0 Members and 2 Guests are viewing this topic.
In a decision that will be exploited by online scammers "for their own criminal ends", according to one security expert, Facebook is making users' addresses and mobile phone numbers available to third-party app developers.Facebook explained the decision in a blog post, stressing that app developers would be able to access the information only if the user provides permission. The social networking site also pointed out to developers that "the access and use of this data is governed by our Platform Policies".The Platform Policies include the following rules:"3. You will have a privacy policy that tells users what user data you are going to use and how you will use, display, share, or transfer that data."6. You will not directly or indirectly transfer any data you receive from us, including user data or Facebook User IDs, to (or use such data in connection with) any ad network, ad exchange, data broker, or other advertising or monetization related toolset, even if a user consents to such transfer or use."But Sophos security specialist Graham Cluley predicted that the move "could herald a new level of danger for Facebook users" and warned that web criminals already have a proven track record for tricking their victims into handing over sensitive personal details."Now, shady app developers will find it easier than ever before to gather even more personal information from users. You can imagine, for instance, that bad guys could set up a rogue app that collects mobile phone numbers and then uses that information for the purposes of SMS spamming or sells on the data to cold-calling companies," Cluley wrote."The ability to access users' home addresses will also open up more opportunities for identity theft."
Facebook U-turns on phone and address data sharingFacebook appears to have U-turned on plans to allow external websites to see users' addresses and mobile phone numbers.Security experts pointed out that such a system would be ripe for exploitation from rogue app developers.The feature has been put on "temporary hold", the social networking firm said in its developers blog.It said it needed to find a more robust way to make sure users know what information they are handing over."Over the weekend, we got some useful feedback that we could make people more clearly aware of when they are granting access to this data. We agree, and are making changes to help ensure you only share this information when you intend to do so," the firm said.The updates would be launched "in the next few weeks", it added and the feature will be suspended in the meanwhile.Bad guys Facebook's volte-face is likely to be a case of 'once bitten, twice shy'.Last year, wide-ranging changes to privacy settings resulted in a loud chorus of disapproval from both users and privacy experts, including the Canadian privacy commissioner, Jenny Stoddart.The firm was forced to radically simplify privacy settings. Ms Stoddart said at the time that the social network had "vastly improved" the sharing of personal information with third-party developers.Facebook founder Mark Zuckerberg has made no secret of his desire to open up the relationship between the network's 500 million members and the wider internet.Having access to mobile phone numbers and physical addresses could have real benefits for users, the firm said in its blog."You could, for example, easily share your address and mobile phone with a shopping site to streamline the checkout process, or sign up for the up-to-the-minute alerts on special deals directly to your mobile phone."But Graham Cluley, a senior analyst at security firm Sophos, said it would also be very easy for rogue developers to jump on the bandwagon.Facebook's troubled privacy history: July 2010: Personal details of 100m users are published on the net to "highlight privacy issues" July 2010: German officials launch legal action against the site for accessing and saving the personal data of people who do not use it July 2010: Facebook begins to roll out further changes to the site in its ongoing efforts to appease critics of its privacy practices May 2010: The site announces that it will simplify its privacy settings in response to growing disquiet from it users that they are too complex May 2010: A fix for a security flaw that allows users to eavesdrop on the live chats of their friends and see their pending friend requests is rushed out January 2010: The Canada's information commissioner launches an investigation over changes to Facebook's privacy policy December 2009: Ten US privacy groups file a complaint to the Federal Trade Commission over Facebook's new privacy settings December 2009: Facebook introduces another set of privacy controls February 2009: Changes to the sites terms of service provoke the ire of privacy campaigners May 2008: A Canadian privacy group files a complaint against the site accusing it of violating privacy law May 2008: The BBC finds a flaw in the website that could expose people's details January 2008: The site faces investigation in the UK after users find they can't permanently delete their profiles November 2007: Members force the site to changes its controversial advertising system Beacon, which told friends and businesses what they looked at or bought