Facebook Boiling the Privacy Frog (You)
Facebook is preparing to give away your phone number and address to app developers and advertisers.
The frog is officially beginning to boil. Just check out all of the articles swirling around on the internet about Facebook’s latest attempt to release more of your information without your consent. This time they want to give out your phone number and address. They were pretty clear that the reason they want this information is to pass it on to developers of apps such as Farmville and advertisers that want to bolster their profile on you. They released the post late Friday afternoon – so late in fact that many news outlets didn’t pick it up until Monday. Many are accusing Facebook of trying to bury the news.
Here is what was posted:
User Address and Mobile Phone Number
We are now making a user’s address and mobile phone number accessible as part of the User Graph object. Because this is sensitive information, we have created the new user_address and user_mobile_phone permissions. These permissions must be explicitly granted to your application by the user via our standard permissions dialogs.
Although users currently have to give applications permission to access their information, there is a slight addition above to the type of information being shared. Look for “Access my contact information”, with the subtitle “Current Address and Mobile Phone Number” (see image above). If Facebook were actually interested in making their data sharing strategy noticeable, at least they could have bolded the warning rather than the hey-don’t-pay-attention-to-me-faded-gray they used.
Twitter Security Loophole Exposes Your Direct Messages
Direct messages sent through Twitter can be easily exposed, thanks to a loophole in Twitter’s API, according to Gary-Adam Shannon at Search Engine Watch Reports. When a user logs into another site using their Twitter user name and password, the site can gain access to the private messages, says Shannon. He goes into technical detail, but essentially it’s just a small hack.Shannon recommends you don’t ever log in to a site (other than Twitter.com, obviously) using your Twitter user name and password. Another writer at Search Engine Watch recommends that users erase their Direct Messages after viewing them. There has been no comment from Twitter, but we hope they are looking into the issue now that the problem has been made public.
John Sileo is the award-winning author of Stolen Lives, Privacy Means Profit and the Facebook Safety Survival Guide. His professional speaking clients include the Department of Defense, the FTC, FDIC, Pfizer, Prudential and hundreds of other organizations that care about their information privacy. Contact him directly on 800.258.8076.
Facebook: Press 2 For Law Enforcement
I received an email last night from a well-known TV anchor wanting my input on a new Facebook issue. He’d read that when calling Facebook Headquarters, the automated attendant comes on and gives you options to reach each department, and the second option was to press 2 for “law enforcement.”
It could seem odd to many, but it’s true. If you call the Facebook Headquarters (650-543-4800) and reach the switchboard, the 1st option is “For customer support, press 1″ and the second option is “For law enforcement, press 2″. Law enforcement comes ahead of business development, marketing, press, and employment verification in the list of options.When you press 2, the next message says: “This message is only for members of law enforcement. Please note that due to a very large volume of incoming calls, the current call back time is two to four business days. For a faster response, please leave your work authorized email address… A member of Facebook’s security team will email in a timely manner.” Which means that Facebook is very busy fielding calls from law enforcement.
The anchor, and the rest of us, want to know why!
Online Safety: The Truth About Social Media Identity Theft
A New Study from the Ponemon Institute Reveals How Online Safety Behavior Leaves Consumers Vulnerable to Identity Theft.
Although more than 80% of study respondents expressed concern about their security while using social media, more than half of these same individuals admitted they do not take any steps to actively protect themselves. This data clearly demonstrates that while people may acknowledge that security is important, many do nothing to protect their information online.
Other key findings from the survey include the following:
- Approximately 65% of users do not set high privacy or security settings in their social media sites.
- More than 90% of users do not review a given Website’s privacy policy before engaging in use.
- Approximately 40% of all respondents share their physical home address through social media applications.
- Surprisingly, people who have been victims of identity theft are just as likely to be lax in securing their personal information online. Study results from identity theft victims and non-victims are virtually identical.
“The study results are extremely telling, especially about measures that users take, or fail to take, in order to protect their identity while using social networks,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “I was surprised that those who had experienced identity theft in the past weren’t taking stronger measures to protect their identity. No matter who you are, if you want to increase social networking safety, you must take the necessary steps to protect your information.”
Facebook Changing Privacy Settings – Again!
Facebook faced major backlash last month after they implemented a new tool that linked your interests to sites across the Internet and allowed third parties access to your information unless you specifically deny such access. As we mentioned in yesterday’s blog about an easy way to configure your privacy settings in Facebook, there are 50 different settings with more than 170 options!
Many Facebook users have been extremely vocal about their frustrations, even organizing efforts to quit the quickly growing site. According to CNN Facebook will be reversing these changes today to make them simpler for the user with the intent of increasing user privacy.
“I can confirm that our new, simpler user controls will begin rolling out tomorrow. I can’t say more yet,” Facebook spokesman Andrew Noyes told CNN in an e-mail Tuesday.
In a piece on Monday in The Washington Post, Zuckerberg said upcoming tweaks — which could be implemented as early as Wednesday — will make it simpler to use these privacy controls and and provide an easy way to turn off all third-party services. Keep your eye out for these changes, but if you are concerned about your current privacy settings try this new Facebook Privacy Tool.
Read more on the CNN article: Facebook to Announce Changes after Privacy Settings Backlash
How Do I Delete My Facebook Account?
How do I delete my Facebook account? I get asked this question every day. At my speeches, by my clients, by my friends and family. It used to be that people no longer wanted the mundane information overload that Facebook promotes. But now they are looking at it from a privacy perspective – they no longer want their thoughts, pictures, and videos shared indiscriminately with people they don’t know.
The defections have been sparked by Facebook’s continuing march to sell your private information (with only your implied consent, i.e., simply by using Facebook, you agree to their terms) with an ever widening circle of people who are NOT YOUR FRIENDS (advertisers, data miners, and unfortunately, identity thieves). Many of the corporations I speak for have me include a component on safe social networking because the information their employees are posting (personally or professionally) are damaging their corporate brand and profits either through data leakage or as a beach-head for social engineering and other types of fraud.
In past posts, I have pointed to the tools at your disposal to tighten down your Facebook security settings. But suddenly, that is no longer complete enough for people, as Facebook continues to erode what little privacy you can control. Just look at the privacy related Facebook news in the past few weeks:
Google Buzz: Social Networking Privacy
Yesterday, Google revealed its new social networking tool, Google Buzz. This is a new way to see status messages, picture updates, and Buzz messages of your friends straight through your Gmail account. In some respects, it is very similar to tweets and Facebook status updates, but with the technology and cross-promotion that only Google can deliver. Just as Facebook has tried to combine social media (profiles, messages, pictures, status updates) in one place, Google is attempting to do the same with your email inbox.
What can seem like an innocent way to update friends, if not used correctly, can post personal and seemingly private information in both the public stream and for those in your geographic vicinity. Read more about Google Buzz and Your Privacy Settings here.
PC World has written an article discussing the the most pressing questions about Google Buzz. It touches on things like how advertisements will be targeted to you based upon your status updates. I can only imagine that this would be very similar to how they currently use the content of your email messages to place targeted ads on your gmail screen.
As with any social networking site, be vigilant, as what you post can be made public, not only to your close friends, but to the world. With any social media the main privacy issue to remember is that all posts are public, permanent, and exploitable.
Has Twitter Peaked? Is Privacy Back?
What began in early 2009 as a free ‘information network’ that offers users the ability to microblog may have already reached the top. A new CNN article discusses how the number of Twitter users has flattened out and even deccreased recently. In July 2009, the site had 21.2 million users which dropped to 19.9 users only 5 months later in December.
Some believe this slump is due to Twitter’s inability to keep up with its users and others are finding the site less and less useful. Perhaps people are less inclined to put so much personal information on the World Wide Web, knowing that everything you post is public, permanent and exploitable. Or maybe we’re just tired of seeing how boring the average person’s day is.
Click Here to read this entire article.
John Sileo became one of America’s leading Social Networking Speakers & Identity Theft Expert after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076.
Social Engineering: Scams that play on your Human Emotion
If it seems too good to be true, it probably is. 
That is the best way to Think Like A Spy and be alert of Social Engineers that are trying to manipulate you. With such a gloomy economy and many people without work, offers for fast cash and huge discounts become more and more attractive. Most of these Identity Theft cases use the technique of Social Engineering.
Social Engineering is the act of manipulating people into performing actions or divulging confidential information by playing on their human emotions. The term typically applies to deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim. These days most thieves can nab your identity over the phone, mail, email, and through social networking sites such as Facebook and Twitter.
While some schemes scam you into giving out social security numbers, bank account numbers or other confidential identity pieces, others are as simple as a pickpocket distracting you emotionally while another thief steals your wallet or purse. Here are what a few of the most widely used savvy cyber attacks look like:
- Phony charitable phishing scams, many of which are designed to look as if they come from real charities. Always enter in the exact URL for the Charity that you wish to donate to rather than clicking on a link.
Sileo In the Media
Privacy Project Newsletter
Tools and tips for bulletproofing yourself against identity theft, data breach and corporate espionage. Subscribe to the newsletter and get John Sileo's 7 Survival Strategies for Starving Data Spies for FREE!
