Order of the Bath

I trust that those of you who have signed up for Facebook (and other similar) accounts have looked carefully at all the options and have decided who should be able to see what aspects of your profile. I also hope that you only accept as friends people that you really know in the “real world,” because “friend” status gives them greater access to your profile and access to your other friends. This can be misused to create a false web of trust.

Yet I see a surprising number of dubious applications, polls and quizzes come up on my wall. When you first connect to one of these, whether as an active initiator or in a response to a friend’s invitation you are presented with an acceptance screen headed “Allow Access?” and it clearly says

Allowing <whatever application> access will let it access your Profile information, photos, your friends’ info and other content that it requires to work.

Read it again until it sinks in—not only are you giving the application access to your profile which you have carefully edited but also access to those of your friends who may not have been so careful. Think of it as handing over your address book, birthday book and diary. You can see this happening when you are in some applications; the profile photos of your friends pop up suggesting that you invite them to join in.

The Facebook terms of service, which the application writers are supposed to adhere to, is quite clear that this information can only be used for the purposes it was given (like the example above) but do you suppose that they all stick to this. A recent study at the University of Cambridge (sorry, article rather technical) reveals that quite often the information is passed on to advertisers and from there, who knows where it goes. It becomes quite easy for a third party to collect a dossier of inter-relationships and enough personal information to, for instance, crack commonly used passwords.

So now you know why I haven’t responded to many of these invitations—so far only two that I trust and one daft one before I realised what the implications were.

And how much do you trust Facebook itself. If you use it at all then you have to, and in most cases this should be ok. There would be a terrific scandal if it was found to be deliberately misusing its customers information. Yet there are some strange things going on. Early on I took advantage of the offer to scan my email address book for possible friends. I did this very carefully and selected only those that I wanted to invite for follow up. Yet I am still, some months later, being invited to add some of the others as friends; it still knows that I am acquainted with them even though I didn’t initially add them to my friends list. It is in my dossier somewhere!

This entry was posted on 11 Jun 2009 at 08:59 by Rick and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.