That Facebook app is not your friend

You think Facebook's privacy protections are lacking? A bigger problem is Facebook apps.

People like me like to complain whenever Facebook does something that makes its once relatively private social network not so private any more. (As it has about 387 times since it opened its doors beyond colleges and high schools in late 2006.) But the worst offender isn't Facebook, its the apps that live and run on top of it.

Mind you, not all Facebook apps are bad, just a lot of them. And they can bite you even if you've never installed one. Here's an example that happened to some friends of mine involving a particularly brain-dead application called "Lover of the Day."

The premise of LOTD is mind numbingly simple. Install the app, and every day it nominates a new person at random from your friends to be your "lover of the day." Male, female, animal, mineral, or vegetable -- it doesn't make any distinction. You can control its selection if you want, but it can also run completely on its own by default. That's where things get sticky.

lover of the day install screen

For example: A middle schooler of my acquaintance (I'll call him John) installed Lover of the Day on his page and apparently accepted all its default settings. So the app nominated someone at random from John's list of friends and announced to everyone that "Mary White" is his Lover of the Day.

The problem? Mary White happens to be a teacher at his school. He's 13, she's 33. Mind you, both live in a town where three female middle-school teachers have been prosecuted for having sex with underage boys over the past three years.

So imagine how Mary White felt when she saw this. Actually, you don't have to imagine -- she was understandably furious. To her point of view, some student has suddenly declared to everyone on Facebook that she and this boy are lovers. That's really all you need to destroy someone's career. She didn't ask to be included in his app; it just happened. And it happened because of how Facebook allows applications to access your information.

When you install an app, Facebook allows it the same access rights that you give to Facebook itself. So if you accept the defaults Facebook provides, the app can access a huge amount of information about you:

application sharing on facebook

You can control what data an app can access, but it's not exactly obvious. You need to log into Facebook and go into your Account, then Privacy Settings, then Applications and Websites, then the "Edit Settings" button under "What your friends can share about you." And then you can start unselecting things.

Facebook's Statement of Rights and Responsibilities also requires apps to "have a privacy policy or otherwise make it clear to users what user data you are going to use and how you will use, display, or share that data." But they don't appear to police this at all. Lover of the Day's policy reads like it was written a 12-year-old non-native speaker of English. Here it is, in toto:

LOTD privacy policy

FYI, Lover of the Day has been installed by more than 700,000 Facebook users.

Fortunately, I watched the whole incident unfold from the beginning and was able to calm Mary down while convincing John to get rid of that application pronto, before he ended up getting suspended from school. (The middle schools where I live are totally freaked out about how to deal with Facebook and bullying; a three-day suspension is standard for even a minor social network offense.)

The lesson here: If you must use Facebook apps (and personally, I have no use for 99.999% of them) check your privacy settings and the app's own privacy policy first. I'll bet you don't like what you find.

When not being utterly appalled by Facebook apps, Dan Tynan writes about too many things for too many people, including his geek humor site, eSarcasm. Follow him on Twitter: @tynan_on_tech.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon