Wednesday, January 20, 2010

Facebook: More bad, a little good

The Bad


As if it weren't already dangerous enough to be on Facebook, Ellinor Mills writes in her column on CNET that researchers have found Facebook is vulnerable to click-jacking. In essence, click-jacking is putting an invisible layer over a legitimate web page. When a link on the legitimate page is clicked, the invisible layer hijacks the click and sends the person somewhere they didn't want to go. The same researchers also noted that Facebook allows third party apps to access user data without warning them. I've talked about this before - most recently in response to a comment yesterday. Facebook had a response to this problem:
"The only information apps can access without first showing the 'Allow' screen is publicly available information (the limited set of info that includes name, profile picture, gender, networks, friend list, and pages) and information set to be visible to everyone on the Internet," Facebook spokesman Simon Axten said.

The "limited set of info" seems overly broad. Does mafia war really need to know the networks I belong to and every friend I have on Facebook? And the default for all information on Facebook is now "set to be visible to everyone on the internet," so Facebook tells the apps I use everything I have on Facebook, unless I've changed the defaults. And they don't tell me they're doing it. It would be interesting to know how many people tighten their privacy on their Facebook accounts. I bet it's a pretty low percentage.

The Columbus Dispatch carried an article by Bridget Carey highlighting the many ways you risk identity theft by using Facebook. They range from viruses to fake friend requests. The problem is only made worse by the tendency to be more trusting on sites like Facebook.

The Good


The Tech Chronicles blog notes that Facebook is warning users about Haiti relief hoaxes. If you want to help Haiti through Facebook, go to the Facebook Global Disaster Relief Page.

A cnn.com story informs us that caller id spoofing company spoofem.com is going to be giving 2 super bowl tickets away to people who become fans of their Facebook page.

Well, that's the good and the bad today.