Facebook Privacy
For many people, Facebook is the first stop in any web-surfing session. It has developed into a highly engaging combination of online bulletin board, personal scrapbook and group communication network. But did you ever wonder why, being all those things, Facebook is free?
Facebook really Isn’t free. The social network offers its service in exchange for the right to capture and collect demographic and preference data from its users. That data can be extremely valuable to marketers and advertisers because It’s highly detailed and personal.
The sheer amount of high quality user data on Facebook is causing everyone -from marketers to hackers – to salivate. They all want a piece of you. What’s more, people who are interested in your data are getting better access to it, thanks to Facebook’s Open Graph application programming Interface (API). This simplifies the development of third-party apps that Inter operate with Facebook,and social plug-ins, which splash the social network’s tike button all over the Internet.
Soon, everything you do on the web may integrate with the ‘social graph’ Facebook has created. Facebook is integrating user experiences on external sites with Its News Feed, transforming what used to be a solitary browsing experience into a sprawling network of connectivity. A visitor to a participating news or music-sharing site could be served up content upon arrival, based on previously stated preferences on Facebook or participating sites. The visitor could also see a list of Facebook friends who are already registered on the other site, and even any comments they’ve posted there.
One part of that strategy is Facebook’s Instant Personalization Pilot Program, which the social network introduced this spring. It served as a wake-up call for many users who had been ignoring the concerns of privacy watchdogs. In response, Facebook updated its privacy settings in late May.
Facebook’s plans are big, ambitious and may very well change the way we use the Internet. But the entire strategy is based on one aim: how to make more money from you. You might be surprised by how much your data is worth.
Unrestricted Access
Facebook has unrestricted access to everything you do relating to its site. In fact, its growing collection of profile data, preferences and connections is prompting experts to estimate the value of the site beyond the GDP of some countries.
SharesPost, a marketplace for shares in privately owned companies, suggested a value of $11.5bn (about £7.5bn) for Facebook, versus $1.4bn for Twitter and $1.3bn for LinkedIn.
“You’ve filled out the biggest survey in the world for Facebook, and you didn’t even know it,” says Cappy Popp. founder and principal of Thought Labs, whose Doorbell application is one of the top 100 most-used apps on Facebook. Speaking of the user data that Facebook could accumulate over the next few years, Popp says: “You can’t put a price on it because there’s never been anything like it!’
Embarrassing Updates
A quick look through youropenbook.org, a site that lets you search for embarrassing Facebook status updates, shows how many people set their accounts to broadcast status updates to everyone. And some Facebook status updates reveal far too much. For instance, a search for ‘drunk’ in Openbook’s search field yields status updates Such as “I’m pretty sure I’m Still drunk at work.” (Note that, despite its resemblance, Openbook is not part of Facebook.)
Are these updates just jokes? Are they statements taken out of context? They could be either. But slapped next to a name and profile picture, they create an impression -which could cost you.
Just ask Natalie Blanchard, who in November 2009 was fighting to have her health benefits reinstated by her employer’s insurance company. The Canadian woman was being treated for depression, but Manulife Financial questioned her health claim after seeing Facebook photos of Blanchard enjoying herself at a party.
Instant Personalization
In April, registered users of US music-streaming service Pandora and Facebook launched their favourite online radio station on Pandora’s site and discovered that they could now see which of their Facebook friends liked the artists and songs they were hearing.
For that to happen, the users either deliberately Or accidentally skipped the opt-out bar for Facebook’s Instant Personalization Pilot Program, for which Pandora, Yelp and Microsoft were launch partners. The same thing happened to readers of news website MSNBC, who were surprised to find information on stories recommended by their Facebook friends pop up on the news website.
Instant Personalization allows selected Facebook partner websites to access your data and tailor content to your tastes. With Instant Personalization activated, your Facebook information is available for access the moment you arrive on partner sites. When the programme launched in April, Facebook automatically activated it for all users. However, a privacy uproar forced the company to revise its policy. Instant Personalization is now optional. Pandora declined to be interviewed for this feature.
How Instant Personalization works
The implications of Instant Personalization are more serious than you discovering your colleague’s love for 1980s boy bands. Partner sites can work with Facebook to learn a lot more about you than what you tell them. According to Peter Eckersley, senior staff technologist at the Electronic Frontier Foundation, Instant Personalization partner sites use JavaScript code and Ajax calls to get personally identifying information about you from Facebook.
If you already had an account on the partner site, it Can now see your Facebook and account information at the same time.
“The Facebook partner sites would see the usual cookie that they set in your browser and the one that Facebook’s API constructs using Ajax simultaneously,” says Eckersley.”The design of the Facebook API clearly anticipates that the website will do this,”
Application developers
Facebook applications are fun. According to all facebook.com, which calls itself the ‘Unofficial Facebook Resource’, a variety of games – including FarmVille, Texas HoldEm Poker and Café World – make up more than half of the top 20 applications. However, fun comes at the cost of privacy, Once you accept an application on Facebook, it gets an all-access pass to your profile data. The application runs through an iframe, a widely used internet tool that lets a third-party site embed its content into Facebook. As a result, you’re sending data directly to the third-party application’s servers. Previously, that server was required to refresh its Facebook data every 24 hours, but, as of the April f8 conference, Facebook did away with that requirement. As a result, the outside parties can store user data for longer periods before replacing it.
“You’ve authorized that application to do whatever it wants to do,” says Popp. Even if you don’t use Facebook applications, your friends do. Unless you’ve gone into the ‘info accessible though your friends’ portion of Facebook’s ‘Applications, games and websites’ privacy settings, your friends are taking your profile information with them on their farming and gambling adventures – without your knowledge, but in most cases with your tacit consent.
Game applications are big business. FarmVille maker Zynga is reportedly valued at $4bn. What’s more, Facebook has just revamped its Insights dashboard, which page owners and application developers can use to obtain data and graphic visualizations about social plug-ins and integrated site content to better understand their return on investment for using Facebook.
Hackers and worms
Since the scheme is so new, it’s hard to know the worth Of data shared through Facebook’s Instant Personalization. In the wrong hands, such information could be heavily exploited.
A May article on tech website TechCrunch reported a proof-of-concept exploit on Yelp that grabbed Facebook addresses and other information. The exploit’s author was a security consultant looking to prove a point.Yelp, which declined to comment, patched the vulnerability. No user data was stolen. But other, genuine security threats are thriving on Facebook. The Koobface worm has been lurking since 2008. growing more sophisticated with its ability to create an account, be friend strangers and join groups.
At the end of May, hundreds of thousands of Facebook users encountered a click-jacking worm that duped them into ‘liking’ pages that led to the installation of malware for perpetuating the worm’s spread. “The biggest danger that I can see is that they get your login credentials,” says Beth Jones, senior threat researcher at SophosLabs. The intruders can gain access to information such as mobile phone numbers, partial credit-card numbers and billing addresses stored in the Payments section of Facebook’s account settings.
“That’s where some of the true value of stealing these login details comes in,” says Jones. “Attackers can start pulling off some really decent identity theft.” Identity theft can also occur when a snoop looks through Facebook profile data that privacy settings haven’t locked away.”Unfortunately, a lot of password-reset Questions are answered in your profile,”says the Electronic Frontier Foundation’s Kurt Opsahl.
How much are you worth?
Researchers at VeriSign’s iDefense recently reported that a hacker named Kirllos claimedhe had 1.5 million Facebook accounts for sale for a price of $20 to $45 per 1,000 accounts, depending on the number of contacts. According to a New York Times article, Facebook said its own investigation didn’t find the claim credible.
Marketers and advertisers
Companies selling everything from online dating services to coffee are thrilled that they can direct their advertising to Facebook’s 400 million users through nine key demographic and psychographic filters. “It offers the kind of targeting marketer shave been looking for years,” says Debra Aho Williamson, senior analyst for eMarketer.
Facebook privacy changes
In May, facing a fierce public backlash over privacy issues, Facebook offered three big changes to the way users can managetheir privacy. “We’ve focused on three things:a single control for your content, more powerful controls for your basic information and an easy control to turn off all applications,” said CEO Mark Zuckerberg on the official Facebook blog.
One simple control
Facebook has introduced a new Privacy Settings page to allow easier control over who sees the content you post. Using this setting, you can set the content you create on your Facebook page to either everyone, friends of your friends or just your friends. Settings for sharing your content also applies to Facebook products launched in the future.
Keeping info private
The second privacy update is one that gives you better control over the basic information you share with the larger Facebook community. One big difference is that you’ll be able to block people fromseeing your Facebook page and yourfriends’ pages. However, Zuckerbergpointed out: “We recommend that you make these settings open to everyone.Otherwise. people may not be able to find you, and that will make the site
less useful for you.” These controls are accessible via Basic Directory Information in theprivacy page settings area.
Third-party privacy
Facebook has also made it easier for you to close off access from third-party applications (such as games) and websites to your private information. Zuckerberg said Facebook has added “an easy way to turn off Platform completely. This will make sure that none of your information is shared with applications or websites.”
Controls over third-party access to your private information also extends to Facebook’s Instant Personalization. Already, partner sites can only see things you’ve made visible to everyone. It you want to prevent them from even seeing that, you can now easily turn off Instant Personalization completely.
Zuckerberg assures that these privacy changes are here to stay. “If you find these changes helpful, then we plan to keep this privacy framework for a longtime. That means you won’t need to worry about changes. Believe me, we’re probably happier about this than you are,”Zuckerberg said.
As much as these changes put more Privacy control into the hands of users,it’s hard to say if it will quieten privacy activists and angry Facebook users. Many have asked that Facebook require users to opt into data-sharing relationships rather than opting out.
Founder Mark Zuckerberg has come underfire for Facebook’s privacy policies
For many people, Facebook is the first stop in any web-surfing session. It has developed into a highly engaging combination of online bulletin board, personal scrapbook and group communication network. But did you ever wonder why, being all those things, Facebook is free?
Facebook really Isn’t free. The social network offers its service in exchange for the right to capture and collect demographic and preference data from its users. That data can be extremely valuable to marketers and advertisers because It’s highly detailed and personal.
The sheer amount of high quality user data on Facebook is causing everyone -from marketers to hackers – to salivate. They all want a piece of you. What’s more, people who are interested in your data are getting better access to it, thanks to Facebook’s Open Graph application programming Interface (API). This simplifies the development of third-party apps that Inter operate with Facebook,and social plug-ins, which splash the social network’s tike button all over the Internet.
Soon, everything you do on the web may integrate with the ‘social graph’ Facebook has created. Facebook is integrating user experiences on external sites with Its News Feed, transforming what used to be a solitary browsing experience into a sprawling network of connectivity. A visitor to a participating news or music-sharing site could be served up content upon arrival, based on previously stated preferences on Facebook or participating sites. The visitor could also see a list of Facebook friends who are already registered on the other site, and even any comments they’ve posted there.
One part of that strategy is Facebook’s Instant Personalization Pilot Program, which the social network introduced this spring. It served as a wake-up call for many users who had been ignoring the concerns of privacy watchdogs. In response, Facebook updated its privacy settings in late May.
Facebook’s plans are big, ambitious and may very well change the way we use the Internet. But the entire strategy is based on one aim: how to make more money from you. You might be surprised by how much your data is worth.
Unrestricted Access
Facebook has unrestricted access to everything you do relating to its site. In fact, its growing collection of profile data, preferences and connections is prompting experts to estimate the value of the site beyond the GDP of some countries.
SharesPost, a marketplace for shares in privately owned companies, suggested a value of $11.5bn (about £7.5bn) for Facebook, versus $1.4bn for Twitter and $1.3bn for LinkedIn.
“You’ve filled out the biggest survey in the world for Facebook, and you didn’t even know it,” says Cappy Popp. founder and principal of Thought Labs, whose Doorbell application is one of the top 100 most-used apps on Facebook. Speaking of the user data that Facebook could accumulate over the next few years, Popp says: “You can’t put a price on it because there’s never been anything like it!’
Embarrassing Updates
A quick look through youropenbook.org, a site that lets you search for embarrassing Facebook status updates, shows how many people set their accounts to broadcast status updates to everyone. And some Facebook status updates reveal far too much. For instance, a search for ‘drunk’ in Openbook’s search field yields status updates Such as “I’m pretty sure I’m Still drunk at work.” (Note that, despite its resemblance, Openbook is not part of Facebook.)
Are these updates just jokes? Are they statements taken out of context? They could be either. But slapped next to a name and profile picture, they create an impression -which could cost you.
Just ask Natalie Blanchard, who in November 2009 was fighting to have her health benefits reinstated by her employer’s insurance company. The Canadian woman was being treated for depression, but Manulife Financial questioned her health claim after seeing Facebook photos of Blanchard enjoying herself at a party.
Instant Personalization
In April, registered users of US music-streaming service Pandora and Facebook launched their favourite online radio station on Pandora’s site and discovered that they could now see which of their Facebook friends liked the artists and songs they were hearing.
For that to happen, the users either deliberately Or accidentally skipped the opt-out bar for Facebook’s Instant Personalization Pilot Program, for which Pandora, Yelp and Microsoft were launch partners. The same thing happened to readers of news website MSNBC, who were surprised to find information on stories recommended by their Facebook friends pop up on the news website.
Instant Personalization allows selected Facebook partner websites to access your data and tailor content to your tastes. With Instant Personalization activated, your Facebook information is available for access the moment you arrive on partner sites. When the programme launched in April, Facebook automatically activated it for all users. However, a privacy uproar forced the company to revise its policy. Instant Personalization is now optional. Pandora declined to be interviewed for this feature.
How Instant Personalization works
The implications of Instant Personalization are more serious than you discovering your colleague’s love for 1980s boy bands. Partner sites can work with Facebook to learn a lot more about you than what you tell them. According to Peter Eckersley, senior staff technologist at the Electronic Frontier Foundation, Instant Personalization partner sites use JavaScript code and Ajax calls to get personally identifying information about you from Facebook.
If you already had an account on the partner site, it Can now see your Facebook and account information at the same time.
“The Facebook partner sites would see the usual cookie that they set in your browser and the one that Facebook’s API constructs using Ajax simultaneously,” says Eckersley.”The design of the Facebook API clearly anticipates that the website will do this,”
Application developers
Facebook applications are fun. According to all facebook.com, which calls itself the ‘Unofficial Facebook Resource’, a variety of games – including FarmVille, Texas HoldEm Poker and Café World – make up more than half of the top 20 applications. However, fun comes at the cost of privacy, Once you accept an application on Facebook, it gets an all-access pass to your profile data. The application runs through an iframe, a widely used internet tool that lets a third-party site embed its content into Facebook. As a result, you’re sending data directly to the third-party application’s servers. Previously, that server was required to refresh its Facebook data every 24 hours, but, as of the April f8 conference, Facebook did away with that requirement. As a result, the outside parties can store user data for longer periods before replacing it.
“You’ve authorized that application to do whatever it wants to do,” says Popp. Even if you don’t use Facebook applications, your friends do. Unless you’ve gone into the ‘info accessible though your friends’ portion of Facebook’s ‘Applications, games and websites’ privacy settings, your friends are taking your profile information with them on their farming and gambling adventures – without your knowledge, but in most cases with your tacit consent.
Game applications are big business. FarmVille maker Zynga is reportedly valued at $4bn. What’s more, Facebook has just revamped its Insights dashboard, which page owners and application developers can use to obtain data and graphic visualizations about social plug-ins and integrated site content to better understand their return on investment for using Facebook.
Hackers and worms
Since the scheme is so new, it’s hard to know the worth Of data shared through Facebook’s Instant Personalization. In the wrong hands, such information could be heavily exploited.
A May article on tech website TechCrunch reported a proof-of-concept exploit on Yelp that grabbed Facebook addresses and other information. The exploit’s author was a security consultant looking to prove a point.Yelp, which declined to comment, patched the vulnerability. No user data was stolen. But other, genuine security threats are thriving on Facebook. The Koobface worm has been lurking since 2008. growing more sophisticated with its ability to create an account, be friend strangers and join groups.
At the end of May, hundreds of thousands of Facebook users encountered a click-jacking worm that duped them into ‘liking’ pages that led to the installation of malware for perpetuating the worm’s spread. “The biggest danger that I can see is that they get your login credentials,” says Beth Jones, senior threat researcher at SophosLabs. The intruders can gain access to information such as mobile phone numbers, partial credit-card numbers and billing addresses stored in the Payments section of Facebook’s account settings.
“That’s where some of the true value of stealing these login details comes in,” says Jones. “Attackers can start pulling off some really decent identity theft.” Identity theft can also occur when a snoop looks through Facebook profile data that privacy settings haven’t locked away.”Unfortunately, a lot of password-reset Questions are answered in your profile,”says the Electronic Frontier Foundation’s Kurt Opsahl.
How much are you worth?
Researchers at VeriSign’s iDefense recently reported that a hacker named Kirllos claimedhe had 1.5 million Facebook accounts for sale for a price of $20 to $45 per 1,000 accounts, depending on the number of contacts. According to a New York Times article, Facebook said its own investigation didn’t find the claim credible.
Marketers and advertisers
Companies selling everything from online dating services to coffee are thrilled that they can direct their advertising to Facebook’s 400 million users through nine key demographic and psychographic filters. “It offers the kind of targeting marketer shave been looking for years,” says Debra Aho Williamson, senior analyst for eMarketer.
Facebook privacy changes
In May, facing a fierce public backlash over privacy issues, Facebook offered three big changes to the way users can managetheir privacy. “We’ve focused on three things:a single control for your content, more powerful controls for your basic information and an easy control to turn off all applications,” said CEO Mark Zuckerberg on the official Facebook blog.
One simple control
Facebook has introduced a new Privacy Settings page to allow easier control over who sees the content you post. Using this setting, you can set the content you create on your Facebook page to either everyone, friends of your friends or just your friends. Settings for sharing your content also applies to Facebook products launched in the future.
Keeping info private
The second privacy update is one that gives you better control over the basic information you share with the larger Facebook community. One big difference is that you’ll be able to block people fromseeing your Facebook page and yourfriends’ pages. However, Zuckerbergpointed out: “We recommend that you make these settings open to everyone.Otherwise. people may not be able to find you, and that will make the site
less useful for you.” These controls are accessible via Basic Directory Information in theprivacy page settings area.
Third-party privacy
Facebook has also made it easier for you to close off access from third-party applications (such as games) and websites to your private information. Zuckerberg said Facebook has added “an easy way to turn off Platform completely. This will make sure that none of your information is shared with applications or websites.”
Controls over third-party access to your private information also extends to Facebook’s Instant Personalization. Already, partner sites can only see things you’ve made visible to everyone. It you want to prevent them from even seeing that, you can now easily turn off Instant Personalization completely.
Zuckerberg assures that these privacy changes are here to stay. “If you find these changes helpful, then we plan to keep this privacy framework for a longtime. That means you won’t need to worry about changes. Believe me, we’re probably happier about this than you are,”Zuckerberg said.
As much as these changes put more Privacy control into the hands of users,it’s hard to say if it will quieten privacy activists and angry Facebook users. Many have asked that Facebook require users to opt into data-sharing relationships rather than opting out.
Founder Mark Zuckerberg has come underfire for Facebook’s privacy policies
