Thursday, June 18

Facebook apps and the Myth of Privacy

Do you have a Facebook page? I do. So does everyone I'm related to or personally acquainted with, or so it seems at least.

I really like Facebook. It connects me with my friends in a nice way. At least for family and friends who use it, I feel as though I know what's going on with them and I'm sure they feel the same way about me. I like snapping pictures from my mobile phone and posting them directly to Facebook. It lets me share experiences with friends in near real-time.

But I also don't want my personal information spread throughout the known universe. I don't need people I've never met knowing my cell phone number, email address, street address, and so on. Those are all things I've posted in my profile, because I don't mind my FRIENDS having access to them, and I am careful to change privacy settings on just about everything from the default of "Everyone" to the setting of "Only friends."

Facebook also has applications that run through its service, and these apps are just insanely popular. Some of the apps are internal Facebook programs. Events, groups, mobile, etc. Even photos is an app. Then you have the third party apps. Games, quizzes, and just about everything else you see your friends using. And while I think it's wonderful that one of my friends just set a record high score in Squeeze The Lizard, is it REALLY a newsworthy item?

Let me get to the point. When you use an application, part of the deal is you trust that application with TOTAL ACCESS to your profile. That means everything. Every contact detail, every photograph. EVERYTHING. It doesn't matter how you've configured your privacy settings. So if you're someone like me, who doesn't particularly want strangers tromping about in their personal information, even though I like sharing that same information with friends, you tend to avoid these third party apps and just stick to the Facebook basics. Because those third party apps, although they are supposed to only retain your information for 24 hours, are free to do whatever they like with it during that time. Even, say, sell your contact information to telemarketers?

What's worse, the third party apps that your FRIENDS USE can access the same information in your profile that your friends themselves can access. This means that when your friend Weird Al decides to play Nuclear Penguin Attack, that third party app can dig into YOUR profile, get your cell phone number, and sell that to some telemarketer who wants to call you in an attempt to sell used car warranties. Furthermore, it can be argued that this tenuous link constitutes a business relationship, so the Do Not Call rules for telemarketers wouldn't apply. Your friend trusts this third party app, whose author has a relationship with the telemarketer, and they've given permission to that author allowing complete access to their profile. You trust your friend, giving them similar access. This circle of trust leads to your personal information being available to ... well, just about everyone.

You might be thinking "Oh that's silly! Facebook would never do that!" Maybe you're right, Facebook wouldn't. But! I am not talking about the apps that Facebook has created. I'm talking about third party apps. Third party, in this case, meaning anyone. That's right, anyone is free to develop and promote a Facebook app. They're not connected with, or controlled by Facebook. I am absolutely certain that the vast majority of these developers are excellent people who never do anything improper with the information they have access to in your profile. What I am not sure of is how to tell which few are NOT good people. Can you tell? No, I didn't think you could.

So what can you do? There's actually a fairly simple solution. First, don't run any third party apps yourself. If you do, then at least understand that you're giving them access to EVERYTHING you've posted on Facebook, with NO RESTRICTION on what they are allowed to do with it.

Next, to control what the third party apps your FRIENDS choose to run can access about you, pull down the Settings menu on the main Facebook page and choose Privacy Settings. Under Privacy Settings, click the link for Applications. When the Applications Privacy page appears, you'll be looking at the Overview tab. Take a moment to read the scary text explaining how Facebook apps are given permission to move in to your basement and drink all your beer, then click on the Settings tab. Look at the list of things your friends' apps can see about you. You cannot stop these apps from seeing your name, what networks you belong to, and the names of all your friends. But you can clear all the check boxes for other items, including things such as cell phone numbers and email addresses.

I highly recommend you do just that.

Facebook is a wonderful thing and I don't intend to stop using it. However, it's just not clear to most people how much information these third party apps can access, and it's REALLY not clear that third party apps USED BY THEIR FRIENDS can access this information in the profiles of everyone in their entire network of friends. That's a lot of assumed privilege, there.

Facebook gives you controls to limit this, but the default is the same as it is with everything in Facebook. Access is granted to everyone on Planet Earth. So, get control of it and use your Privacy settings!

Oh, and add me to your friends list while you're at it.

No comments: