Facebook Apps Leaking Your Information
A report was recently published claiming that nearly 100,000 Facebook apps have been leaking access codes belonging to millions of users’ profiles. Symantec released the report and said that an app security flaw may have given apps and other third parties access to users’ profiles. Facebook maintains that they have no evidence of this occurring.
In their report, Symantec wrote:
We estimate that as of April 2011, close to 100,000 applications were enabling this leakage. We estimate that over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties.
These “access tokens” help apps interact with your profile.They are most often used to post updates from the application to your wall. When you add the applications to your profile you, as the Facebook user, is giving the apps access to your information by accepting their conditions. According to the investigation, these tokens were included in URLs sent to the application host and were then sent to advertisers and analytics platforms. If the recipient recognized the codes (meaning they have to be qualified to read and write HTML code), they could gain access to the user’s wall’s and profile.
Facebook Can Use Your Photos in Their Ads Without Permission
Did you know that Facebook can use photos you post on the site in advertisements targeted on the right (advertising) side of your contact’s profile?
Unless you customize your privacy settings, Facebook can share just about anything you post with just about everyone. Using your intellectual property for their financial gain is not a new Facebook issue, but one that should be revisited due to recent Facebook Privacy changes. Here’s the funny part: you gave Facebook the right to use any of your content in any way they see fit when you signed up for your account and didn’t read the user agreement. If you visit the Facebook Statement of Rights page you will see the following:
You own all of the content and information you post on Facebook, and you can control how it is shared through your privacy and application settings. In addition:
- For content that is covered by intellectual property rights, like photos and videos (“IP content”), you specifically give us the following permission, subject to your privacy and application settings: you grant us a non-exclusive, transferable, sub-licensable, royalty-free,
worldwide license to use any IP content that you post on or in connection with Facebook (“IP License”). This IP License ends when you delete your IP content or your account unless your content has been shared with others, and they have not deleted it.
Facebook Safety: New HTTPS Facebook Settings
Facebook has announced that they will be rolling out a new security feature that will add full HTTPS support to the site. The new secure site uses the same underlying technology that banks use to keep your communications out of the reach of potential hackers. While many people don’t have this feature yet and mine just showed up today, eventually all users should have the capability.
To enable HTTPS, log into your Facebook account and at the top right go into Account -> Account Settings.
Once there, scroll all the way to the bottom and click “change” next to Account Security.
The following screen should pop up. Check the box under Secure Browsing. You can also check “send me an email” (or a text message to your cell phone, which I don’t advise giving to Facebook) so that if someone tries to log into your account from a new computer, Facebook will immediately alert you. This is a good way to find out fast if your account has been hacked.
Facebook rolled out these secure settings to make Facebook seem safer, but like many of their security changes, they are turned off by default. You must go in and manually change the feature to gain the added security.
Facebook’s Zuckerberg Gets Hacked
While Facebook privacy issues are becoming a concern for most users, you would think that the CEO of Facebook should at least be protected. Apparently that is not the case. Mark Zuckerberg’s Facebook page was hacked last week. The founder of the social networking giant found himself to be a victim of what many users often face, and I hope it prompts him to incorporate more robust security into the fabric of Facebook. In fact, my experience is that people’s willingness to pay attention to privacy and data security goes up exponentially when they have experienced a breach first hand.
Here is what The Guardian had to say about Zuckerberg’s breach:
“Mark Zuckerberg’s Facebook page has been hacked by an unknown person who posted a status update suggesting that the site should let people invest in it rather than going to the banks. The page belonging to the 26-year-old Zuckerberg, the Facebook founder who was named Time‘s Man of the Year in 2010, was hacked some time on Tuesday.” (The Guardian)
This hacking comes at the heals of the announcement that Facebook is worth about $50 billion after investors such as Goldman Sachs and a Russian venture capital firm started to take interest in the company. Many believe that those who made Facebook what it is today, the users, should be able to invest and profit from the billion dollar company. One significant breach of Facebook’s data could reduce that valuation by about 40%, as the loss of user trust would be devastating.
Facebook Boiling the Privacy Frog (You)
Facebook is preparing to give away your phone number and address to app developers and advertisers.
The frog is officially beginning to boil. Just check out all of the articles swirling around on the internet about Facebook’s latest attempt to release more of your information without your consent. This time they want to give out your phone number and address. They were pretty clear that the reason they want this information is to pass it on to developers of apps such as Farmville and advertisers that want to bolster their profile on you. They released the post late Friday afternoon – so late in fact that many news outlets didn’t pick it up until Monday. Many are accusing Facebook of trying to bury the news.
Here is what was posted:
User Address and Mobile Phone Number
We are now making a user’s address and mobile phone number accessible as part of the User Graph object. Because this is sensitive information, we have created the new user_address and user_mobile_phone permissions. These permissions must be explicitly granted to your application by the user via our standard permissions dialogs.
Although users currently have to give applications permission to access their information, there is a slight addition above to the type of information being shared. Look for “Access my contact information”, with the subtitle “Current Address and Mobile Phone Number” (see image above). If Facebook were actually interested in making their data sharing strategy noticeable, at least they could have bolded the warning rather than the hey-don’t-pay-attention-to-me-faded-gray they used.
Cyber-Bullying and Social Networking Identity Theft
With the meteoric rise in cyber-bullying, parents are desperate to find a way to shield their children. Unfortunately, most parents are far behind their child’s proficiency with technology. Many don’t text, aren’t on Facebook, and are oblivious to the many ways in which kids can taunt each other with technological ease. Although children may be quick and nimble with technology, they lack the maturity to understand its consequences.
A recent article in the New York Times on Digital Bullying (read the MSN version here) addressed these very issues and gave true and heart-wrenching accounts of how parents were left helpless at the hands of their children’s online bullies. “I’m not seeing signs that parents are getting more savvy with technology,” said Russell A. Sabella, former president of the American School Counselor Association. “They’re not taking the time and effort to educate themselves, and as a result, they’ve made it another responsibility for schools.”
Kids have a great deal of anonymity on the internet if they want it, and can easily impersonate another child or steal their identity. This modified form of identity theft (character theft, I tend to call it), allows the bully to hide behind his or her computer with no real consequences for what they are saying. A scathing remark made in passing by one child can haunt another child for the rest of their lives.
Facebook Privacy Breach – Eventually, We’ll Lose our Trust
According to a Wall Street Journal investigation, Facebook apps are sharing more about you than you think.
The Journal stated in their article, Facebook in Privacy Breach, that many of the most popular applications on the site are transmitting personal information about you and even your friends to third party advertisers and data companies. Apps such as BumperSticker, Marketplace, or Zynga’s Farmville (with over 50 million users) can be sharing your Facebook User ID with these companies. This can give as little information as your name, or as much as your entire Facebook Profile. In some cases, your data is being shared even if you have set your Facebook privacy settings to disallow this type of sharing.
According to the Journal:
“The most expansive use of Facebook user information uncovered by the Journal involved RapLeaf. The San Francisco Company compiles and sells profiles of individuals based in part on their online activities.. The Journal found that some LOLapps applications, as well as the Family Tree application, were transmitting user’s Facebook ID numbers to RapLeaf. RapLeaf then linked those ID numbers to dossiers it had previously assembled on those individuals… RapLeaf then embedded that information in an Internet-tracking file known as a cookie.”
RapLeaf in turn transmitted this Facebook ID and user information to a dozen other advertising firms.
6 Things You Should Never Reveal on Facebook
Yahoo.com just published the following article that every Facebook user should read. I recommend you follow each of these suggestions, and if you want to learn more, read my Facebook Safety Survival Guide.
6 Things You Should Never Reveal on Facebook
by Kathy Kristof
The whole social networking phenomenon has millions of Americans sharing their photos, favorite songs and details about their class reunions on Facebook, MySpace, Twitter and dozens of similar sites. But there are a handful of personal details that you should never say if you don’t want criminals — cyber or otherwise — to rob you blind, according to Beth Givens, executive director of the Privacy Rights Clearing House.
The folks at Insure.com also say that ill-advised Facebook postings increasingly can get your insurance canceled or cause you to pay dramatically more for everything from auto to life insurance coverage. By now almost everybody knows that those drunken party photos could cost you a job, too.
You can certainly enjoy networking and sharing photos, but you should know that sharing some information puts you at risk. What should you never say on Facebook, Twitter or any other social networking site?
Your Birth Date and Place
92% of U.S. Babies Are Online
According to a recent survey by the Internet Security Firm AVG, more than 8 out of 10 babies worldwide under the age of 2 have some sort of online presence. A staggering 92% of American babies have an online presence compared to 73% of babies in Western Europe. The study covered 2,200 mothers in the UK and eight other industrialized countries. With new technology and social media outlets such as Facebook, MySpace, and Twitter, mothers and fathers are eager to post photos and write about their children - even before the baby is born.
When these children become adults, it will be literally impossible for them to separate from their digital past. I can just see the photos and stories posted when they begin to run for office, try to find a job or meet a partner. Digital memory lasts forever, and it is very unforgiving. Those of us older than about 35 have had a chance to put our bad decisions behind us. Children born today will have every aspect of their life recorded, uploaded, backed up, forwarded and publicized completely without their consent.
It was found in England that 23% of babies have an online presence before they are even born. This figure is higher in the US, where 34% have posted sonograms online, while in Canada the figure is even higher at 37%. Another shocking statistic is that even though they are unable to type yet, 7% of babies and toddlers have an email address by the time they are 2.
Sileo In the Media
Privacy Project Newsletter
Tools and tips for bulletproofing yourself against identity theft, data breach and corporate espionage. Subscribe to the newsletter and get John Sileo's 7 Survival Strategies for Starving Data Spies for FREE!
