4 Comments »The BBC is warning people of evil Facebook applications that steal users’ personal data. This really isn’t anything new though. When you install applications on your profile, you are giving away certain profile information to the application developer. The terms of use require developers to remove the majority of user information aside from their user ID and a few other ID numbers. All personally identifiable information is not supposed to be stored.
The BBC writes that “we have discovered a way to steal the personal details of you and all your Facebook friends without you knowing.” It’s standard scare tactics of traditional media. How did they steal the user’s information? Well they simply built an application and had someone install it. Yes, when you install an application, people have access to personally identifiable information but not your email and phone number.
The BBC quotes Paul Docherty, Technical Director of Portcullis Security, as saying “Morally, Facebook has acted naively.” I honestly think this is ludicrous. Don’t users know that they are providing application developers with their profile information when they install an application? Then again, I’ve programmed applications myself and know what developers are able to access. Perhaps the average user doesn’t know what they are getting into. Do you know what you are getting into when you install an app? Do you think the average user does?
Did they mention that when you install any piece of software on your PC it has the potential to track everything you do? Including gaining access to financial information…
No they decided to take an uneducated punt at Facebook because they have nothing better to write about.
Did they mention that when you install any piece of software on your PC it has the potential to track everything you do? Including gaining access to financial information…
No they decided to take an uneducated punt at Facebook because they have nothing better to write about.
@Craig: Uneducated punt? Downloaded software is not the same - here clicking a link on a friend’s profile can instantly give a rogue developer access to a wealth of information about you and your friends, without you or Facebook knowing the difference.
@Nick: I see nothing ludicrous here - they’ve raised a good point. And they’re not the first - I’ve mentioned the possibility of rogue applications on my blog. Yes, much information gathering is not “supposed” to happen, but how can Facebook enforce what happens off of their servers? (Hint: They can’t.) But I’m not the first either - Adrienne Felt at UV raised some of the same points as the BBC months ago, and offered an alternative setup
While you as a developer know what goes on, I would say that the vast majority of Facebook users don’t realize or haven’t thought about how much access an application has. Raising awareness is a good thing before we see rogue applications appear, and that’s exactly what the BBC is doing.
@Craig: Uneducated punt? Downloaded software is not the same - here clicking a link on a friend’s profile can instantly give a rogue developer access to a wealth of information about you and your friends, without you or Facebook knowing the difference.
@Nick: I see nothing ludicrous here - they’ve raised a good point. And they’re not the first - I’ve mentioned the possibility of rogue applications on my blog. Yes, much information gathering is not “supposed” to happen, but how can Facebook enforce what happens off of their servers? (Hint: They can’t.) But I’m not the first either - Adrienne Felt at UV raised some of the same points as the BBC months ago, and offered an alternative setup
While you as a developer know what goes on, I would say that the vast majority of Facebook users don’t realize or haven’t thought about how much access an application has. Raising awareness is a good thing before we see rogue applications appear, and that’s exactly what the BBC is doing.