was. If you weren't to young, then you wouldn't have a problem later, although the pictures of being completely shitfaced that employers might dig up, are usually a bad idea in most cases.
Re: (Score:2)
We all just kinda stood there... uhhh.... wtf? We had to get a 21 year old to BUY it why can we DRINK it?
Re: (Score:2)
Oh. Dang, when I was in the UK all the vending machines in the hotels said 16 - I seem to recall this was one of my high school's high points in London
The problem with facebook... (Score:2)
They want my real name.... (Score:2)
At that point I decided not to join this "revolution"....
Re: (Score:2)
So you're on facebook as George Bush?
Re: (Score:2)