Saturday, February 23, 2008

Lying to Facebook Apps: Facebook apps can access ALL of your info

I talked about this with one of my Facebook friends a while ago. Just about every time somebody sends me some annoying new message in Facebook, I have to give some developer that I don't know and don't trust access to my information. He said, "man, they're Facebook, they're not stupid. Developers cannot access your email nor your birthdate and stuff like that." Is that true?

At some point I'll have to write a baby Facebook App to test this out, but for now let's just look at the User Terms ( According to the User Terms

(a) Information That May Be Provided to Developers. In order to allow you to use and participate in Platform Applications created by Developers ("Developer Applications"), Facebook may from time to time provide Developers access to the following information (collectively, the "Facebook Site Information"):

(i) any information provided by you and visible to you on the Facebook Site, excluding any of your Contact Information, and

(ii) the user ID associated with your Facebook Site profile.

At the same time, of course, Facebook makes their developers agree to some terms of use where they can't collect information, but that is relatively unenforceable (especially if they don't know what the developer is really doing with the information they collect). Because really, it's your problem:

When you install a Developer Application, you understand that such Developer Application has not been approved, endorsed, or reviewed in any manner by Facebook, and we are not responsible for your use of or inability to use any Developer Applications, including without limitation the content, accuracy, or reliability of such Developer Application and the privacy practices or other policies of the Developer.

Is there any way to protect yourself against this? Yes. Lie about your birthdate, at least. I always do.
SAT prep you can rewind

No comments: