• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Facebook gets poked in latest privacy gaffe

AdrianH

Active member
#1
http://www.theregister.co.uk/2010/10/18/facebook_apps_privacy_breach/


'No personal details were used. But we're changing our tech anyway... *****'

By Kelly Fiveash •

Posted in ID, 18th October 2010 11:28 GMT

Facebook’s privacy rules aren’t as watertight as the company would have its users believe, after the Wall Street Journal uncovered that some of the social network’s most popular apps have siphoned off personal information to ad firms and internet tracking outfits.

According to the report, many Facebook apps have transmitted identifiable details about individual users to around 25 companies, in effect breaking the terms laid down by the Mark Zuckerberg-run website.


The privacy breach, which gives advertising and internet tracking firms access to people’s names, affects a huge number of Facebook app users........ (more)
 
#4
Honestly, I fail to see how facebook is responsible for developers of third party apps.
Did facebook make the apps? If so, then yes, they're responsible. Otherwise, how are they responsible?
Seems to me everyone's jumping down FB's throat, criticizing them, sometimes rightly, but most of the time incorrectly. Facebook has become the new 'punching bag'. Wonder who will take over for them next.
 

Elizabeth

Well-known member
#5
Honestly, I fail to see how facebook is responsible for developers of third party apps.
Did facebook make the apps? If so, then yes, they're responsible. Otherwise, how are they responsible?
Seems to me everyone's jumping down FB's throat, criticizing them, sometimes rightly, but most of the time incorrectly. Facebook has become the new 'punching bag'. Wonder who will take over for them next.
FB made a promise that the privacy would be safeguarded. So it is the one rightfully getting the black eye in this case. If they hadn't gone on record as stating the software didn't have these issues, it wouldn't be in such a pickle.
 
#6
FB made a promise that the privacy would be safeguarded. So it is the one rightfully getting the black eye in this case. If they hadn't gone on record as stating the software didn't have these issues, it wouldn't be in such a pickle.
So, by your ideals, the php group is responsible for every bad php program, Larry Wall is responsible for every bad perl/cgi script? Not so. Facebook only releases the platform to developers to use. They're not responsible for irresponsible, or incompetent developers. Now, if they did nothing about it, then by all means, they should be held responsible, but they've already publicly chastised these developers. "I didn't know" has never been a valid defense.
 

Elizabeth

Well-known member
#7
Facebook only releases the platform to developers to use. They're not responsible for irresponsible, or incompetent developers. Now, if they did nothing about it, then by all means, they should be held responsible, but they've already publicly chastised these developers. "I didn't know" has never been a valid defense.
When they post this in their "Privacy", yes, I do:
Buttons and boxes containing Facebook content may appear on other websites to create more social experiences for you. The sites you're visiting receive none of your information. The content in these social plugins comes directly from Facebook. If you click "Like" or make a comment using a social plugin, your activity will be published on Facebook and shown to your Facebook friends who see a plugin on the same site. The things you like may also appear on your profile (you can control this in Basic Directory Information).
 
#8
And where does that say anything about apps ? What an app developer does with your info is solely up to the app developer.

What they're referring to in your quote is specifically content for other pages, such as the 'like this' button, or 'share this' button, etc, and, of course, nothing gets passed to other sites that way. Your id, email, etc, nothing get sent to the page itself, it's all developed by Facebook and managed by them.

Contrary to this policy, apps do much more, because they need to do much more. A mere 'like' passes one bit of information to the facebook page, while an app actually stores information such as credits, usernames you may have associated with the app, other associations such as email (yes, if you use an app, you give them your email), etc. They are responsible for handling this sensitive data properly.
 

Elizabeth

Well-known member
#10
And where does that say anything about apps ? What an app developer does with your info is solely up to the app developer.

What they're referring to in your quote is specifically content for other pages, such as the 'like this' button, or 'share this' button, etc, and, of course, nothing gets passed to other sites that way. Your id, email, etc, nothing get sent to the page itself, it's all developed by Facebook and managed by them.

Contrary to this policy, apps do much more, because they need to do much more. A mere 'like' passes one bit of information to the facebook page, while an app actually stores information such as credits, usernames you may have associated with the app, other associations such as email (yes, if you use an app, you give them your email), etc. They are responsible for handling this sensitive data properly.
IF you read that page, you would notice that that what I quoted is listed next to "Social plugins".

There is also this under Social Applications:
Control with applications
Applications can only see information you've already made visible to everyone. To access more, applications have to ask for permission for each piece of information, and it can only be information that's needed for them to work.
Bolding is mine.

Botton line, FB knows it messed up.
 
#11
Again, this isn't Facebook.
Does the application need your uid to work? Absolutely. This is a unique identifier that an application must have to work.
At the core of the problem is this, very simply put. We'll use Farmville as an example, since it's one of the apps that is in question here:

Farmville sets up your farm, using your unique identifier.
Once you login to farmville and play for a while, they transfer this unique identifier to a 3rd party, an advertiser.
That advertiser then uses this information to mine your data, even private data.

Where, exactly is Facebook involved here? Did Facebook, somehow, transfer your data without your permission? No, Farmville did. Did Facebook sell your data? No, Farmville did. What DID Facebook do? Facebook said "hey, we have this development platform that you can use to create cool games". Unfortunately, as with every programming language, idiots came out and ruined it for everyone else.

Now, I'm not saying Facebook is completely great or 100% innocent of anything, but to lay the blame for application leaks on Facebook is like laying the blame for formmail exploits on Larry Wall (since most formmail scripts are perl). The developer is responsible for handling your information in a responsible manner
 

Jethro

Well-known member
#12
Again, this isn't Facebook.
Does the application need your uid to work? Absolutely. This is a unique identifier that an application must have to work.
At the core of the problem is this, very simply put. We'll use Farmville as an example, since it's one of the apps that is in question here:

Farmville sets up your farm, using your unique identifier.
Once you login to farmville and play for a while, they transfer this unique identifier to a 3rd party, an advertiser.
That advertiser then uses this information to mine your data, even private data.

Where, exactly is Facebook involved here? Did Facebook, somehow, transfer your data without your permission? No, Farmville did. Did Facebook sell your data? No, Farmville did. What DID Facebook do? Facebook said "hey, we have this development platform that you can use to create cool games". Unfortunately, as with every programming language, idiots came out and ruined it for everyone else.

Now, I'm not saying Facebook is completely great or 100% innocent of anything, but to lay the blame for application leaks on Facebook is like laying the blame for formmail exploits on Larry Wall (since most formmail scripts are perl). The developer is responsible for handling your information in a responsible manner
Dude Liz has quoted the exact place FB stated information would not be made available by apps, yet you are still arguing that what they stated need not apply to them! I'm pretty sure Larry Wall never once stated that derivatives or add-ons to his script would never have exploits via third party releases, that's in essence what FB have tried to claim.
 
#13
Dude Liz has quoted the exact place FB stated information would not be made available by apps, yet you are still arguing that what they stated need not apply to them!
Nowhere did FB say "data will not be made available by apps". It stated "only certain data (that necessary) will be made available TO apps". The difference is astounding. Apps MUST have your uid to work. If you don't have any familliarity with something, please, don't respond. The apps passing the UID off is the problem. Facebook isn't the problem, the apps and their developers are!

Larry Wall never once stated that derivatives or add-ons to his script would never have exploits via third party releases, that's in essence what FB have tried to claim.
Where? Do tell WHERE facebook has claimed "no addon application will have exploits". Just because you interpret something that way doesn't mean that it isn't so.
FB stated apps will have only the data necessary to do their job. Well, they only have that data.
FB stated apps will require permission to have said data. Well, they do.

What, exactly do you want Facebook to do? Shut down all apps because of a few tools that don't know how to develop properly?

Again, this is like saying php is responsible for someone's crappy coding. No, php ISN'T responsible because someone can't code properly. Nor, for that matter is Facebook responsible because of someone's unethical transactions. These people (developers) mined this data and SOLD it to individuals. Facebook didn't do this, in fact, they chewed them out for it!

What, exactly did Facebook do wrong here?
 

Jethro

Well-known member
#14
Nowhere did FB say "data will not be made available by apps". It stated "only certain data (that necessary) will be made available TO apps". The difference is astounding. Apps MUST have your uid to work. If you don't have any familliarity with something, please, don't respond. The apps passing the UID off is the problem. Facebook isn't the problem, the apps and their developers are!


Where? Do tell WHERE facebook has claimed "no addon application will have exploits". Just because you interpret something that way doesn't mean that it isn't so.
FB stated apps will have only the data necessary to do their job. Well, they only have that data.
FB stated apps will require permission to have said data. Well, they do.

What, exactly do you want Facebook to do? Shut down all apps because of a few tools that don't know how to develop properly?

Again, this is like saying php is responsible for someone's crappy coding. No, php ISN'T responsible because someone can't code properly. Nor, for that matter is Facebook responsible because of someone's unethical transactions. These people (developers) mined this data and SOLD it to individuals. Facebook didn't do this, in fact, they chewed them out for it!

What, exactly did Facebook do wrong here?
Do you even read people's posts?
 

BlackJacket

Well-known member
#15
What i want to know is why twhiting9275 is being so defensive over Facebook?

Facebook is a social networking platform that gives it's user a place to connect and share information with other people. Facebook has implemented several safeguards to make sure your personal data is not shared with anyone you do not want them to share it with. In all fairness, everytime you visit an app, it tells you that it will access certain information from your profile. You can either accept or deny.

While i do think twhiting is a little over dramatic with his tone, I do agree that Facebook should hold little legal obligations with regards to third party applications and their use of your personal information. I do think that Facebook should implement tougher policies for applications that distribute your personal information without your consent.
 

Jethro

Well-known member
#16
What i want to know is why twhiting9275 is being so defensive over Facebook?

Facebook is a social networking platform that gives it's user a place to connect and share information with other people. Facebook has implemented several safeguards to make sure your personal data is not shared with anyone you do not want them to share it with. In all fairness, everytime you visit an app, it tells you that it will access certain information from your profile. You can either accept or deny.

While i do think twhiting is a little over dramatic with his tone, I do agree that Facebook should hold little legal obligations with regards to third party applications and their use of your personal information. I do think that Facebook should implement tougher policies for applications that distribute your personal information without your consent.
BlackJacket I take your point here but as Liz posted FB claimed something, apparently an add-on breaches what they claim, FB deserve to be racked over the coals for it. My point, which I didn't make obvious, is most software vendors (including giants like IBM) put limitations on their liabilities, when you don't then you are going to get a whole bunch of trouble. FB are quite rightly being confronted over a claim they have made that is demonstratively false. Be interesting to see where this goes.

What i want to know is why twhiting9275 is being so defensive over Facebook? +1
 
#17
What i want to know is why twhiting9275 is being so defensive over Facebook?
I'm just tired of the "Facebook is evil" crap going around, people associating something that is not Facebook's responsibility with Facebook itself. They're no innocent party in everything, but that doesn't mean that people have to go around blaming Facebook for crap that isn't even their fault, or responsibility.

I fully agree they need to get on these devs that do this, and they are in the process of doing so, but, really, nobody's shown that this is even Facebook's problem, or they had anything to do with it. However, it's instantly 'Facebook is evil', 'Facebook is bad', 'It's Facebook's fault'. No, no, and no. A better example here:

This forum has a Facebook application, as most do now. If you look at my profile (go ahead, I won't bite), you'll see information obtained, such as birthday, where I'm from, how old I am, avatar, whether I'm male or female (hopefully male, at least last time I checked;)). You don't get my name, but believe it or not, that's available through the platform as well, as is the email (how do you think I get notified of replies? ). Now, did Facebook violate my privacy by giving that to Xenforo? Absolutely not! I had to check "Allow this application to obtain this information" in order for it to be transmitted. The same information is transmitted to any and every application that uses the FB platform which I subscribe to (not many lately). This isn't done without consent, but with it.

Now, what do those applications do with that data? It's entirely possible that Xenforo (though unlikely, I'm sure) could sell the data to some 3rd party company. Is that Facebook's problem? No. Did Facebook make me give my data? No. So, apparently, Facebook is 'evil', because 3rd party vendor that they have no control over is selling data mined from Facebook, with the user's permission, mind you. Is it the user's fault that their data was sold? Absolutely not. That responsibility lies solely on the company that sold the data in the first place, not Facebook, not the user, but the company developing the apps.
 
#19
FB claimed something, apparently an add-on breaches what they claim, FB deserve to be racked over the coals for it
Nothing breaches that claim. The app is given what the app needs to do it's job. If you're curious just WHAT information is usable by an app, it's never been hidden, just look here, at their API . All the essential data is there, very easily usable and obtainable by any app. Once you give it permission to use your data, it's all theirs!
 

Jethro

Well-known member
#20
I'm just tired of the "Facebook is evil" crap going around, people associating something that is not Facebook's responsibility with Facebook itself. They're no innocent party in everything, but that doesn't mean that people have to go around blaming Facebook for crap that isn't even their fault, or responsibility.

I fully agree they need to get on these devs that do this, and they are in the process of doing so, but, really, nobody's shown that this is even Facebook's problem, or they had anything to do with it. However, it's instantly 'Facebook is evil', 'Facebook is bad', 'It's Facebook's fault'. No, no, and no. A better example here:

This forum has a Facebook application, as most do now. If you look at my profile (go ahead, I won't bite), you'll see information obtained, such as birthday, where I'm from, how old I am, avatar, whether I'm male or female (hopefully male, at least last time I checked;)). You don't get my name, but believe it or not, that's available through the platform as well, as is the email (how do you think I get notified of replies? ). Now, did Facebook violate my privacy by giving that to Xenforo? Absolutely not! I had to check "Allow this application to obtain this information" in order for it to be transmitted. The same information is transmitted to any and every application that uses the FB platform which I subscribe to (not many lately). This isn't done without consent, but with it.

Now, what do those applications do with that data? It's entirely possible that Xenforo (though unlikely, I'm sure) could sell the data to some 3rd party company. Is that Facebook's problem? No. Did Facebook make me give my data? No. So, apparently, Facebook is 'evil', because 3rd party vendor that they have no control over is selling data mined from Facebook, with the user's permission, mind you. Is it the user's fault that their data was sold? Absolutely not. That responsibility lies solely on the company that sold the data in the first place, not Facebook, not the user, but the company developing the apps.
Once again I would point to Liz's pertinent quote from FB's own site in regards to plugins. Clearly it is not correct and is misleading. I don't have anything to do with FB, am uninterested in the product, but when they say something that is obviously false then they deserved to get a smack for making misleading statements.

Applications can only see information you've already made visible to everyone. To access more, applications have to ask for permission for each piece of information, and it can only be information that's needed for them to work.



Are you saying FB can post whatever they like on their site and not be held accountable for it?

Any company that claims private information will not be made available to third parties is also likely to get a backlash if that information does get out to third parties regardless of the means of that leak.