Facebook Sharing Too Much Personal Data With Application Developers

An anonymous reader writes "Remember the Facebook News Feed privacy uproar? What about the Beacon scandal from late last year? Privacy activists are rallying around yet another major issue at Facebook, in which the company is secretly sharing user data with third parties. Researchers from the University of Virginia recently announced that in a study of the top 150 Facebook applications, more than 90% were given access to information that was not needed to function correctly. That Scrabble or Superpoke application you really like? Its developers get access to your religion, sexuality and home town. Facebook's position was summed up by Georgetown Law Professor Dan Solove, 'They seem to be going on the assumption that if someone uses Facebook, they really have no privacy concerns.' Do Facebook users deserve privacy? "

Don't supply it in the first place!

[garcia]

I work in Higher Education and we're just starting to get on the ball with recruiting via Social Networking (we're always years behind the curve -- I'm surprised we're this current actually) and just as with anything that you provide to a third party, you should really think about what that group needs to have from you in order for you to get what you need in return.

Higher Education is still generally based on paper marketing. Yes, we have a mass of information available on the web but it's not enough honestly and from some Noell-Levitz studies it has been found that the majority of students still want to be communicated by traditional mail marketing in addition to everything else. In fact, in the focus groups I have conducted on the topic, 89% of those that responded (pool of ~350) wanted no communication other than direct mail -- that was shocking to me, especially because they were traditional aged students (18 - 24). I have found that most students will give you their name and address (which is more than I normally will give anyone until I actually apply to the college) and not much else (no birthdate, prior education, and especially no phone number or e-mail address).

So, why are these people giving it to Facebook? Why would they trust that site more than an institution of higher education that is actually mandated by law to protect the privacy of those it deals with? I can't turn around and release any part of a student database to any third party unless its cleansed and has no identifiable information.

Personally, while Facebook is the "new big thing" in Higher Education, it's not worth it for our institution to spend all that much time recruiting by it. Our traditional data works just fine to increase enrollment through the traditional mail, phone and e-communication programs I have developed and redeveloped. That said, I really do believe that people should be very careful about what they put out on any social networking site. Contrary to the belief that there are no automated programs allowed to scour the site, they do and the data that comes back is some really interesting stuff to wade through.

So why is this news again...?

[NeoSkandranon]

Maybe I'm just that suspicious, but the first time I went to look at one of those "applications" on facebook, the first checkbox in a list of a half dozen you can select before you hit "go" was a riff on "Allow this application to access my personal info" ---I automatically assumed that meant ALL my info, and promptly cancelled whatever it was.

Did anyone ever really have the assumption that that information was needed to make the app function, and not just a way of tricking users into giving up demographic info to third parties?

Personally I'm not sure Facebook is in the wrong on this one. It's up in big letters that you're giving whatever application it is access to your personal info--and all those things are OPTIONAL to place in your profile. I don't know that it should their fault that users don't think it through and then become surprised/outraged when they find out what it really means.

It's an API

[mattwarden]

Dude, what is so hard here? It is an API. Do people typically customize an API for every user (as in application using the API) to limit the available calls only to what is needed? It is an interface. The data available in said interface is CLEARLY DOCUMENTED. Yes, technically Scrabble has access to the religion of its users. Yes, it could be storing this.

Seriously, what is confusing here? You have to agree when you add an application that it will be able to access your profile data. When you say 'yes, allow this', why would you be surprised that the application is then allowed to do what you just allowed?

http://developers.facebook.com/documentation.php?doc=fql