Sunday, March 18, 2012

Will Facebook ever get privacy right?

Originally published 05/12/2011 on

Nishant Yoshi reported on Symantec's official blog that third party Facebook applications have had accidental access to much more of Facebook users info and pages than anyone knew:

Third parties, in particular advertisers, have accidentally had access to Facebook users’ accounts including profiles, photographs, chat, and also had the ability to post messages and mine personal information. Fortunately, these third-parties may not have realized their ability to access this information. We have reported this issue to Facebook, who has taken corrective action to help eliminate this issue.

Symantec's researchers estimate that over 100,000 apps may be leaking data. Over 600,000,000 people have Facebook accounts. Because of an oversight, 100,000 third parties, both known and unknown, may have had access to their information, no matter how tightly they had controlled the privacy settings. The only saving grace of this news is that few, if any, of those third parties may have realized the treasure they were sitting on.

Facebook has to start taking privacy more seriously. But they never will if users don't demand it because the Facebook business model is to get as many users as possible and encourage them to put as much data as possible, as openly as possible, on the site so Facebook can sell access to it. As it turns out, Facebook had actually given away the keys to the kingdom, but fortunately, nobody seems to have noticed.