This thread is going to explain you how your data on facebook is vulnerable to abuse by 3rd party. By 3rd party, I mean someone who is not directly
associated with facebook in any manner. There are plenty of conspiracy theories which says that facebook is a tool for harvesting public data for use
by the government. But there are some people out there who harvest data for sole purpose of making money with it by selling it to big corporations and
whoever else can make more money out of it. Many people here do not use facebook at all but if you do then do not take this lightly as these are not
merely my thoughts on the possibility but these are facts. I will try my best to make it easy enough to be understood by anyone who has ever used
facebook. So, lets have a look how facebook apps can be used to intrude your privacy.
Lets start with a somewhat popular example of how facebook API can be abused.
Facebook is threatening to take legal action against the creators of an online "dating" site that features 250,000 profiles of men and women
whose photos and personal details were scraped off the social networking giant's site and used without their permission.
Shows how a 3rd party can harvest much of data from facebook profiles easily without the permission of neither the users nor the facebook
Although it was actually a prank which was aimed to spread the awareness about lack of privacy on social networks. Those guys did an excellent job at
explaining things here - www.face-to-facebook.net...
I highly recommend reading it.
A part of your facebook profile's data is made public by default
and can be accessed by anyone if they have your username or user id. Let us
try this right now with a very common name "bob" in our browser by visiting this link- graph.facebook.com...
Just replace "bob" with any
other username or user id you want to try. It shows you the user id, full name, first name, last name, profile link, username, gender and locale
(language & country). This data can be accessed by anyone without the need for your or facebook's permission.
Before an application can access the data in your profile, it needs to ask you for permission which looks like this-
An application can ask for permission to access different part of your profile's data like your email
(can be used to send you unsolicited
emails), birthday, events, groups joined, pages you have liked
(know the things you are interested in so that relevant ads can be served),
notes, relationship status, photos
, posts in your news feed
and much more. Full list of permission that an app can ask for can be found
(Google's cache link provided so that you need not login and non-members of facebook can see the page).
The app in the above screenshot asks for basic info, user's photos and photos shared with the user. So, I wanted to try and see what this app is
about. I clicked on "Go to App" button and it had the access to all the photos I had in my profile. But wait, this doesn't needs the later two
permissions to work and yet it asked for those permissions.
Only thing I can think of why it asked for them is either it was a mistake on
developer's part or (most probably) this application harvest photos from your profile which includes your private photos. Even if you delete
photos from your account and even after facebook deletes them entirely from their servers, previously accessed photos by an application will still
remain with the owner of the app.
So if you happen to see one of your images from your private collection on facebook floating somewhere else on
the web, do not be surprised.
How an application grows big and gains more user?
Links to rouge applications are spread with help of pages and hacked & fake accounts. Also applications can post status, uploading image and video on
your behalf (given they have the required permission). Suppose you have unknowingly installed one of a rouge applications. Since apps can use your
account to post anything it wants, it can spread more amounts of spam to your friends. Example-
All these astrological predictions here are nothing but random values.
Again, random numbers.
Popular and genuine apps shows you what they are going to post on your wall and asks for your permission before they do so but a rouge application
can use your account to spread spam by use of these permissions.
Reason these applications are so successful is that they are designed in ways to attract users and as usual most of the people are ignorant regarding
their online privacy. Most of the users never read about what permissions they are giving to an application before continuing. If you have spent some
time on facebook, there are chances that you have seen viral scams which like "free farmville coins", "profile viewer", "facebook themes", etc
reaching you through your friend's wall post. Some of them-
Most of the application on facebook these days are junk with two intentions - making money by showing you ads and harvesting your data. Facebook has a
certain limit to what an application can do and sets of rules to detect rouge applications so most of them get deleted within a day and the profile
which was used to create the application gets disabled. But scammers do it on a large scale but to do it on a large scale they will need many phone
verified accounts. For this they buy hundreds of facebook accounts to make apps for 2-3$ each. There are many providers who sell fake accounts.
Also there are many automated programs available which can operate hundreds of facebook accounts together
by uploading images, filling out profiles, adding friends so that they could be later used to spread links to these rouge applications.
And not only do these applications monetize by showing just normal ads but there is another deep s#it known as CPA
) where the webpage is locked out and you are asked to fill out a survey form to access it. I will
discuss about that in detail in my next thread as it would require as much explaining as this one.
So my advice is stop using facebook apps at all. Although there are some good applications too but you can never know if your data is being retained
by a 3rd party without your permission. Also check your account for installed apps and remove junk ones by going to "Account Settings" > "Apps"
and click on the tiny cross button on the right of app name to remove it.
Thanks for reading.