Bits from Bill

Technology thoughts leaking from the brain of "Bill Pytlovany"

Saturday, December 05, 2009

Who Gets Your Personal Information on Facebook?


Are you one of the 350 million Facebook users? I’m a big fan of Facebook and like many I connect daily to see what my friends are doing and to share photos. As a security professional I am very careful about what I post and what information I allow to be shared. In that respect I’m unique. It surprises me how many of my friends will refuse to allow companies to share their information but eagerly give away their personal information to application developers on Facebook.

allowaccess

My friend Diana sent me some Christmas cheer. How could that be a bad thing right? Well, if I accept her cheer I’m sharing my personal information and all my friends with a company called Mob Science who has no physical address or privacy policy posted on their website.

Who are these application developers you’re giving your personal information too. One of the most popular developers is San Francisco based Zynga. They’re responsible for the games Farmville, YoVille, Mafia Wars, RollerCoaster Kingdom, Scrabble and dozens more. You’ll never be offered a chance to read Zynga’s privacy policy but the information is typical. They say only your name, address and gender are collected. As in most privacy policies they protect themselves with vague statements like “we don't generally collect any “Personally Identifying Informationabout our users”.

I’m not saying the folks at Zynga are evil or have bad intent but I doubt most users realize they’re providing information to this or other little known companies. Most people mistakenly believe it’s just all part of the Facebook experience.

It’s not just the games. When you take a quiz, or even donate to “Causes” you’re providing access your personal information. When you create or join a “Cause” you’re registering your personal information with Berkeley based Philotic Inc, started by Sean Parker, one of the brilliant co-founders of Napster.


If you’re a fan of Farm Town, you’ve registered with Florida based SlashKey. Popular game provider MindJolt.com is another one that doesn’t include any physical address or privacy policy on their website. The number two Facebook developer Playfish acknowledges “We collect the following personal data from you … : your date of birth, gender and your contact details including the country where you live and any phone number(s) or email address(es) that you provide.” In addition, “We may use a third party to serve advertisements on our site. Cookies may be associated with these advertisements … We do not have access to or control of cookies placed by third parties.

In the grand scheme of things the dangers from sharing your information with these companies may still be minor compared to other risks. I wanted to focus on 3rd party Facebook Applications because most people don’t understand why their Email Spam seems to know specific personal details.

Facebook Applications can access this info
Did you know when your friend allows an application, they give away all your information too?

When you sign up for Facebook all these boxes are checked as the default setting. That means if your friend allows an application, all the information you may have set to "Friends Only" is made available. Click Here to change your settings. (Update 12/9: Facebook has made some changes do don't be surprised if this page looks a little different)

Facebook has been slow to react to customer concerns but recently announced new privacy options. It’s still up to the individual user to check out their rights and options to protect themselves. If you’re a Facebook user please click here to read how you can update your privacy settings.

Updated 12/9
Facebook has updated their privacy options. Here's the replacement for the screen allowing you to restrict information shared by your friends.



Updated Facebook privacy



Facebook Simplifies Sharing your Personal Info

Labels: ,

Share on Facebook


14 Comments:

Anonymous Debra Dalgleish said...

Thanks Bill, I don't usually allow those applications, but changed my privacy settings, to remove all the default check marks.

7:33 PM  
Blogger Ermin T Rude said...

I allow some things and not others, I'm not bothered if I get targeted ads or even the odd spam email. I don't share tonnes of stuff online and there is a fair amount of disinformation in what I write too :)

Thank you again Bill for your time and effort, Vic

5:54 PM  
Blogger Unknown said...

Ditto

6:25 PM  
Blogger Unknown said...

Excellent & timely advice - answers why I have been getting unexpected emails. I don't use FaceBook regularily, but friend convinced me to open account to see his page & pictures. Had no idea the default values opened up my personal info so much to being passed along when he does something on his page. That issue has now been blocked thanks to your clear instructions & links.

7:22 PM  
Anonymous Jason said...

Very good information. One thing I have yet to figure out....when Facebook suggests people I may know as friends, some of these people are only in my Gmail address book. They may have been previous coworkers, or people I may have bought or sold something to or from. I don't EVER remember giving any application permission to pull my address book, but it looks like it has been somehow.

8:51 AM  
Anonymous Adam Cheney said...

Thank you Bill for this great article regarding the Facebook Apps. I have always denied them myself because I have read the upper part of the disclaimer. It looks like my friends don't.

I am also a Pro user of your WinPatrol 2010 which I have been introducing your software to all of my friends. It has been a great help in catching malware and viruses.

Thanks for everything.

3:24 PM  
Blogger Unknown said...

Same as Jason. I know for a fact that I have never let Facebook access my Windows Live address book yet strangely! it keeps suggesting people from my address book as friends - people I may have bought from once, distant contacts I may have spoken to once. These suggestions can only have come from my address book, without my password!!!!!

4:49 PM  
Anonymous Mike M. said...

You are the best thing on Facebook to learn about Facebook!
Thank you so much. I tried to foward the mail to my friends but Facebook doesn't seem to allow forwarding mail. I copied the letter and tried to paste it on a new email but it got stuck when I clicked send! And my Wall, Well there is a 420 letter max vs your 600+ letters! Well I broke it up to start a note on my Wall, then added the rest of the letter as "comments"! Presto! All my friends can now read it and go to your link.
Thanks again, Mike

10:01 AM  
Blogger Unknown said...

So, for those of us who didn't realize all of this and now the cat is out of the bag with some of these third party app developers, how can we get things back under control? Are there notifications that we can send to them to advise that our information must be kept private?

12:20 PM  
Anonymous Jason said...

Well, Bill, it seems that your blog must be read by people in high places, :), I just logged into Facebook and got this message:

"We're making some changes to give you more control of your information and help you stay connected. We've simplified the Privacy page and added the ability to set privacy on everything you share, from status updates to photos.

At the same time, we're helping everyone find and connect with each other by keeping some information—like your name and profile picture—publicly available.

The next step will guide you through choosing your privacy settings. You can learn more about how privacy works here."

This looks like a good start.

11:46 PM  
Anonymous Anonymous said...

Thanks so much for the info. I knew there had to be a way to protect my privacy but could not find it until this article. Thumbs up to you.................

10:35 AM  
Blogger Unknown said...

Thanks Bill. I'm new to Facebook and still trying to figure it out. Your article helped me to set limits on my personal information before I really understood how to do it myself.

10:15 PM  
Anonymous Carlton said...

I tried to copy the link from a friends page, but face-book blocked it saying some users had reported it as offensive. I guess it must have upset a few software houses.

6:56 PM  
Anonymous Peter H. said...

All this is one reason I have deactivated my one-day trial of Facebook even though my daughter posts photos from Japan.

My belief is those who say they don't care about privacy or it no longer exists anyway have forgotten things like the McCarthy era.

Those who say they have nothing to hide and only those who are doing something nefarious would worry are really naive. Think No Fly lists.

What about those who get fired for posting photos or comments they don't realise are being watched? Think Sexy Texts Get Jail Terms in Dubai. You may very well want to go to or pass through Dubai some day.

Facebook is really unnecessary and serves mostly to boost egos inflated by exhibitionism. E-mail still exists, Skype or real phone calls also as well has hard mail. They are unsecure enough if you are in trouble. Why expose yourself more and unknowingly?

10:31 PM  

Post a Comment

<< Home