Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook Sharing Too Much Personal Data With Application Developers

Posted by Zonk on from the keep-a-lid-on-it dept.

An anonymous reader writes "Remember the Facebook News Feed privacy uproar? What about the Beacon scandal from late last year? Privacy activists are rallying around yet another major issue at Facebook, in which the company is secretly sharing user data with third parties. Researchers from the University of Virginia recently announced that in a study of the top 150 Facebook applications, more than 90% were given access to information that was not needed to function correctly. That Scrabble or Superpoke application you really like? Its developers get access to your religion, sexuality and home town. Facebook's position was summed up by Georgetown Law Professor Dan Solove, 'They seem to be going on the assumption that if someone uses Facebook, they really have no privacy concerns.' Do Facebook users deserve privacy? "

17 of 165 comments (clear)

  1. Net by Rinisari · · Score: 4, Insightful

    If you post it on the 'net, it's public information, no matter how secure or private the application is. One must treat his or her information on social networks this way, no exceptions.

    --
    Colin Dean Go a year without DRM
    1. Re:Net by CastrTroy · · Score: 4, Insightful

      Exactly. Just look at what happened with the "private" myspace pictures. If you don't want the information getting out, don't post it on the internet.

      --

      Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
    2. Re:Net by heinzkunz · · Score: 4, Insightful

      I use online banking, and I damn well expect my account to not be publicly available. Why can't I expect a social networking site to respect my privacy the same way my bank does?

      I agree with you that information posted to social networks can't be considered private, but that's because they are broken, and their users have the right to complain about it.

    3. Re:Net by Otter+Escaping+North · · Score: 4, Informative

      No they don't. You get a 'your friend has added X, JOIN NOW' and THEN you can decide if you want to join an application you can check the box "share my data with application X"

      Yes. They do.

      Read the article, and if you're on Facebook, go to "privacy" -> "Applications" -> "Other Applications" and read what it says under "What Other Users Can See via the Facebook Platform" very, very carefully.

      --
      Running Windows^H^H^H^H^H^H^H OSX and Linux in the home. (I don't have time for Solitaire any more.)
    4. Re:Net by IamTheRealMike · · Score: 4, Insightful

      Well that's what I thought. But it appears that's actually not the case. If you RTFA and click through, you find a page that explicitly says that friends applications can view my data. Which presumably they can then do more or less anything with, seeing as how keeping that data is only "enforced" by the terms of service. The defaults are set such that my friends apps, any by implication anybody who can code, can view everything except my sexual preferences, basically.

      That's pretty surprising, and I'm glad Ms Felt has called this out. It means that anybody who writes a moderately successful app can build a giant database of things that I never intended to be in any database other than Facebooks. Part of the reason Facebook has been successful is that it does actually have privacy controls, and people feel they can share their data with only their friends (and facebook inc, of course, but that's only one company). The fact that it's not true is a pretty gaping oversight.

      What I find especially funny is the big bold sign at the top saying "Facebook does not sell your personal data". No, they give it away for free instead. Great.

  2. The assumption is that we tell Facebook the truth by WillAffleckUW · · Score: 4, Funny

    Do you really think I'm a Pastafarian?

    Now, true, half my friends post pics of their drunken parties (yo! Aislinn and Katelyn! love the pics!), but so far I'm not in any of the pics, and I happen to know some of my friends are not the people they say they are ...

    Nobody trusts the man, man. We all realize you're all pervs.

    --
    -- Tigger warning: This post may contain tiggers! --
  3. Wow by sjbe · · Score: 4, Interesting

    I haven't seen a company this determined to shoot themselves in the foot with bad policy since Real Networks. You'd think they would think Facebook might have realized at least some people actually do care about balancing utility with privacy.

  4. Don't supply it in the first place! by garcia · · Score: 5, Interesting

    I work in Higher Education and we're just starting to get on the ball with recruiting via Social Networking (we're always years behind the curve -- I'm surprised we're this current actually) and just as with anything that you provide to a third party, you should really think about what that group needs to have from you in order for you to get what you need in return.

    Higher Education is still generally based on paper marketing. Yes, we have a mass of information available on the web but it's not enough honestly and from some Noell-Levitz studies it has been found that the majority of students still want to be communicated by traditional mail marketing in addition to everything else. In fact, in the focus groups I have conducted on the topic, 89% of those that responded (pool of ~350) wanted no communication other than direct mail -- that was shocking to me, especially because they were traditional aged students (18 - 24). I have found that most students will give you their name and address (which is more than I normally will give anyone until I actually apply to the college) and not much else (no birthdate, prior education, and especially no phone number or e-mail address).

    So, why are these people giving it to Facebook? Why would they trust that site more than an institution of higher education that is actually mandated by law to protect the privacy of those it deals with? I can't turn around and release any part of a student database to any third party unless its cleansed and has no identifiable information.

    Personally, while Facebook is the "new big thing" in Higher Education, it's not worth it for our institution to spend all that much time recruiting by it. Our traditional data works just fine to increase enrollment through the traditional mail, phone and e-communication programs I have developed and redeveloped. That said, I really do believe that people should be very careful about what they put out on any social networking site. Contrary to the belief that there are no automated programs allowed to scour the site, they do and the data that comes back is some really interesting stuff to wade through.

  5. Automaticly install applications? by zbend · · Score: 4, Insightful

    Wait, last time I checked Facebook doesn't automaticly install apps you have to do it and confirm you are allowing this app to acccess some of your information. They don't give third parties your info, you do.

    1. Re:Automaticly install applications? by Mitreya · · Score: 4, Informative
      Wait, last time I checked Facebook doesn't automaticly install apps you have to do it and confirm you are allowing this app to acccess some of your information. They don't give third parties your info, you do.

      RTFA (and I quote:)

      To restate things--if you set your profile to private, and one of your friends adds an application, most of your profile information that is visible to your friend is also available to the application developer--even if you yourself have not installed the application.

      It seems that they do give my info to third parties - third parties being all the stupid applications that my friends installed. I keep very minimal info on my facebook account and don't install any apps because they require full access to my profile, but I still went and turned this sharing off just now. WTF, why did I just learn that every application that any of the 60 of my networked friends has installed could have been happily roaming through my account without my knowledge?

  6. Deserve or expect privacy? by gravyface · · Score: 4, Insightful

    Deserve? Yes, everyone deserves the right to keep their personal lives private. Should they expect privacy? Not likely. There's no free lunch in life, online or offline: why would Facebook spend many millions of dollars maintaining a social network without milking every last bit of profit out of their user base? They're going to do whatever they can get away with, period. I don't know why people find this so hard to grasp: it's like when I try to explain to people that those "free emoticons" they so fondly install are filling up somebody's offshore server with their personal information and filling their monitor with pop-up advertisements.

    --
    body massage!
  7. So why is this news again...? by NeoSkandranon · · Score: 5, Insightful

    Maybe I'm just that suspicious, but the first time I went to look at one of those "applications" on facebook, the first checkbox in a list of a half dozen you can select before you hit "go" was a riff on "Allow this application to access my personal info" ---I automatically assumed that meant ALL my info, and promptly cancelled whatever it was.

    Did anyone ever really have the assumption that that information was needed to make the app function, and not just a way of tricking users into giving up demographic info to third parties?

    Personally I'm not sure Facebook is in the wrong on this one. It's up in big letters that you're giving whatever application it is access to your personal info--and all those things are OPTIONAL to place in your profile. I don't know that it should their fault that users don't think it through and then become surprised/outraged when they find out what it really means.

    --
    If you can't see the value in jet powered ants you should turn in your nerd card. - Dunbal (464142)
  8. It's an API by mattwarden · · Score: 5, Insightful

    Dude, what is so hard here? It is an API. Do people typically customize an API for every user (as in application using the API) to limit the available calls only to what is needed? It is an interface. The data available in said interface is CLEARLY DOCUMENTED. Yes, technically Scrabble has access to the religion of its users. Yes, it could be storing this.

    Seriously, what is confusing here? You have to agree when you add an application that it will be able to access your profile data. When you say 'yes, allow this', why would you be surprised that the application is then allowed to do what you just allowed?

    http://developers.facebook.com/documentation.php?doc=fql

  9. Re:Information sharing is optional by phantomcircuit · · Score: 4, Informative

    Yeah and if you un-check that box ZERO of the applications will work.

  10. Re:Translated Quote... by kebes · · Score: 4, Informative

    You are clearly asked if this is okay when you install the application, so facebook is not doing anything unethical. It's all above the board... It's mostly above board. The part that isn't is that even if you don't install any Facebook applications, if one of your friends (who can see your private profile) decides to install an application, that app now has access to your profile. As TFA explains:

    Many Facebook users set their profiles to private, which stops anyone but their friends from seeing their profile details. This is a great privacy feature that can protect users from cyberstalkers and is completely gutted by the application system. To restate things--if you set your profile to private, and one of your friends adds an application, most of your profile information that is visible to your friend is also available to the application developer--even if you yourself have not installed the application.
    (Emphasis in original.)

    You can disable this loophole in Facebook's settings (go to Privacy > Applications > Other Applications and set it to "do not share"), but it isn't made very clear that by default your private details are nevertheless accessible to third-party apps through your friends list. Facebook should make this much more explicit (or perhaps have this setting default to "do not share" for anyone who sets their main profile to private?).
  11. Facebook Developer by justfred · · Score: 4, Insightful

    I'm a newbie Facebook app developer.

    Here's the info I can see for any user that adds my app and clicks the box:

              uid*, first_name, last_name, name*, pic_small, pic_big, pic_square, pic, affiliations, profile_update_time, timezone, religion, birthday, sex, hometown_location, meeting_sex, meeting_for, relationship_status, significant_other_id, political, current_location, activities, interests, is_app_user, music, tv, movies, books, quotes, about_me, hs_info, education_history, work_history, notes_count, wall_count, status, has_added_app

    (More info on the already-linked http://developers.facebook.com/documentation.php?doc=fql )

    To me this seems like way, way too much. I haven't told our marketing people we can get all this.

  12. So basically by WormholeFiend · · Score: 4, Interesting

    the title of this post should read "People are sharing too much personal data with Facebook"...