Is Your Facebook Profile As Private As You Think?
by Martin Kaste
Second in a four-part series
As you answer questions for a quiz on Facebook, do you know what it could be doing in the background?
Much has been made in recent years of the so-called Facebook generation, which supposedly consists of 20-somethings who like to go online and spill their guts without regard for privacy. The reality is more complex.
Yes, social network users post a lot of personal information. But they’re sharing it within a circle of online "friends." And they fiercely resist outsiders’ attempts to get a peek.
Last summer, city administrators in Bozeman, Mont., began requiring job applicants to provide usernames and passwords to their social networking accounts, as part of the background check. The new requirement caused such an uproar, the city manager held a press conference to apologize.
In This Series
Social network users assume a degree of privacy within their circle of friends — but it’s not a safe assumption to make.
A Facebook Quiz About Facebook Quizzes
A social network account can be seen by the company that runs the service, of course, but there’s also the possibility of third-party snooping.
Chris Conley of the American Civil Liberties Union of Northern California is particularly concerned about the quizzes that circulate on Facebook.
"These quizzes are very common," Conley says. "If you go on Facebook you see all your friends have taken a quiz or several quizzes, depending on how much time they spend online."
What people often don’t realize, Conley says, is that these quizzes are applications. Just like games and other entertainment, they’re programs that run in a user’s Web browser.
"You think that all you’re doing is answering a few innocent questions," Conley says. "But in fact, you’re opening up your entire profile and almost all your personal information to whoever wrote the quiz."
To demonstrate, Conley wrote his own Facebook quiz. When you run it, it gathers your information, then shows you, the user, what it got.
That means your photos, political views, even sexual preferences can be sent back to the stranger who wrote the quiz application.
Facebook is not pleased with Conley’s quiz.
Take the ACLU’s quiz and learn what information Facebook quizzes can learn about you. [NOTE: You need to have a Facebook profile to take this quiz.]
"It is technologically possible for anyone who writes an application to write an application that abuses a user’s privacy," says Tim Sparapani, director of public policy at Facebook.
But Sparapani says such a quiz would violate Facebook’s rules.
"When that happens, we find out about it, and we take action to enforce our terms of service, and then we take legal action to scrape back data that’s been unlawfully or inappropriately gathered from our users," Sparapani says.
If you aren’t on Facebook, you can read more about the quiz.
He won’t cite a specific case of such enforcement, but he says it has happened. And he says that enforcement makes Facebook applications safer than applications downloaded from the open Internet.
Computer security experts doubt the effectiveness of this policing given the vast number of people creating applications for use on the Facebook platform. Facebook itself estimates there are more than 1 million developers for the Facebook platform worldwide.
This year, Canada’s privacy commissioner complained about the "information scraping" potential of third-party applications, threatening to take action against Facebook. The company agreed to give users more information about what an application might be able to "see" in their personal accounts and to give them more chances to deny applications permission to look around.
Facebook says some of these changes could take a year to complete. And Sparapani says they’ll end up limiting some of the functionality of Facebook applications.
But the questions about social network privacy go beyond Facebook.
Your Social Life Is Big Business
Nathan Hamiel of the Hexagon Security Group has demonstrated how third-party programs could also collect information from MySpace accounts.
To him, the real problem is the false assumption of security on social networks.
"There’s a perceived safety," he says. "People are a lot more loose with their information because they don’t realize the trust they’re putting into this application developer."
People tend to open up about themselves on social networks, and that kind of candor is worth money. There are now companies that mine social sites for data to sell to marketers.
For example, Rapleaf, a company in San Francisco, looks at blogs, forums, discussion boards, social networks and review sites. "All those things combined can give you a really good picture of a person," says Auren Hoffman, Rapleaf’s CEO.
He says Rapleaf’s computers crawl only the public parts of the social Web. Even so, Rapleaf claims it has what it calls "insights" into almost 400 million people worldwide. Those insights are sold to marketers.
Hoffman says it’s valuable information that adds to the supply of data that make modern life possible.
"If we didn’t have data, our world wouldn’t work," Hoffman says. "You’d have to put money down to get like a cable television or a cell phone or any of those things that we take for granted today."
The question is, are people prepared to have their daily commercial transactions affected by their online social lives? It’s enough to give even the Facebook generation pause.