Facebook apps: Slightly more private, still too spammy
Facebook apps now let you know how much of your data they're sucking down. The real problem is the apps themselves.
You probably haven’t noticed yet, but Facebook just made itself a scosh more private this week. You might assume this was in response to that letter a dozen privacy groups sent to Facebook last month. You’d be wrong. It was actually in response to requests made by the Office of the Privacy Commissioner in Canada. Last August. Yes, that’s right, almost a year ago.
And people think Facebook doesn’t give a damn about their privacy. That ought to show them.
[ See also: Facebook's privacy controls are seriously broken ]
What are these changes, exactly? As Facebook’s Brett Taylor describes in a blog post, Facebook has added a spankin’ new authorization process when you install an app:
“With this new authorization process, when you log into an application with your Facebook account, the application will only be able to access the public parts of your profile by default. To access the private sections of your profile, the application has to explicitly ask for your permission.”
What this means in practical terms: If the app wants access to more information than what any stranger can find by searching for you by name, it needs to toss up a splash screen asking for permission. Like this one for FamilyTree:
FamilyTree also tosses up other permission screens as well – like when it wants to post something to your wall or access your news feed.
Hey, that’s an improvement, isn’t it? Well, actually, no. Not much anyway. Your choice is the same as it was back when these apps accessed this information without telling you; either you accept these restrictions and install the app, or you don’t and you decline. There’s no way to say ‘yes, you can have your way with this information you saucy little app, but you can’t access that information.’ It’s kind of like being pregnant; either you is or you ain’t.
The problem here is not really Facebook. It’s the spammy, obnoxious nature of the apps Facebook has encouraged to breed like bacteria. Let’s take FamilyTree. By itself, it’s not so bad. But literally moments after I installed the app I was shown a pop-up ad urging me to install another app sponsored by Progressive Insurance called Progressive Pets.
Want to avoid installing this app? Avoid the big blue Continue button in the center of the screen and seek out the tiny X in the upper left corner to close the window. Not exactly user friendly.
But wait, we’re not done. At the bottom of the FamilyTree page is an ad for yet another app, only it’s not labeled in any way and it’s designed to look like part of FamilyTree. Click “Continue” (assuming it’s the logical next step to using FamilyTree) and you end up installing an app called ZooWorld, one of the many operated by a company called RockYou.
Deceptive and obnoxious? Yes, but it’s worse than that. RockYou made headlines last December when it (reluctantly) revealed it had been hacked, revealing the names and email addresses of 32 million Facebook and MySpace users foolish enough to install its apps. Turns out that RockYou was storing these user log-ons totally unprotected, in a plain text file on a server attached to the Net. Because, apparently, the people at RockYou are total idiots. They got sued over that smooth move.
RockYou apologized and claims it now follows less brain-dead security procedures. But would you trust them with you data? I wouldn’t. I certainly would not install any of their apps.
The bigger point: Permissions aren’t the problem. Spammy apps run by sleazy companies are the problem. Instead of tossing up more pointless splash screens, Facebook needs to start doing a better job of policing its apps. And maybe they will. Given the pace at which Facebook seems to move, that shouldn’t take more than 4 or 5 years.
ITworld TY4NS blogger Dan Tynan makes a point of avoiding Facebook apps and thinks you should too (but he knows you won’t). Catch his brand of juvenile geek humor at eSarcasm or follow him on Twitter: @tynan_on_tech.