02/5/08
We wrote an evil data mining application called Miner, which, if we wanted, could masquerade as a game, a test, or a joke of the day. It took us less than three hours.
But whatever it looks like, in the background, it is collecting personal details, and those of the users’ friends, and e-mailing them out of Facebook, to our inbox.
When you add an application, unless you say otherwise, it is given access to most of the information in your profile. That includes information you have on your friends even if they think they have tight security settings.
Did you know that you were responsible for other people’s security?
So basically, security settings do absolutely nothing. If one of your friends is even just a bit lax about privacy and is into adding applications, there’s a chance your data could be harvested.
I don’t mean to fear-monger, but this seems to be quite a real risk, especially now that BBC has demonstrated just how easy it is to create a dangerous Facebook app.
Facebook has responded to the BBC article, saying:
Facebook has an entire Investigations Team that watches the site and removes content and third-party applications that violate Facebook’s Terms of Use.
An interesting comment on the Consumerist thread about this points out how this non-response is just like the way some banks act:
Farcebook’s response sounds like some banks who refused to refund money to customers. People were robbed at ATMs, some on surveillance cameras, and the banks’ responses were, “It was a legitimate transaction, so what happened after isn’t our concern.”
This sounds exactly the same to me.
________
BBC News: Identity “at risk” on Facebook
BBC News: Facebook Response
The Consumerist: The BBC Writes Application That Steals Personal Info From Facebook
