Thursday, April 8, 2010

Facebook Privacy Issues and Your Security

We usually do not spend time reading User Policy and Agreement or Privacy Policy, but trust me, its worth it if you spend some 20 minutes of your time understanding these agreements before you accept them. Some are harmless, some are clearly harmful,taking part or all of your freedom away.
So I took time to read the Facebook Privacy Policy and terms and agreements and here are a few points I noted down that in my opinion tramples on the privacy of Facebook users.
1. Privacy Policy:"When your friends use Platform. If your friend connects with an application or website, it will be able to access your name, profile picture, gender, user ID, and information you have shared with 'everyone.' "
My Opinion: When my friends chooses to use platform, data they give out should be limited to just them and not others who are not interested in these applications getting their data. In security terms, if there is a vulnerability in the application used by my friend,though I have not subscribed to it, I automatically become a target for any exploit or attack including my friends who also have not connected to the application.
Facebook must change this because I see a huge privacy infringement. Access to user data by applications used by other friends must be strictly by permission of the user and not a default acceptance. This way we do not become vulnerable to coordinated attacks carried out on one user.
2. Section 4- "Information You Share With Third Parties.Facebook Platform. As mentioned above, we do not own or operate the applications or websites that use Facebook Platform. That means that when you use those applications and websites you are making your Facebook information available to someone other than Facebook."

My Opinion: Now here comes the big shot that I find in this statement and the one above.The implication of the 2 statements above is that, for any application your friends use, you are by default a target of vulnerabilities and exploit and since Facebook is not responsible for developing those applications they do not 'care' about the effect the application has on your personal data. Granted, if I choose to use an application, then I am solely responsible for whatever information the application grabs from my profile. My advice to my friends has always been that they should refrain from using multiple applications and joining several groups unless they do not mind their information ending up on a spam zombie in an unknown village. The security implications and vulnerabilities of using such applications on Facebook ranges from medium to high.
If I have not allowed any application to access my data, and my friend chooses to use one, why should I be affected by his or her choices?This is a question Facebook must answer.

My Final thoughts: Whiles Facebook might choose to ignore user privacy concerns, you need to act responsibly by using few or none of these applications. Protect yourself and your friends from possible data theft and privacy infrigments without your notice. Inform your friends to refrain from using applications since they put your information at risk.
If anything should happen with your data, Facebook will simply refer you to the section of their privcay policy which says "When your friends use Platform. If your friend connects with an application or website, it will be able to access your name, profile picture, gender, user ID, and information you have shared with 'everyone."

Stay safe folks, use less or no application at all

You can read this article during another free time from another concerned Facebook user:
http://www.sophos.com/blogs/chetw/g/2010/04/07/facebook-privacy-standup-rivals/

exit(d3vnull);