Who Needs Enemies When You Have Facebook Friends?

It might be time to remove a) all your data and b) all third party apps from your Facebook profile. Here’s why.

Add a Facebook app — SuperPoke, all that kind of stuff — and you’re required to agree to “allow this application to…know who I am and access my information.” Disagree and you can’t install it.

Now this may be fine for you. But what the application doesn’t say is that the application is also now able to access the private data of your friends. To be clear about this, I’m not talking about friends who also agree to install the app; I’m talking about all your friends, period.

And most applications do access this data, without really needing to, according to research by the University of Virginia. In other words, by accepting someone’s friendship on Facebook, you’re agreeing to allow all the third party apps they install to access your private data.

What is private data? Well, think your name, your profile picture, your gender, your birthday, your hometown location…your current location…your political view, your activities, your interests…your relationship status, your dating interests, your relationship interests, your summer plans, your Facebook user network affiliations, your education history, your work history,…copies of photos in your Facebook Site photo albums…a list of user IDs mapped to your Facebook friends. (from Facebook’s Application Terms of Service, via Webware.)

This is not good. Especially when you consider that this data is stored, not on Facebook’s computers where you and they might be able to keep an eye on it, but on the computers of the third party apps. And this is where it gets tricky.

Facebook’s response to these revelations, detailed and explored by Chris Soghoian over at Webware, is that it’s basically up to us users to gauge whether a Facebook app is kosher and going to be careful with our data. But who are these third party developers?

I explored this a bit last November, when I tried to find out who was behind one app called ATTACK! I eventually was able to, but it wasn’t easy, and it definitely wasn’t just a question of visiting their homepage (they didn’t have one, although the developers have since posted a comment there saying they hadn’t had time to set one up, and have changed certain features. It still doesn’t have a link to any webpage that might give a user any insight about who is behind the app, though the developers do provide links to their Facebook pages.)

The points are twofold:

  • Our data is vulnerable to the weakest link in the chain, which will be a friend we’ve given full access to who installs every third party app there is. Do you know who all your friends are, and can you trust them not to install every app they come across?
  • We’re endangering our friends’ security by installing third party apps.

For me the bigger issue is this. Facebook is already facing investigation in the UK for making it too hard to delete one’s personal data. So, if these third party apps are storing our data without our knowledge on their own computers, what happens to that data if we decide to delete our private data from our Facebook account, or our Facebook account entirely? How do we know what is deleted and what isn’t?

Exclusive: The next Facebook privacy scandal | Webware : Cool Web apps for everyone