More news about Adrienne Felt’s Facebook Privacy Work

14 June 2008

Kim Hart has written an article covering Adrienne Felt’s study of privacy issues with Facebook applications: A Flashy Facebook Page, at a Cost to Privacy: Add-Ons to Online Social Profiles Expose Personal Data to Strangers, The Washington Post, 12 June 2008.

Ben Ling, director of Facebook’s platform, said that developers are not allowed to share data with advertisers but that they can use it to tailor features to users. Facebook now removes applications that abuse user data by, for example, forcing members to invite all of their friends before they can use it.

“When we find out people have violated that policy, there is swift enforcement,” he said.

But it is often difficult to tell when developers are breaking the rules by, for example, storing members’ data for more than 24 hours, said Adrienne Felt, who recently studied Facebook security at the University of Virginia.

She examined 150 of the most popular Facebook applications to find out how much data could be gathered. Her research, which was presented at a privacy conference last month, found that about 90 percent of the applications have unnecessary access to private data.

“Once the information is on a third-party server, Facebook can’t do anything about it,” she said. Developers can use it to provide targeted ads based on a member’s gender, age or relationship status.

The article also appeared in MSNBC, the Kansas City Star, the Los Angeles Times (Facebook widgets pose privacy risks:Users often give away their personal data and that of friends without knowing when they install the popular social network programs), the Austin American-Statesman (Social networking applications could become a privacy headache), and the Washington Post’s Express edition (FreeRide Lunchtime Reading: Who’s Getting in Your Facebook?).