The social networking site Facebook has been under scrutiny lately for lax security with its applications feature. Applications in Facebook are created by third-party software developers and are run on third-party servers. These applications can take many forms – a quiz, a game, or just another way to reach out to friends – but the common feature in all is that they allow software developers to access Facebook users’ personal data.
And while Facebook says it advises its users to “employ…precautions” when downloading applications, any Facebook user will tell you that most applications simply won’t work if you don’t agree to give the developer access to your information.
BBC’s technology program Click decided to test out this security flaw by creating its own Facebook application meant solely to “steal the personal details of you and all your Facebook friends without you knowing”. The application took them three hours to create and allowed them to not only collect personal information about the Facebook user who had downloaded the application, but all of his friends as well.
Click’s experiment suggests that the concerns of privacy advocates (including those of us at the Office of the Privacy Commissioner) that the applications feature on Facebook exposes users to significant privacy risks, are warranted. As well, the collection and use of this data by third-party developers could mean that some developers aren’t complying with PIPEDA, Canada’s private sector privacy legislation.
Something to think about the next time you feel like throwing a sheep.