Search This Blog

Tuesday, June 17, 2008


Facebook has been dogged by privacy issues in the past, but the latest could be the one that eventually convinces its users that they are potentially submitting their personal information to anyone in the world who cares to read about it. That is…unless they apply the controls provided by the website that limits where their sensitive data goes. Unfortunately, most Facebook users are in such a hurry to make contact with their friends that security is the last thing on their minds.

Adrienne Felt of the University of Virginia looked at a feature provided by Facebook which allows outside developers to create small programs called applications for its members for things like playing poker, getting daily horoscopes, and sending each other virtual fantasies. According to The Washington Post, since Facebook started this a year ago, “about 24,000 applications have been built by 400,000 developers.” David Dixon, an information technology consultant, recently deleted all his applications after hearing that these developers might have access to his private information.

Felt says that once developers have your personal data, Facebook can’t do anything about it. She also found that 90 out of 150 of Facebook’s most popular applications (that’s 60 percent) have unnecessary access to personal data. One applications provider thinks “leveraging that data would make a lot of sense.” He does add that no plans “are in the works” to do that. That’s the same thing junk mailers said years ago when they began collecting consumer sensitive data.

And then our friends to the north in Canada have made their concerns known when the Canadian Internet Policy and Public Interest Clinic (CIPPIC) filed a complaint in May 2008 asking the country’s Privacy Commissioner to review what CIPPIC felt were “various violations of Canadian privacy law,” by Facebook. reports that Facebook’s policies and practices were analyzed by a “team of law students” resulting in the discovery of these violations of the Canadian Personal Information Protection and Electronics Document Act (PIPEDA). Although some of the issues are somewhat picky, like making it hard to delete some things, others are substantive, like a user’s inability to cancel their account and all the data with it.

Other violations by Facebook include asking for the member’s date of birth for no obvious reason, which, along with the person’s name and address, is one of the key ingredients for identity theft. CIPPIC says that Facebook fails to get the “express consent” of users to share their personal information by making all information partially public by default, requiring the member to change privacy settings later.

But the granddaddy of complaints is over Beacon, a system that allows partner sites like Blockbuster, Fandango and forty others to share users’ “off-Facebook” activities with the website. Initially you had no choice, but after an outcry, the company changed a number of privacy settings to prevent publishing by default.

Technology is exploding, and it is the younger set (under age 29) that both understands best and makes the most use of cyber space. They also account for over 25 percent of Internet fraud complaints, a number that is likely to increase if they aren’t taught the potential disaster of the “willingly-without-regard-to-the-consequences” giving out of their sensitive data. On comparison, the 60-plus age group files less than 10 percent of the total complaints. Apparently us old farts aren’t as far out of it as we might have thought.

No comments: