Facebook quiz danger?
July 14th, 2009 at 12:19Sorry that blogging here has been so quiet. This is largely because I have been busy preparing for my wedding, on 24th October, and of course spending time with my beautiful fiancée.
In recent weeks several of my Facebook friends have invited me to take interesting quizzes on Facebook. These include Wayne Leman and ElShaddai Edwards, who have done so in blog posts, as well as various friends who have invited me with Facebook notifications.
The problem with this is that when I try to take these quizzes I typically get a message something like:
Allowing [quiz name] access will let it access your Profile information, photos, your friends’ info and other content that it requires to work.
I am required to allow this access before I can take the quiz. In other words, I have to give to a piece of software about which I know almost nothing access to personal information not just about myself but also about all my friends. If “your friends’ info” means what is on their profiles, it includes e-mail addresses, sometimes postal addresses and phone numbers (not my own), and all kinds of other details which people are happy to share with their friends, but not to make public.
Of course if the quiz program can access this information, so can its author – who can use it for marketing or sending spam, or sell it to the highest bidder. That may well be a breach of Facebook rules, but how well are these rules enforced?
Presumably each of my Facebook friends who has taken one of these quizzes has given the program permission to access my profile information, which is intended to be for my friends alone to see but not to pass on to unknown third parties. I am not at all happy that any of my friends have done that; I consider that they have acted unethically. But if I chose to de-friend them I would probably hardly have any friends left.
ElShaddai, in a comment in reply to mine, writes:
AFAIK, Peter, the “friends’ info” is applicable to the last step in the quiz where it asks you if you want to invite your friends to take the quiz.
Indeed, as far as he knows. But what I am worried about is what he doesn’t know, what the unknown author of the quiz software is not saying. He may be right, of course, but how do I know that he is right? I’m afraid “AFAIK” is not an acceptable defence on an ethical issue, just as it isn’t in a court of law.
My real concern is that this quiz program is in fact an elaborate trojan horse, installing itself in millions of Facebook users’ computers worldwide, collecting personal information on the side for some kind of nefarious purpose, or at least for a mass marketing campaign. Can anyone reassure me that there is no danger of this? I know Facebook has had to stop rogue applications before. Could this be another one?
July 14th, 2009 at 12:45 pm
Peter,
From here:
July 14th, 2009 at 2:11 pm
Joel, thanks for the link, which confirms most of my worst fears. While there is a claim that
this doesn’t seem to apply to any such information which has been put on anyone’s profile. And yes,
- but that is almost unenforceable.
July 14th, 2009 at 9:08 pm
Who is the developer, by the way?
July 14th, 2009 at 10:08 pm
I don’t know, TC. Does anyone? Not Wayne and ElShaddai, I’m sure – they just used an off the shelf package to set up their quizzes.
July 15th, 2009 at 9:27 am
[...] blogosphere which I could take (because it can’t access my personal information), unlike the dangerous Facebook quiz I discussed yesterday: Test your C-Factor. I come out with a C-Factor, a level of Calvinism, of [...]
July 15th, 2009 at 10:09 am
I know that Wayne has been creating Facebook quizzes, but I have not. I only took this one that was already created. If you’ve received a message that I’ve created a quiz, I would be very interested to see that, as it’s patently false.
July 15th, 2009 at 10:23 am
Sorry, ElShaddai, I was forgetting the details. I should have realised that you were simply passing on a link to the quiz. So we don’t even know who set this one up. But it is not them who get access to the personal information, probably, but the author of the application software.
July 15th, 2009 at 1:04 pm
No worries – I would second your last assumption, as presumably Wayne would say if he was getting personal info as a quiz author.
July 15th, 2009 at 1:45 pm
[...] located a Peter Kirk approved quiz, Testing Your C-Factor, I decided I really must take it. The [...]
July 15th, 2009 at 3:13 pm
It looks to me that the info the Facebook quiz program gathers is probably about the same as that of any other FB app using the FB API developer’s platform. So, the problem is a bigger one, not just with the quizzes, but with trusting Facebook and its API system at all. I’m been hit twice by worms that gather and message every one of my FB Friends. FB is aware of these breaches of security and keeps tightening up the holes, but I think no system is perfect these days. We see that as hackers gain access to very secure systems @ MI5 or the CIA, wherever. I’m not dismissing concerns about the quizzes. I have posted to the quiz forum clear questions raised by this blog post. I hope to receive clear answers in response. These are important concerns. They raise the entire issue of how safe anyone is even being signed up with Facebook or any other social network.
July 15th, 2009 at 4:21 pm
Thanks, Wayne. I regularly get messaged by applications which message every friend of one of my friends, but they may have given permission for this without intending to.
There is more information in this article, to which I was sent a link. Note the correction in a comment, that the API gives access to friends’ profiles as well as one’s own. But this may be out of date as hopefully some holes have been plugged since February 2008.
July 15th, 2009 at 4:25 pm
This more recent article suggests that recent changes in Facebook have made things worse rather than better.
This one suggests that the situation is worrying enough for European Union regulators to get involved.
July 15th, 2009 at 11:05 pm
Here is the answer I received from the Know-It-All quiz man in their forum on Facebook:
“We display the Facebook avatar and name of your friends that you can invite http://apps.facebook.com/know-it-all-trivia/?target=invite and friends that play Know-It-All against you on the Top Players page http://apps.facebook.com/know-it-all-trivia/?target=leaderboard
It’s not possible to get a virus from Know-It-All Trivia.”
Thank you, Jaron. So is their name and avatar the only info that Know-It-All gets from anyones Profile who accepts my invitation to play a quiz?
July 16th, 2009 at 9:10 am
Thank you, Wayne. The problem with this is that there is no way to know that it is true, and no way for Facebook to know either.
July 17th, 2009 at 11:20 am
I see Facebook is also getting into trouble in Canada, and one of the issues mentioned is
July 17th, 2009 at 12:54 pm
I know these are serious questions, but here’s a comic strip about the issue.
July 17th, 2009 at 1:15 pm
Thanks, Paul. A cartoon is always worth thousands of words, even on the most serious issues.
July 19th, 2009 at 10:00 am
You do know that Facebook allows you to control what information is allowed to be accessed by third-party applications, right? Simply log in to Facebook and click this link. It even gives you the option to not have any information at all shared through the Facebook API.
July 20th, 2009 at 3:50 pm
Thanks, Tyler. That is indeed helpful. Through this page I have now blocked my friends’ applications from reading most information about me. They can now read, in addition to “my name, networks, and list of friends”, only my profile picture and my religious views i.e. that I am unashamed to be a Christian. My friends in person can still read all my information.
I recommend anyone else concerned about the security of their personal information to do something similar.
July 24th, 2009 at 9:25 pm
I just read the following as a Facebook friend’s status:
I have just done this. I have not verified exactly what the danger is, but I trust my friend, and don’t want others to abuse my pictures.
August 12th, 2009 at 2:48 pm
[...] just took a new quiz Christian Traditions Selector, recommended by Kevin Sam – not on Facebook I am glad to say, but the advertising images I saw in the sidebar are a bit [...]
August 18th, 2009 at 11:39 am
As Kevin Sam reports, this very issue has now been taken up by Canada’s privacy commissioner, who is threatening to take Facebook to court for violation of privacy laws. The specific issue mentioned is:
August 28th, 2009 at 12:34 am
[...] that Facebook isn’t receptive to changes requested by its users like myself. Only last month I complained about the privacy issues with taking Facebook quizzes. Now, as the BBC reports, Facebook is going to do almost exactly what [...]