All social network platforms have by nature the embedded risk of getting your personal data stolen or misused. Copy & Paste is just too easy not to speak about digital “methods” for an automatic sniffling of personal data. It is a personal decision if one wants to post his data or not – I personally prefer to see my posted data on the net rather than finding any surprises on Google posted by someone else or related to an individual with the same name.
I believe however that it should be a human right that everyone has full control over his data and knows exactly who has the right to get legal access to them, including Facebook.
One of the major reasons of Facebook‘s success story is the wealth of applications users can easily add to their profile pages:
Quizzes, little games, IQ tests, polls, etc. – there are thousands of these gadgets available. And once you have added an application, your friends are encouraged to add it too. Most of today’s users (at less 90% of my friends/contacts) do not avoid spamming and they send out a recommendation for each and every application they install. [W: Facebook] growth is currently around 100K users a week(!) and almost everyone of them (including myself) has installed one of this applications.
I spent some time yesterday to have a look at the programming interface for [W: Facebook]. It’s not true that anyone with a basic understanding of web programming can write an application, but I have to admit that it is not too complicated. I was quite surprised to see that the self programmed applications have to run on your own server and not on the [W: Facebook] platform. Even though this is a quite modern approach with the benefit of an excellent workload balancing, it has the clear risk that data are leaving the [W: Facebook] platform and can easily be stored outside of [W: Facebook] without the enduser really realising this fact. – I know that [W: Facebook] themselves teach their users to analyse very carefully which application to install, but let’s be honest, how many (especially non technically interested) users are influenceable by these footnotes and hints?
The issue and the danger of this gadget applications is that you can’t know what they are doing in the background: whatever they might look like, in the background, they can collect personal data and most important those of your friends, storing them in an own database on an own server or sending them out by emailing them to a different server.
When people add an application, unless they say otherwise (and again I bet that more than 99.9% of the users won’t decline), it is given access to most of the information in their profile. That includes information you have on your friends even if they think they have tight security settings.
Did you know that you were responsible for other people’s security?
I’m not a guru programer but I’m developing programs as a hobby and even though I do not know about any application misusing data it seems easy – really easy – for an average developer to do so. Because the applications run on a third-party serves, not run by [W: Facebook] – it is difficult for the company to check what is going on, whether anything has changed, and how long applications store data for and what they do with it. [W: Facebook]‘s terms and conditions contain a warning that this could in theory happen, and offer the option to stop an application from accessing your details, many games and quizzes would not work if this option is engaged.
In fact, the only way we can see of completely protecting yourself from applications skimming information about you and your friends is to erase all the applications on your profile and opt to not use any applications in the future. If [W: Facebook] is right that they have efficient mechanisms in place to check for unusual behaviour of an application,an insecure application can spread like a (computer virus) and it might be too late waiting for a detection by [W: Facebook].
- Don’t subscribe to social networks
- Assume that the personal information and photos you display will be publicly available and not just available to specific friends. Make your choice what to post based on this Golden Rule.
- Strong Passwords, always! – It may seem obvious but make sure you use a strong password for your account. Also, I suggest to use a separate password for fast growing platforms like [W: Facebook]. The people who want to offend you are using successful platforms.
- Secure your birth date – Birth dates are often required to validate your identity. Under Profile, you can choose to not display your birthday – you should at least not post your year of birth.
- Privacy Profile Settings – I suggest setting the Profile Privacy > Basic to “only me” for items: Education Info, Work Info and Profile Privacy > Contact Information to “no one” for items: Mobile Phone, Land Phone, Current Address, Email. You may want to display your website address for advertising, but be than aware what further information your have already published on that platform.
- Privacy Application Settings - Each [W: Facebook] application has similar settings to those of the Privacy settings. New applications are being added everyday. Its difficult to define a set policy. However, I suggest you remove any unwanted applications and/or limit there settings as required. It might be very useful in future to have spend this extra time on carefully reviewing the rights you give to an application.
- Privacy Search Settings – Depending on your use of [W: Facebook], you may not want to be publicly visible or you may want to limit what information is available to all users (i.e. your picture, friend list etc.). We recommend changing the search settings from “everyone” to “friends of friends”. You may also want not(!) to tick “view your friends list“.
- Privacy News Feed and Mini-Feed Settings – Control what stories about you get published to your profile and to your friends