Facebook Instant Personalization- Security Concerns
Yesterday, a security hole was discovered with Facebook’s Instant Personalization and Yelp. An exploit would allow a malicious site to immediately harvest a Facebook user’s personal information including name, email, and data shared with “everyone” on Facebook. This specific exploit has since been patched, and no user data was compromised, but the security problems behind it remain. Facebook realized that Yelp also had access to user’s email addresses.
And although Facebook’s recent changes have been a ‘trending topic’ for the last couple of weeks, many are still in the dark with regards to the recent Facebook changes and their privacy implications.
On April 21, 2010, Facebook introduced some new social plugins based on the Facebook Open Graph platform.
These changes resulted in the following:
- If you click one of the Facebook “like” buttons anywhere on the web, it will automatically get published on your wall.
- When your Facebook friends “like” something, they will see if you “liked” it too.
- Instead of what is presented to the general public, a personalized version will automatically be presented to you when visiting select websites. These pilot sites include Yelp, Pandora and Microsoft Docs.com. (“Instant Personalization”)
According to Facebook, the intentions behind these changes were to socialize and improve the user experience throughout the world wide web.
But, what does this mean to your privacy?
- When you visit a third-party Website and log in using your Facebook account, that site can access the following pieces of information from your Facebook profile: your name, profile picture, gender, current city, networks, friend list, likes and interests, and your fan pages. (Your fan pages, likes and interests, current city, networks and friend list are now lumped into one category called ‘connections’.)
- Instant Personalization goes even a step further than this. As soon as you land on a participating Instant Personalization website while logged in to Facebook, the site can access your personal information. You are also able to view and track any of your friend’s activity on that site. You can see things like any restaurant reviews your friends have written, your friends’ ‘likes’ and an activity feed with other recent actions taken by your friends on that site.
How do you opt-out of Instant Personalization?
1. If you don’t want to use Instant Personalization, visit your Facebook Privacy Settings page for Applications and Websites and uncheck the ‘Allow’ check box next to ‘Instant Personalization.’ (Go to Account | Application and Websites | Instant Personalization Pilot Program | Edit Setting)
2. IMPORTANT! Block each Individual Application. In order to prevent your friends from sharing your information with these third-party sites, you must block these three applications individually.
Click on the links to Yelp, Pandora and MicrosoftDocs.om on Facebook and click on “Block Application”.
3. Go back to “Applications and Websites” under “Privacy Settings”. Edit your settings for the “What your friends can share about you.” Uncheck every box and save.
Do you have a personal social networking strategy? Where does privacy rank in importance?
Loading...
Find us on the web