Who Needs Enemies When You Have Facebook Friends?

By | January 24, 2008

It might be time to remove a) all your data and b) all third party apps from your Facebook profile. Here’s why.

Add a Facebook app — SuperPoke, all that kind of stuff — and you’re required to agree to “allow this application to…know who I am and access my information.” Disagree and you can’t install it.

Now this may be fine for you. But what the application doesn’t say is that the application is also now able to access the private data of your friends. To be clear about this, I’m not talking about friends who also agree to install the app; I’m talking about all your friends, period.

And most applications do access this data, without really needing to, according to research by the University of Virginia. In other words, by accepting someone’s friendship on Facebook, you’re agreeing to allow all the third party apps they install to access your private data.

What is private data? Well, think your name, your profile picture, your gender, your birthday, your hometown location…your current location…your political view, your activities, your interests…your relationship status, your dating interests, your relationship interests, your summer plans, your Facebook user network affiliations, your education history, your work history,…copies of photos in your Facebook Site photo albums…a list of user IDs mapped to your Facebook friends. (from Facebook’s Application Terms of Service, via Webware.)

This is not good. Especially when you consider that this data is stored, not on Facebook’s computers where you and they might be able to keep an eye on it, but on the computers of the third party apps. And this is where it gets tricky.

Facebook’s response to these revelations, detailed and explored by Chris Soghoian over at Webware, is that it’s basically up to us users to gauge whether a Facebook app is kosher and going to be careful with our data. But who are these third party developers?

I explored this a bit last November, when I tried to find out who was behind one app called ATTACK! I eventually was able to, but it wasn’t easy, and it definitely wasn’t just a question of visiting their homepage (they didn’t have one, although the developers have since posted a comment there saying they hadn’t had time to set one up, and have changed certain features. It still doesn’t have a link to any webpage that might give a user any insight about who is behind the app, though the developers do provide links to their Facebook pages.)

The points are twofold:

  • Our data is vulnerable to the weakest link in the chain, which will be a friend we’ve given full access to who installs every third party app there is. Do you know who all your friends are, and can you trust them not to install every app they come across?
  • We’re endangering our friends’ security by installing third party apps.

For me the bigger issue is this. Facebook is already facing investigation in the UK for making it too hard to delete one’s personal data. So, if these third party apps are storing our data without our knowledge on their own computers, what happens to that data if we decide to delete our private data from our Facebook account, or our Facebook account entirely? How do we know what is deleted and what isn’t?

Exclusive: The next Facebook privacy scandal | Webware : Cool Web apps for everyone

5 thoughts on “Who Needs Enemies When You Have Facebook Friends?

  1. mattbg

    Very interesting!

    The Guardian also had a good article on the Facebook backroom:


    Facebook’s most recent round of funding was led by a company called Greylock Venture Capital


    One of Greylock’s senior partners is called Howard Cox […] who is also on the board of In-Q-Tel. What’s In-Q-Tel? Well, believe it or not (and check out their website), this is the venture-capital wing of the CIA.


    in 1999 [the CIA] set up their own venture capital fund, In-Q-Tel, which “identifies and partners with companies developing cutting-edge technologies to help deliver these solutions to the Central Intelligence Agency and the broader US Intelligence Community (IC) to further their missions”.

  2. Pingback: Strategic Developer | Martin Heller

  3. jhay

    This is a major issue, however, my immediate concern is that there’s just too many apps on Facebook which I feel has little to no real value at all.

    So I was SuperPoked by a friend. So? And everyday, I get like 50+ notifications that someone in my network has sent me, gave me that, did something else, etc.

    It’s a deluge of information really. Annoying, almost useless information.

  4. Jen

    I agree with Jhay. I don’t get the real usage of Facebook, other than for high school students to get more popularity. At this point in life, I get better value from LinkedIn and Ning. Just my two cents.

  5. Luke Slomka

    thats one interesting set of facts. it would be good to get some insight into what you think the worst case senerios could be. do you think this info is really that precious, what can be done with it that might be bad?

    Luke Slomka


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.