Facebook applications can steal personal data

The BBC discovered that personal details of Facebook users can be easily stolen by applications.

But a malicious program, masquerading as a harmless application, could potentially harvest personal data.
Facebook says users should exercise caution when adding applications. Any programs which violate their terms will be removed, the network said.

The reason why this is worrying is because there are so many pointless applications on Facebook such as IQ tests and random “Which character from Lazy Town/Star Trek are you?” quizzes. And there is no way to tell what they do with your data. Spammers can easily create applications to steal your personal data and all you need to do is to accept an invite. (In fact some applications trick you by setting the text of one of the buttons to “No, thanks” or something so that declining to install the application still leads to it being installed.

Now, Facebook does have a confirmation screen where you can choose which pieces of personal info you’re willing to share with the application. The problem is that you need to make the decision without knowing what the application will do with it and whether the application needs that information in order to function correctly.

I have worried in the past about installing Firefox extensions for the same reason. A Firefox extension has access to your entire computer and private information about the sites you visit, etc. However, I think the Firefox team do a great job of ensuring that bad extensions get weeded out. Mozilla Add-On reviewers presumably check the source code of all submitted extensions (and most extensions are open source unless binary). With Facebook applications, Facebook can’t even access the source code of applications as they are hosted on third party servers.

In fact, the only way we can see of completely protecting yourself from applications skimming information about you and your friends is to erase all the applications on your profile and opt to not use any applications in the future.

Perhaps something for all us Facebook users to think about.

Leave a Reply

Your email address will not be published. Required fields are marked *