MySpace, Facebook applications can pose security risk
Chicago ? Sarah Brown is unusually cautious when it comes to social networking.
The college sophomore doesn’t have a MySpace page and, while she’s on Facebook, she does everything she can to keep her page as private as she can.
“I don’t want to have to worry about all the different online scandals and problems,” says Brown, an education major at St. Joseph College in Connecticut. She’d like to control her personal information and keep it out of the hands of identity thieves or snooping future employers. “It’s just common sense.”
It sounds like her info is locked down and airtight. But is it?
Turns out, even the privacy-conscious Sarah Browns of the world freely hand over personal information to perfect strangers. They do so every time they download and install what’s known as an “application,” one of thousands of mini-programs on a growing number of social networking sites that are designed by third-party developers for anything from games and sports teams to trivia quizzes and virtual gifts.
Brown, for instance, has installed applications on her Facebook page for Boston Bruins fans and another that allows her to post “bumper stickers” on her own page and those of her friends. It’s a core way to communicate on social networking sites, which allow friends to create pages about themselves and post photos and details about their lives and interests.
People often think Facebook profiles and sometimes MySpace pages, if they’re set as private, are only available to friends or specific groups, such as a university, workplace, or even a city.
But that’s not true if they use applications. On Facebook, for instance, applications can only be downloaded if a user checks a box allowing its developers to “know who I am and access my information,” which means everything on a profile, except contact info. Given little thought, agreeing to the terms has become a matter of routine for the nearly 70 million Facebook users worldwide who use applications to spruce up their pages and to flirt, play and bond with friends online.
News Corp.’s MySpace, which has about 117 million unique visitors each month, recently added an applications platform, giving developers access to the profiles of anyone who downloads them. Unlike Facebook, though, MySpace users don’t have to include their names on their profiles.
Information flying around
So what do these third-parties do with the information? Sometimes, they use it to connect users with similar interests. Sometimes, they use it to target ads, based on demographics such as gender and age (something Facebook and MySpace also do).
Facebook and MySpace say they hold application developers to strict standards – and boot them if they don’t comply. They also point out that some information, such as e-mail addresses and phone numbers, aren’t made available.
But experts who track online security issues think there’s too much personal information flying around out there, with few guarantees that it’s safe. They also think social networkers have little understanding where their information goes and how it’s used – and as a result, have a false sense of security.
“I suspect that there’s a whole lot of clicking without a lot of thinking,” says Mary Madden, a senior research specialist at the Pew Internet & American Life Project who studies privacy issues. “So much of this sharing happens in a way that users don’t see the consequences. It’s kind of a big, black hole.”
Part of the risk stems from Facebook applications being created by anyone, some of them tech-related companies and others individuals with know-how. And they could be anywhere in the world, as is Jayant Agarwalla, co-founder of Facebook’s popular Scrabulous application, a takeoff on the game Scrabble.
Reached by e-mail, he says Scrabulous does use demographic information to target ads that show up as a person plays the game. But Agarwalla, who’s based in India, stresses that that information is provided in “real time” and not stored. “In my humble opinion, users have nothing to worry about,” he says.
Some would argue that it’s much like trusting an online vendor with your credit card information.