News

Study shows dangers in Facebook apps

By Amanda Wilczynski  |  Feb 11, 2008

Each day, students are bombarded with requests to become a Greek god, a Disney princess, and the biggest brain — on Facebook, that is. Over 15,000 Facebook applications exist today, offering a variety of capabilities to the social networking website. However, according to a new study from the University of Virginia, users risk losing their privacy by simply rating their 10 hottest friends or discovering their ideal desperate housewife.

The survey found that among the 150 most popular third-party Facebook plugins, 90.7 percent have access to unnecessary private data.

Facebook has over 62 million users, and, until recently, was purely for social networking. However, when Facebook developers expanded the site to include user-created applications in May 2007, a whole new world opened up.

Facebook applications take the form of quizzes, word games, jigsaw puzzles, and bumper stickers, among other varieties.

Adrienne Felt, a senior computer science major at the University of Virginia, led a research project dealing with the privacy issues surrounding the most popular Facebook applications.

Felt found that only 8.7 percent took no information, 82 percent took public information, and only 9.3 percent actually needed private information such as a birth date in order to run correctly, despite the 90.7 percent with unneccessary access.

“I personally don’t feel unsafe using applications,” said Lizzy Madden, a sophomore public policy and management major and Facebook user. “They are not any different from the other parts of Facebook.”

However, the study from Virginia shows that these applications are indeed different from other parts of the social network.

A Facebook profile and public listing is subject to a number of safety constraints, none of which are present in applications.

Facebook allows users to make decisions such as what appears on profile pages, who can view photos, and exactly how much information is visible in public listings.

However, in terms of Facebook applications, a student has no choice as to what information is being shared. When a user chooses to add an application, the developer can access his or her personal information.

“I had no idea applications could view that kind of information,” Madden said. “It’s scary to think that some random person could find out my birth date or home address.”

Facebook’s Terms of Use agreement informs developers not to misuse private information, yet has no means of preventing them from doing so. There are no indicators as to when a developer plans to or may be accessing private information.

Facebook officials defended their policies.

“By limiting developers’ access to user data, Facebook would be limiting the types of useful applications that can be built,” said a spokesperson from Facebook in a press release.

B.J. Fogg, director of Stanford University’s Persuasive Technology Lab, co-teaches a course at the university about developing Facebook applications.

“Like most things in the world, it is a trade-off, and the risks are low compared to the benefits,” he said in The Chronicle of Higher Education.

However, some people remained unconvinced.

“The Facebook privacy policy always seemed unsatisfactory to me,” Felt said in a press release.
Although it is unknown as to whether any application developers have misused private data yet, Felt said in an e-mail interview, “I find it unsettling to know that my personal information and interests are available in an uncontrolled arena.”

According to Felt, the fact that it has not happened yet does not mean it will not.

Felt’s research is nowhere near complete as she continues to examine means of safety prevention every day.

She has developed a privacy-by-proxy system that will allow Facebook to conceal a user’s private information while allowing applications to run without any obvious changes.

Under the system, Facebook would provide the outside server with a random series of letters instead of the user’s personal information.

However, until Felt’s system or similar privacy settings can be fully applied to applications, Felt advises students to be cautious when choosing what new application to add.

Felt advised students, “Don’t just add random Facebook applications! Look on the ‘about’ page to see who runs and owns it. Remember that you’re giving them access to information just like they were your friend.