aTypical Joe: a gay New Yorker living in the rural South

Tuesday, February 05, 2008

Undergrad research: think twice before installing Facebook apps

More Facebook privacy concerns. The Chronicle:

Undergraduate researchers at the University of Virginia say that Facebook’s application platform, which allows anyone to create plug-ins that can be placed on personal pages of the popular social-networking service, sends far more personal information than is necessary to the plug-ins’ developers.

That means that an identity thief could develop an application to grab personal information using Facebook, says the study’s leader, Adrienne P. Felt, a senior majoring in computer science. [...]

To install an application to their profile, users must check a box that says: “Allow this application to know who I am and access my information.” The site further warns: “If you are not willing to grant access to your information, do not add this application.”

But Ms. Felt argues that many Facebook applications do not even need access to most of a user’s personal data to perform their functions (an application that lets users search a college library’s catalog, for instance, does not need to know a user’s birthday or who their friends are), and she is urging Facebook and other social-networking sites to fine-tune their settings to better guard user privacy.

In her study, Ms. Felt examined the 150 most popular third-party Facebook plug-ins to see whether they made use of private information on the users’ accounts.

“We found that 8.7 percent didn’t need any information; 82 percent used public data (name, network, list of friends); and only 9.3 percent needed private information (e.g., birthday),” Ms. Felt wrote on a Web site about the research.

In the aggregate it sure seems to me, Facebook protests not withstanding ("Obviously, privacy and security are a huge priority for Facebook,” indeed), they’re just plain sloppy about privacy and it’s not the priority it should be.

Congrats to the Virginia undergrads for a job well done.