Identity Thieves Have A Hidden App For That
A Top Advertiser on Facebook Operates a Bing Affiliate Scam

Facebook Lets Apps Grab More Members' Personal Data, Then Reverses Decision

Facebook apps request for address and mobile phone number information

Last Friday, the Facebook Developer blog announced that applications can now use Facebook members' home address and mobile phone numbers:

"... We are now making a user’s address and mobile phone number accessible as part of the User Graph object. Because this is sensitive information, we have created the new user_address and user_mobile_phone permissions..."

This is important because consumers could receive phishing messages via text messages. This is why the Sophos Naked Security blog described this change as a risk to Facebook members. Of course, the change is great news for app developers who wish to compile a more comprehensive database of their app's users. This change puts more members' personal information in the hands of app developers, some will keep this information secure, and some probably won't. Others may resell it to other companies. As far as I know, Facebook does not monitor apps in an ongoing manner for compliance.

Plus, with this change Facebook apps will collect only the specific member's address and mobile phone number. Realize that Facebook could change it again in the future and allow apps to collect the home address and mobile phone information of all of your friends.

This is another example of how Facebook's nasty habit of redefining "private" personal information as "public." It's a major reason why I do not trust Facebook and include a minimal amount of personal information in my Facebook profile. Personal information that is private today, Facebook wiill redefine as public in the future when it suits its needs; not your or my needs. That doesn't work for me. And I imagine it doesn't work for you either.

What should consumers do? If you insist on using Facebook, don't include personal information in your profile that you don't want made public -- ever. It may be treated as private by Facebook today, but that is no guarantee about the future. Second, check the permissions on the apps you currently use and make sure they don't disclose more data than you want.

Third, read the privacy policies of any apps before adding them. If the policy isn't clear, don't add that app. You do have a choice. You don't have to accept everything Facebook offers. (Yes, Facebook ultimately forced its new Profile page format on all of its members, but that is a topic for another blog post.)

Fourth, lock down your Facebook profile if you haven't done so already. My guess is that many new Facebook members still haven't done this and keep their profile page completely open to the public, because they don't know or haven't lived through last May's Facebook privacy setting changes. If you are new to Facebook, read this, and follow these 7 things you should stop doing on Facebook.

After receiving much feedback, on Monday Facebook reversed its decision to release the above members' personal information. You can read about it at The Register and at the Facebook Developers blog:

"Over the weekend, we got some useful feedback that we could make people more clearly aware of when they are granting access to this data. We agree, and we are making changes to help ensure you only share this information when you intend to do so. We’ll be working to launch these updates as soon as possible, and will be temporarily disabling this feature until those changes are ready."

Yes, a change like this should not be rushed and it should have the best, clearest user experience possible for users. After reading a FrameThink blog post about how Facebook is so engineering-driven, perhaps this engineering zeal needs to be balanced with customer-driven feature requests.


Feed You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.