Add-Ons to Online Social Profiles Expose Personal Data to Strangers
Washington Post Staff Writer Thursday, June 12, 2008; Page A01
Washington Post Staff Writer Thursday, June 12, 2008; Page A01
Facebook fanatics who have covered their profiles on the popular social networking site with silly games and quirky trivia quizzes may be unknowingly giving a host of strangers an intimate peek at their lives.
Those mini-programs, called widgets or applications, allow users to personalize their pages and connect with friends and acquaintances. But they could pose privacy risks. Some security researchers warn that developers of the software have assembled too much information -- home town, schools attended, employment history -- and can use the data in ways that could harm or annoy users.
Even private profiles, in which personal details are available only to specific friends, reveal personal information. And they're allowing access to their friends' information -- even if their friends are not using the application. That's because MySpace and Facebook, the largest online social networks, let outside developers see a member's information when they add a program.
You want to be social with your friends, but now you're giving 20 guys you've never met vast amounts of information from your profile. That should be troubling to people.
Each site has come up with its own policies on the data that developers are allowed to see. MySpace, the largest social network, with 110 million members, said developers can see users' public details -- name, profile picture and friend lists -- when they download a program. When a user installs one on Facebook, which has 70 million members, the developer can see everything in a profile except contact information, as well as friends' profiles. Members can limit what is seen by changing privacy controls, and both companies say developers are allowed to keep those data for only 24 hours. Ben Ling, director of Facebook's platform, said that developers are not allowed to share data with advertisers but that they can use it to tailor features to users.
Those mini-programs, called widgets or applications, allow users to personalize their pages and connect with friends and acquaintances. But they could pose privacy risks. Some security researchers warn that developers of the software have assembled too much information -- home town, schools attended, employment history -- and can use the data in ways that could harm or annoy users.
Even private profiles, in which personal details are available only to specific friends, reveal personal information. And they're allowing access to their friends' information -- even if their friends are not using the application. That's because MySpace and Facebook, the largest online social networks, let outside developers see a member's information when they add a program.
You want to be social with your friends, but now you're giving 20 guys you've never met vast amounts of information from your profile. That should be troubling to people.
Each site has come up with its own policies on the data that developers are allowed to see. MySpace, the largest social network, with 110 million members, said developers can see users' public details -- name, profile picture and friend lists -- when they download a program. When a user installs one on Facebook, which has 70 million members, the developer can see everything in a profile except contact information, as well as friends' profiles. Members can limit what is seen by changing privacy controls, and both companies say developers are allowed to keep those data for only 24 hours. Ben Ling, director of Facebook's platform, said that developers are not allowed to share data with advertisers but that they can use it to tailor features to users.
"When we find out people have violated that policy, there is swift enforcement," he said.
But it is often difficult to tell when developers are breaking the rules by, for example, storing members' data for more than 24 hours, said Adrienne Felt, who recently studied Facebook security at the University of Virginia.
Almost 90 percent of the applications have unnecessary access to private data. Once the information is on a third-party server, Facebook can't do anything about it.
Revealing information on quizzes or maps of places visited, for instance, may also make it easier for strangers to piece together tidbits to create larger security threats.
Nowadays, some people have downloaded so many [applications], it's a constant flow of information about what they've done, what they're doing, which can be mined by your friends and also by someone you don't know anything about. This fact, is important when we actually give personal information to an application, that gives it to a third person we don't know.
But it is often difficult to tell when developers are breaking the rules by, for example, storing members' data for more than 24 hours, said Adrienne Felt, who recently studied Facebook security at the University of Virginia.
Almost 90 percent of the applications have unnecessary access to private data. Once the information is on a third-party server, Facebook can't do anything about it.
Revealing information on quizzes or maps of places visited, for instance, may also make it easier for strangers to piece together tidbits to create larger security threats.
Nowadays, some people have downloaded so many [applications], it's a constant flow of information about what they've done, what they're doing, which can be mined by your friends and also by someone you don't know anything about. This fact, is important when we actually give personal information to an application, that gives it to a third person we don't know.
No hay comentarios:
Publicar un comentario