Sunday, January 25, 2009
Facebook trusts your friends to decide on your privacy
I've long suspected it was the case that Facebook applications were basically a backdoor to gather up info on you and your friends. I still almost choked on my iced coffee today when I saw, as I poked through Facebook's privacy settings, the following list:- Profile picture
- Basic info
- Personal info (activities, interests, etc.)
- Current location (what city I'm in)
- Education history
- Work history
- Profile status
- Wall
- Notes
- Groups I belong to
- Events I'm invited to
- Photos taken by me
- Photos taken of me
- Relationship status
- Online presence
Oh, but it's not for applications you add. It's for applications that your friends add. So when that girl you knew from high school who is addicted to celebrity-alike quizzes adds that app to her ever-growing profile, the impact to you isn't limited to getting the weekly spams begging you to take the test as well. The way Facebook words it:
When a friend of yours allows an application to access their information, that application may also access any information about you that your friend can already see.And, perhaps even more creepily:
Please note that this is only for applications you do not use yourself.You can flip this crap off in Privacy > Applications > Settings.
My plan to include as little info as possible is looking pretty smart.
posted by zigg 4:00 PM
6 Comments:
OH GOD
NOT YOUR PRIVACY
But no seriously, I do not think you understand what this actually means. I see no explicit wording here that implies that applications move your data off facebook in any fashion. All it does is allow an application, installed on a friend's page, to access the information they can already see. So what, exactly, is the problem here? Your friend can go to your profile and see your picture. But OH GOD, an application on her page can also display your picture! As far as I can tell, that is the beginning and the end of what is going on here. Application privacy settings control whether or not a friend can reorganize your info, that they can already see, on their page.
Also: "All applications must respect existing privacy settings. For example, if an application creates a slideshow of your photo albums, and a certain album is set to "Only My Friends", it may only display that slideshow to your friends."
No one is getting access to anything you didn't already give them access to. This whole post of yours is FUD.
Cory is a privacy nudist, confirmed.
In reply to your second comment, Mister Rapid Fire Comment Person:
It is my understanding that Facebook applications do not run on Facebook's servers; they are hosted elsewhere. (A cursory googling confirms this.) The application author would have carte blanche access to the information in question. It would pass through their servers.
Of course, as you point out, they are then bound by Facebook's agreements (at least, I hope so) to respect your other privacy settings. I don't trust Facebook's agreements to be written with my interests in mind, though. They've already demonstrated a willingness to spread personal info around with Beacon; I'd not be surprised to find out that the agreements are simply "don't show these publicly" and say nothing about collecting the data for use in some less visible fashion.
Call it FUD all you like, but I for one am certainly not comfortable with this stuff just being spread to whoever is running the latest fad in evaluating the level of piracy or ninjitude exhibited by one's chums.
And I mean, if there wasn't an issue, why would there be an option to tick it off in the first place?
But if it's already public info who cares? These apps can't access your private photo albums or Notes, as far as I can tell. If it's all public info, and it's being passed to other parts of facebook, what is the problem? Info on the internet is everywhere. I would bet facebook doesn't just have one server farm.
Jeffrey
January 26, 2009 6:48 PM
Just judging from a few random profiles I'm looking at right now, it's not just public info. I'd also add that congregating even public info into one place provides a new dimension to said info: the ability to mine that data and draw previously-unlinked streams together to create a more encompassing profile of any given individual.
As to what: Application authors can access all the information I listed above, by default. Notes and photos are fair game, though I imagine they're not as interesting as more minable data might be.
As far as "who cares"? I care. Other people care. The issue at hand is that by default, Facebook leaves the decision of how private you want to keep your data in the hands of other people who aren't even aware of what they're doing. Whether one person is a privacy nudist or not does not mean that another does not have the right to ask that his information be treated sensitively.
I've been pointed to some followup information on this, namely Facebook's policies, some studies done on what information is exposed to applications, and stories posted when this was news almost a year ago. I'll be making another post on this when I have some time.
Further comments are disabled indefinitely. Here's why.
