Facebook Sharing Too Much Personal Data With Application Developers

An anonymous reader writes "Remember the Facebook News Feed privacy uproar? What about the Beacon scandal from late last year? Privacy activists are rallying around yet another major issue at Facebook, in which the company is secretly sharing user data with third parties. Researchers from the University of Virginia recently announced that in a study of the top 150 Facebook applications, more than 90% were given access to information that was not needed to function correctly. That Scrabble or Superpoke application you really like? Its developers get access to your religion, sexuality and home town. Facebook's position was summed up by Georgetown Law Professor Dan Solove, 'They seem to be going on the assumption that if someone uses Facebook, they really have no privacy concerns.' Do Facebook users deserve privacy? "

Re:Information sharing is optional

[phantomcircuit]

Yeah and if you un-check that box ZERO of the applications will work.

Re:Translated Quote...

[kebes]

You are clearly asked if this is okay when you install the application, so facebook is not doing anything unethical. It's all above the board... It's mostly above board. The part that isn't is that even if you don't install any Facebook applications, if one of your friends (who can see your private profile) decides to install an application, that app now has access to your profile. As TFA explains:

Many Facebook users set their profiles to private, which stops anyone but their friends from seeing their profile details. This is a great privacy feature that can protect users from cyberstalkers and is completely gutted by the application system. To restate things--if you set your profile to private, and one of your friends adds an application, most of your profile information that is visible to your friend is also available to the application developer--even if you yourself have not installed the application.

(Emphasis in original.)

You can disable this loophole in Facebook's settings (go to Privacy > Applications > Other Applications and set it to "do not share"), but it isn't made very clear that by default your private details are nevertheless accessible to third-party apps through your friends list. Facebook should make this much more explicit (or perhaps have this setting default to "do not share" for anyone who sets their main profile to private?).

Re:Net

[Otter+Escaping+North]

No they don't. You get a 'your friend has added X, JOIN NOW' and THEN you can decide if you want to join an application you can check the box "share my data with application X"

Yes. They do.

Read the article, and if you're on Facebook, go to "privacy" -> "Applications" -> "Other Applications" and read what it says under "What Other Users Can See via the Facebook Platform" very, very carefully.

Re:Automaticly install applications?

[Mitreya]

Wait, last time I checked Facebook doesn't automaticly install apps you have to do it and confirm you are allowing this app to acccess some of your information. They don't give third parties your info, you do.

RTFA (and I quote:)

To restate things--if you set your profile to private, and one of your friends adds an application, most of your profile information that is visible to your friend is also available to the application developer--even if you yourself have not installed the application.

It seems that they do give my info to third parties - third parties being all the stupid applications that my friends installed. I keep very minimal info on my facebook account and don't install any apps because they require full access to my profile, but I still went and turned this sharing off just now. WTF, why did I just learn that every application that any of the 60 of my networked friends has installed could have been happily roaming through my account without my knowledge?