Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Facebook Privacy Social Networks Software

Old Facebook Apps Still Plunder Your Privacy 101

tcd004 writes "If you added the YouTube Facebook app prior to 2009, you've given YouTube free access to nearly all the data in your profile (as well as many of your friends). But if you install the same app today, it gets very limited access. Older versions of Facebook apps, it turns out, still have 'grandfathered' access to data that the social networking service has restricted for new apps. If you're protective of your privacy, it might be a good idea to delete and reinstall any older apps in your profile."
This discussion has been archived. No new comments can be posted.

Old Facebook Apps Still Plunder Your Privacy

Comments Filter:
  • FTFY (Score:5, Insightful)

    by fuzzyfuzzyfungus ( 1223518 ) on Monday December 27, 2010 @03:07PM (#34678790) Journal
    "If you're protective of your privacy, it might be a good idea to delete your profile."

    Fixed that for you. No need to thank me.
    • Even if you do delete your own profile, your friends will eagerly put up enough data about you that it won't matter.

    • I did (Score:5, Interesting)

      by improfane ( 855034 ) * on Monday December 27, 2010 @03:12PM (#34678834) Journal

      I deleted my profile but not before changing me name and deleting lots of stuff.

      One thing you should know is that Facebook never deletes anything. Even if you tell it to. The new visibility is just 'appended' to the end of your account. Bit like a journal. TFA does not surprise me.

      So if they really wanted to rewind your profile, they could. I imagine the authorities have this privilege.

      Think how much time you'll save yourself from FB if you delete it now. I mean you could spend that time on Slashdot instead!

      • But like you said, it's undoubtedly journal-like under the hood, so changing and deleting won't achieve anything.
        • by mysidia ( 191772 )

          But like you said, it's undoubtedly journal-like under the hood, so changing and deleting won't achieve anything.

          Yeah.. it will... if you change it subtly enough over time, it will become increasingly difficult and eventually impossible to sort out the facts from the fantasy without lots of manual labor by humans.

          • But like you said, it's undoubtedly journal-like under the hood, so changing and deleting won't achieve anything.

            Yeah.. it will... if you change it subtly enough over time, it will become increasingly difficult and eventually impossible to sort out the facts from the fantasy without lots of manual labor by humans.

            In the mean-time, while you're spending time making the change subtle enough to be believed, you're letting actual data leak and confusing your friends/family. "mysidia, Grandma wants to know why you listed her as your ex-lover on Facebook. I've also noticed some unusual postings. Is everything okay?"

            • by mysidia ( 191772 )

              In the mean-time, while you're spending time making the change subtle enough to be believed, you're letting actual data leak and confusing your friends/family.

              If you linked your profile to friends/family members' profiles, then in a way, you have already lost the war.

              "Hm... I wonder what (user)'s mother's maiden name is? No problem.... search for user > Mutual Friends > Mother > Info > Relationship History > Marriage Date > Full Name History > Prior Full name

              Hey again... Mr Ba

              • by TheLink ( 130905 )
                Do you really have to use your actual mother's maiden name in dealings with a bank?

                In my experience, using strong passwords confuses them, so you'd still have to use a bunch of name-like words.

                Heck, use a male name, tell them "don't want to talk about it" I'm sure most will shut up and get on with it ;).
      • Comment removed based on user account deletion
        • I occasionally use it but I've never used my real name or anything that resembles it and I don't recall ever using for more than general crap rather than talking about myself so I'm not terribly bothered. If I want 'friend' someone I'll ask them for their account and likewise they can do the same.
        • Re:I did (Score:5, Interesting)

          by ConceptJunkie ( 24823 ) on Monday December 27, 2010 @05:18PM (#34679932) Homepage Journal

          It amazes me how so many people think that that is automatically bad.

          There's nothing in my profile that I wouldn't mind anyone seeing, and I've shared a fair amount of information.

          With regard to potential future employers... if they don't want me because of something I put on FB, then they are definitely not the kind of people I would want to work for.

          Anything I've posted on FB with respect to my interests, affiliations, friends, etc, is not something you couldn't find elsewhere with a little legwork or at worst hiring a PI for a few hours. I just don't see what the big deal is provided you show a little common sense in what you are making public, and more importantly, make it a point of not doing things you wouldn't want people to know about. Maybe I'm just old-fashioned that way.

          • We're at least two people with this view :p

          • I just don't see what the big deal is provided you show a little common sense in what you are making public, and more importantly, make it a point of not doing things you wouldn't want people to know about. Maybe I'm just old-fashioned that way.

            Or for those who do not let the court of public opinion limit their activity choices, you can show a little common sense about what you put on facebook at all, and therefore not worry about what your profile says about you because it doesn't tell any part of the story you'd like to keep to yourself.

            Trusting facebook's privacy settings is like trusting your government to serve your best interests without representation.

            • by tlhIngan ( 30335 )

              Trusting facebook's privacy settings is like trusting your government to serve your best interests without representation.

              More correctly, there are no privacy settings. Everything posted is best assumed to be "for everyone" even if the setting says "friends only". All it takes is one friend to re-post, re-twit, re-something that news and it'll explode, especially since you can't control their privacy settings.

              Especially big things - a death, a birth, a wedding, a divorce, a job offer, a job loss, etc. The n

          • There's nothing in my profile that I wouldn't mind anyone seeing, and I've shared a fair amount of information.

            If you're just thinking about the data in your profile at any given time, like a snapshot, you're missing the bigger picture.

            I just don't see what the big deal is provided you show a little common sense in what you are making public, and more importantly, make it a point of not doing things you wouldn't want people to know about.

            You're too smart of a guy to be using the "You don't have to worry if

            • I understand where you're coming from and don't deny you have a point, but I still don't have a problem with the whole situation.

              I guess there's a fine line between discretion and paranoia and I decided long ago that I could not live my life in fear of repercussions from reasonable actions. I know there's a certain level of risk in what I share about myself. First off, as both a Christian and a political conservative, I recognize that a not insignificant number of people will automatically view me as evil

              • First off, as both a Christian and a political conservative, I recognize that a not insignificant number of people will automatically view me as evil.

                My friend, I've lived long enough and seen enough of the world to understand that just because you are a conservative Christian does not mean that you are necessarily evil. Just that you bear watching. ;)

                "Conservative" and "Christian" are words that are very often misused, unfortunately, but I've seen enough of you around here to believe you have a good gras

          • I think the concern isn't so much that people "have things they want to hide" as they just don't want to be "pre-screened" from jobs, education opportunities, and/or political office because the "wrong" person sees the Facebook photo of them with their arm around a person of the "wrong" gender.

            Its not right, and its not fair, but that's life.

            I'm on FB to control my company's FB page. But I post nothing--and my pictures are all bland and inoffensive. None of them show me drinking a beer, making out with my g

        • by Anonymous Coward
          It amazes me that some people would prefer that we live under a rock for 30 years without communicating with a real human being, because that would be safer and it would surely be more likely that no personal information would be leaked that way.
      • Yeah, only on Slashdot can you decide who your friend is without their confirmation needed, my newest slashdot Friend.

      • by vlm ( 69642 )

        Think how much time you'll save yourself from FB if you delete it now. I mean you could spend that time on Slashdot instead!

        Farming trolls? Serverfarm-ville?

        • Serverfarm-ville?

          Oh crap you just told them how to make a geek farmville...they'd drag all geek-kind into their awful digital opium den with something like that...

    • People are terrified of doing that. Seriously, they are terrified of what might happen if they were to not be on Facebook anymore. You would think that Room 101 contains nothing but "delete your profile" buttons...
    • by mysidia ( 191772 )

      "If you're protective of your privacy, it might be a good idea to gradually replace all information in your profile with phony information." (Assuming you already made the mistake of creating a profile)

      There, fixed that for you.

  • Almost everything in my profile is either lies (born in 1900), or left intentionally blank (Favorite Hobbies: _______). I give as little information as possible to Facebook and its partners.

    • Re:Lies (Score:5, Insightful)

      by betterunixthanunix ( 980855 ) on Monday December 27, 2010 @03:19PM (#34678892)
      Do you browse your friends' profiles? Do you send Facebook messages to them? Do you use Facebook's real-time chat? Facebook records everything you do on the website -- just using Facebook means giving them information. It does not really matter if you lie about your age -- what matters is if you list your friends (not even accurately -- even if you have 1000 "friends," they will just take a look at the profiles you visit most frequently).

      Everything about Facebook is designed to extract information from you. The fact that you lied or left things blank on your profile has probably been detected, and used to construct the real profile about you: what sort of a person you are, what sort of advertisements you are most likely to pay attention to.
      • just using Facebook means giving them information.

        It's even worse than that. If you previously logged on/off on Facebook, and fail to clear your browser cache and cookies, then Facebook will track every other website you visit afterward that uses some scripts of theirs (such as the Like buttons). And unlike normal cookie tracking, they know exactly who you are from your profile data.

    • Incongruently, the junk from your profile is exactly what financial institutions, and other important accounts demand as security questions.
  • I recommend people keep multiple profiles:

    One profile is what they show to prospective employers that is sanitized and easy for people to see.

    One profile that is either under a nickname, or a slight misspelling of the normal name, and private. This is for friends only, and for the usual socializing. Make sure to use group permissions so you can friend someone, but they don't have to see all your postings unless you give them access.

    Neither of the above have platform apps turned on.

    Then, one profile, not c

    • by igreaterthanu ( 1942456 ) * on Monday December 27, 2010 @03:46PM (#34679100)

      Then, one profile, not connected in any to the above two, using a nickname or alias, and using a different E-mail address (preferably different domain), perhaps in a separate Web browser and sandbox. This profile is for fertilizing your donkey in Farmville and playing all the FB games

      No, no, no, no, NO!

      You must play Farmville on the account with all your friends who play Farmville, otherwise you won't do very well at all and they won't be able to know how awesome at Farmville you are and how committed you are that you set multiple alarms at night to go and "[fertilize] your donkey". That is the whole point of these games, if it wasn't for that you may as well be playing something like Crysis. Do you know anything about Farmville?

      • >>>playing something like Crysis

        I prefer Yoshi's Happy Technicolor Dreamland of Psychedelic Colors (2D platformer). But yeah you're right, Farmland's a waste. As pointless as that Cow Clicker app

      • by fishexe ( 168879 )

        ...This profile is for fertilizing your donkey in Farmville and playing all the FB games

        No, no, no, no, NO!

        You must play Farmville on the account with all your friends who play Farmville...Do you know anything about Farmville?

        Clearly not, he thinks "fertilizing your donkey" is part of the game.

    • by vux984 ( 928602 ) on Monday December 27, 2010 @03:54PM (#34679154)

      In other words, you recommend that people directly violate facebooks terms of service:

      Section 4:

      # You will not provide any false personal information on Facebook, or create an account for anyone other than yourself without permission.
      # You will not create more than one personal profile. ...
      # You will keep your contact information accurate and up-to-date. ....

      Oh, and by recommending people create multiple profiles with false information you are also in violation of Facebook's terms of service yourself:

      Section 3:
      # You will not facilitate or encourage any violations of this Statement.

      This is one of MANY reasons I recommend people not use facebook. I don't think their ToS are at all reasonable. If you have to blatantly violate them to make the site palatable, then don't use the site. Doing what you advocate just rewards them for being assholes, and if you ever have any sort of dispute with them they have you over a barrel because you are blatantly violating their ToS.

      • You must be one of the two people in the world who read that.

      • I guess we know where you work. Thanks for adding that to your profile.
      • by yuhong ( 1378501 )

        I think using real information is pretty reasonable. I don't put much on Facebook (I don't even visit it often), but I do follow these terms for what I do put.

      • by yuhong ( 1378501 )

        Not to mention that even if what the OP suggests was allowed, I would consider it as a workaround only, as it is not really authentic.

    • fertilizing your donkey

      I can definitely understand why you’d want to use a fake profile for that sort of thing.

  • Just don't put anything up there that you don't want somebody else's lawyer holding up in court.

    Also, if you're worried about FB apps getting access to your schitt don't use them, any of them.

    • Are FB apps just an external web page in an internal frame? If they are, surely they're vulnerable to the same attacks as any webapp.

      My point being I certainly would not cry if a vigilante blackhat dropped some databases...

      • Are FB apps just an external web page in an internal frame? If they are, surely they're vulnerable to the same attacks as any webapp.

        My point being I certainly would not cry if a vigilante blackhat dropped some databases...

        Meh, so that happens, not a big deal either.

        But I'm certainly not putting my email password into that, or any other social networking site.

  • I have 'grandfathered' oblivion. I don't exist. I don't have a Facebook account. Zapped future. Amen Ho Tep.

  • I guess the standard internet rules still apply. Once you put something on the internet, it's out there forever. The big problem with Facebook is that now that info is likely linked to your real name which makes it easier for script kiddie level "hackers" to make trouble for you. With that in mind, I think the best advice is to make sure that there's a lot more good stuff that comes up about you than bad! Facebook is too pervasive right now to just ignore, so you just have to engage in more aggressive infor
  • Who, other than bored housewives and tweens, use facebook apps anyway?
    • Who, other than bored housewives and tweens, use facebook apps anyway?

      The /.ers that use Facebook to get sex with bored housewives and the AC pedos going after the tweens.

  • On the other hand... (Score:5, Interesting)

    by pedantic bore ( 740196 ) on Monday December 27, 2010 @04:03PM (#34679226)

    While "delete your apps periodically and re-add them as needed" is probably very good advice most of the time, are there any cases where apps are getting worse with respect to privacy, and so having a newer version of an app is worse than having the older version?

    It seems likely that someone out there, having gotten a whiff of the money that might be made, is actually getting worse about this...

    • While "delete your apps periodically and re-add them as needed" is probably very good advice most of the time, are there any cases where apps are getting worse with respect to privacy, and so having a newer version of an app is worse than having the older version?

      In a way.

      Lately I've been bombarded with more Zynga game requests; some *Ville thing, I don't remember exactly.

      If you want to install their game, Facebook presents you with a list of many items that the game requires access to. One of the prerequisites is even your email address. Several months ago, they couldn't get that.

      • Yep. And the Zynga apps have gotten even worse now. To do many of the new in game functions you have to give them even more rights, including the right to automatically stream all of your posts and info. At that point you can't even choose not to share your donkey activities.
  • by roc97007 ( 608802 ) on Monday December 27, 2010 @04:55PM (#34679686) Journal

    I always felt that using third party apps in Facebook was a little like playing flash games on random websites -- you're giving alien code full access to whatever information you have on Facebook, and may even be opening attack vectors on your local computer.

    The friends and family in my close circle range from promoting social networks for a living, to distrusting them entirely and refusing to participate even under an assumed name. I'm somewhere in the middle -- I have a small circle of friends whom I actually know, I have security locked down appropriately with periodic reviews, and I never play the games or use any of the apps. No interest in virtual organized crime, virtual farms, virtual restaurants, or today's fortune, and I don't care that someone has answered a question about me that I need to click to unlock. And I have absolutely no interest in revealing my Netflix queue to my mom. Like any tool, you can use it properly or poke your eye out, your choice.

    For the facebook user swamped with lonely little cows and pillow fights in their news feed, do this: Mouse over the little "x" in the upper corner of the item. Observe a popup allowing you to "block user-name" or "block application-name". Choose the latter, and that particular app will never be seen again. Do this consistently for a week or so and you find that your news feed has been reduced from a firehose of banality to a trickle of genuine social interaction. In the rare cases where your nephew finds new crap to plaster on your wall faster than you can update your blacklist, you can always "block user-name" and ban him from your news feed. He'll never know.

    Stop using Facebook? It's a little like saying "Why don't you avoid the spam and 419 scams and viruses -- just stop using email!" If you said that in 1995 you might get a few people nodding their heads. In 2010 it's a ridiculous statement.

    • Indeed using fb apps is an invitation to ownage, but AFAIK it hasn't (yet?) happened through a mainstream app, just through little bullshit apps of the type prone to be taken over and abused.

    • Like any tool, you can use it properly or poke your eye out, your choice.

      So you're saying after two failures, we can do anything?

  • One or the other (Score:3, Insightful)

    by rudy_wayne ( 414635 ) on Monday December 27, 2010 @05:08PM (#34679818)

    Facebook and privacy are mutually exclusive. You can have one or the other but not both. Personally, I think all the worry about "privacy" is extremely exaggerated and overblown. What are they going to do? Show me targeted ads? That's what AdBlock is for.

    Unless you're actually stupid enough to put all sorts of personal info on Facebook, like your real name, address, etc. In that case you're a moron who deserves to be ass-raped by every script kiddie hacker wannabe.. The bottom line is very simple. If you really care about privacy, you don't have a Facebook account in the first place.

    • by yuhong ( 1378501 )

      Unless you're actually stupid enough to put all sorts of personal info on Facebook, like your real name, address, etc.

      Wouldn't use these as examples.

  • by Tom ( 822 )

    If you're protective of your privacy,

    ...then what the hell are you doing on Facebook???

  • Sorry could not resist. Sue me! Look if you need to join a social networking site, you need a "Reality Check". Buy your own domain name and get hosted or host yourself if you know apache. It is not that hard. Start you own blog etc and people will find you. Not fake "E" friends, then you might make some true friends.

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...