subscribe: Posts | Comments

Another Day, Another Facebook Privacy Scare

Comments Off

If it seems that Facebook privacy scares are a regular occurrence in the media at this point, you are correct.  Today’s issue: certain apps are sharing your information.

As you can imagine, all of us here at Legally Social are shocked, shocked to hear about this stunning new development. 

Obviously, this is hardly news.  Given the number of apps used by Facebook’s 500 million users, and the fact that Facebook is merely the channel through which the apps are distributed, the likelihood that many apps would share information beyond what they promise is pretty much assured.  For that reason, the scare lede is, in many respects, somewhat misleading in itself:

The issue affects tens of millions of Facebook app users, including people who set their profiles to Facebook’s strictest privacy settings.

Note the passive voice.  The article isn’t saying that Facebook is sharing the information, but that the information is being shared.  But as you’ll see, the issue isn’t what Facebook is doing – the issue is whether or not by signing up for certain Facebook apps you are buying into practices that are forbidden by Facebook (“Facebook prohibits app makers from transferring data about users to outside advertising and data companies, even if a user agrees.”)  And in fact, when Facebook was informed by the Wall Street Journal of what was going on, the expected thing happened:

Most apps aren’t made by Facebook, but by independent software developers. Several apps became unavailable to Facebook users after the Journal informed Facebook that the apps were transmitting personal information; the specific reason for their unavailability remains unclear.

So should you be worried?  The answer, as with all things of this sort, is simple: of course! Engaging in social media communications (as a provider, as a user, or even a dilettante) is not a risk free activity: bad actors abound, just like in the real world.  Nothing is a risk free activity, and there are dangers lurking behind any activity from buying some groceries (slip and fall cases are common) to clicking on a link in an e-mail sent to you by a friend (phishing remains a both popular and effective means of stealing your most valuable data).  The key thing is to understand that the risks exist, and to act accordingly. 

Each time you sign up for an app, or expand your use, you are expanding the chance that something could go wrong with your data.  But the same risk exists each time you buy from a new store online, or engage in any new behavior with a new commercial partner.  But even in the case before us today, some Facebook users came out better than others:

The information being transmitted is one of Facebook’s basic building blocks: the unique “Facebook ID” number assigned to every user on the site. Since a Facebook user ID is a public part of any Facebook profile, anyone can use an ID number to look up a person’s name, using a standard Web browser, even if that person has set all of his or her Facebook information to be private. For other users, the Facebook ID reveals information they have set to share with “everyone,” including age, residence, occupation and photos.

In other words, if you set your privacy settings properly, the worst that happened was that your name was shared.  This is, obviously, not ideal, and the folks involved can and should be subject to the scrutiny that this practice will now receive.  However, your name is shared on mailing lists all the time.  Has anyone read the privacy policy for Amazon.com, or any other major online retailer recently?  This is not exactly a new phenomenon — data mining is, as I have mentioned repeatedly, the killer app of social media.  If you think that social media exists for charitable reasons, think again.

So, to sum things up, the key takeaway from the new Facebook privacy scare:

The company says it has disabled thousands of applications at times for violating its policies. It’s unclear how many, if any, of those cases involved passing user information to marketing companies.

In other words, Facebook is actually doing the right thing here, and has been doing the right thing for several months, but the system is not perfect, and many apps still do things that they shouldn’t.  So caveat emptor: if you want to ensure that your data is never shared, do not use electronic media.  At. All.  If you use electronic media, your data is at risk.  Period.  The only question is whether you (as a company) are doing the things you should do to make sure that your customer expectations are in line with what you’re actually doing with their data, and whether you (as an individual) understand what is being promised, and the risks that may apply.