Eric Jennings

A few months ago, I posted about a computer science major who had done some research about the third party applications that many people add to Facebook.  In her research, Adrienne Felt found that “90.7% of applications are being given more privileges than they need.”  Well, the BBC recently did a little research of their own and found that even though you may not install any of those applications on your Facebook profile, having a friend who has done so can compromise your profile’s data.

The BBC created a third party application that allows the application’s owners to harvest personal details like a person’s name, hometown, school, interests and photograph.

We wrote an evil data mining application called Miner, which, if we wanted, could masquerade as a game, a test, or a joke of the day. It took us less than three hours.

But whatever it looks like, in the background, it is collecting personal details, and those of the users’ friends, and e-mailing them out of Facebook, to our inbox.

When you add an application, unless you say otherwise, it is given access to most of the information in your profile. That includes information you have on your friends even if they think they have tight security settings.

Did you know that you were responsible for other people’s security?

The BBC asserts that this type of application can make stealing someone’s identity that much easier.  I think they’re right.  I may be a little more paranoid than others on Facebook because I don’t add applications simply because you sign away your information to those people who created an application.  I’m sure that most of the applications are harmless, but there are some that might not be.  You’re probably saying to yourself that I’m crazy since I have a blog which gives out a lot of personal information.  You’re right.  But, I also have control over what goes up on the blog but I don’t have control over what information one of those third party applications takes from my Facebook profile whose information I can control.

Interestingly enough, the difference between Facebook and its rival MySpace, who recently added applications, is that MySpace’s applications reside on MySpace servers.  This allows them to make sure applications are not taking information that they shouldn’t or just being nefarious like the fake BBC Facebook application was.  Facebook responded to the news story saying that they have a team of investigators who are on top of things when it comes to malicious applications.  Much of what they said was pretty weak in my opinion basically shirking the responsibility since the third party apps aren’t from Facebook.  They also point out, correctly, that the people who add an application are ultimately responsible for their own actions and if they suspect anything being done with an application is wrong, they should report it.

Where does this leave us?  Well, we can’t all just get rid of friends on Facebook because what’s the point of a social network if you don’t have any friends?  I think the main thing is that we all need to be more careful about letting information out online.  There are obvious benefits to being part of an online community and as this report and others have shown, there are drawbacks as well.  Being responsible with the data that you give out and actually going through the privacy settings is the easiest way to make yourself comfortable.