It looks like you're using an Ad Blocker.

Please white-list or disable in your ad-blocking tool.

Thank you.


Some features of ATS will be disabled while you continue to use an ad-blocker.


Facebook Apps: How your data can be harvested by a 3rd party

page: 1

log in


posted on Apr, 20 2012 @ 05:38 PM
This thread is going to explain you how your data on facebook is vulnerable to abuse by 3rd party. By 3rd party, I mean someone who is not directly associated with facebook in any manner. There are plenty of conspiracy theories which says that facebook is a tool for harvesting public data for use by the government. But there are some people out there who harvest data for sole purpose of making money with it by selling it to big corporations and whoever else can make more money out of it. Many people here do not use facebook at all but if you do then do not take this lightly as these are not merely my thoughts on the possibility but these are facts. I will try my best to make it easy enough to be understood by anyone who has ever used facebook. So, lets have a look how facebook apps can be used to intrude your privacy.

Lets start with a somewhat popular example of how facebook API can be abused.

Facebook is threatening to take legal action against the creators of an online "dating" site that features 250,000 profiles of men and women whose photos and personal details were scraped off the social networking giant's site and used without their permission.


Shows how a 3rd party can harvest much of data from facebook profiles easily without the permission of neither the users nor the facebook. Although it was actually a prank which was aimed to spread the awareness about lack of privacy on social networks. Those guys did an excellent job at explaining things here - I highly recommend reading it.

A part of your facebook profile's data is made public by default and can be accessed by anyone if they have your username or user id. Let us try this right now with a very common name "bob" in our browser by visiting this link- Just replace "bob" with any other username or user id you want to try. It shows you the user id, full name, first name, last name, profile link, username, gender and locale (language & country). This data can be accessed by anyone without the need for your or facebook's permission.

Before an application can access the data in your profile, it needs to ask you for permission which looks like this-

An application can ask for permission to access different part of your profile's data like your email (can be used to send you unsolicited emails), birthday, events, groups joined, pages you have liked (know the things you are interested in so that relevant ads can be served), notes, relationship status, photos, posts in your news feed and much more. Full list of permission that an app can ask for can be found here- (Google's cache link provided so that you need not login and non-members of facebook can see the page).

The app in the above screenshot asks for basic info, user's photos and photos shared with the user. So, I wanted to try and see what this app is about. I clicked on "Go to App" button and it had the access to all the photos I had in my profile. But wait, this doesn't needs the later two permissions to work and yet it asked for those permissions.
Only thing I can think of why it asked for them is either it was a mistake on developer's part or (most probably) this application harvest photos from your profile which includes your private photos. Even if you delete photos from your account and even after facebook deletes them entirely from their servers, previously accessed photos by an application will still remain with the owner of the app. So if you happen to see one of your images from your private collection on facebook floating somewhere else on the web, do not be surprised.

How an application grows big and gains more user?

Links to rouge applications are spread with help of pages and hacked & fake accounts. Also applications can post status, uploading image and video on your behalf (given they have the required permission). Suppose you have unknowingly installed one of a rouge applications. Since apps can use your account to post anything it wants, it can spread more amounts of spam to your friends. Example-

All these astrological predictions here are nothing but random values.

Again, random numbers.

Popular and genuine apps shows you what they are going to post on your wall and asks for your permission before they do so but a rouge application can use your account to spread spam by use of these permissions.

Reason these applications are so successful is that they are designed in ways to attract users and as usual most of the people are ignorant regarding their online privacy. Most of the users never read about what permissions they are giving to an application before continuing. If you have spent some time on facebook, there are chances that you have seen viral scams which like "free farmville coins", "profile viewer", "facebook themes", etc reaching you through your friend's wall post. Some of them-


Most of the application on facebook these days are junk with two intentions - making money by showing you ads and harvesting your data. Facebook has a certain limit to what an application can do and sets of rules to detect rouge applications so most of them get deleted within a day and the profile which was used to create the application gets disabled. But scammers do it on a large scale but to do it on a large scale they will need many phone verified accounts. For this they buy hundreds of facebook accounts to make apps for 2-3$ each. There are many providers who sell fake accounts. Example- Also there are many automated programs available which can operate hundreds of facebook accounts together by uploading images, filling out profiles, adding friends so that they could be later used to spread links to these rouge applications.

And not only do these applications monetize by showing just normal ads but there is another deep s#it known as CPA ( where the webpage is locked out and you are asked to fill out a survey form to access it. I will discuss about that in detail in my next thread as it would require as much explaining as this one.

So my advice is stop using facebook apps at all. Although there are some good applications too but you can never know if your data is being retained by a 3rd party without your permission. Also check your account for installed apps and remove junk ones by going to "Account Settings" > "Apps" and click on the tiny cross button on the right of app name to remove it.

Thanks for reading.

posted on Apr, 20 2012 @ 05:46 PM
Hehe glad I don't use Facebook apps, never had and never will. I just simply don't trust them for some odd reason.

Interesting thread though. S&F for you.

posted on Apr, 20 2012 @ 05:48 PM
What is that "doomsday NASA says be prepared" all about..

posted on Apr, 20 2012 @ 05:57 PM
If anyones interested, I bought a small pony in farmville?

Noted: He likes horses.

posted on Apr, 20 2012 @ 06:03 PM
reply to post by morpheusxxz

Welcome to my world!

The wonderful, wonderful world of internet marketing!

posted on Apr, 20 2012 @ 06:09 PM
RULE # 1 ----- LOG OUT


posted on Apr, 20 2012 @ 06:17 PM
This is very important information for anyone who might be using facebook or twitter or any social media available right now.
Also great for parents to know the dangers of what their little ones face being on-line.
We don't do any of the above mentioned sites and never will for obvious reasons laid out plain and clear in the OP.
Great heads up thread and a Big S&F for taking the time to teach the masses of what is hidden in our internet here.
Regards, Iwinder

posted on Apr, 20 2012 @ 06:39 PM

Originally posted by dayve
What is that "doomsday NASA says be prepared" all about..

It was just a fake video that is all.

posted on Apr, 20 2012 @ 07:12 PM
As much as I agree with you, it's not just about FB.
It's anywhere you strike a key that goes on the net including ATS.

Here's the owner of the Ladders saying us older folk are just paranoid about having anything we do on the internet traceable and we really have no right to privacy on the net:

Oops here's Zuckermans own statement about privacy:

Hmmmm It "seems" the Ladders CEO quote has disappeared about no privacy on the net. I can't find it now and I sent the article to 2 of my friends asking what theguy said is true and is Ladders a good networking option.

He called the owner a "tool" just for saying that and thought it was a wrong business model,but REALLY? Like you didn't know every key stroke you make doesn't have a record over the net?

You REALLY don't think it's exploited for anything you can't even imagine from Governemet ops for security or marketers?


I've actually reconnected with some friends from 30 years ago on FB and it's kind of we discuss every crime ridden event we created at Kent State? No.

Am I being recorded for even saying I committed a crime at Kent State 30 years ago. Yep.

Did I? Heck No!

Am I a criminal? LOL No. It just goes on and on about fabrication of the truth on FB anyways.

And? I'm really handsome too. I'll cut and paste a pic I steal from another sight.

OH...I don't even have an avatar. sigh

posted on Apr, 21 2012 @ 01:46 AM

Originally posted by Argyll
reply to post by morpheusxxz

Welcome to my world!

The wonderful, wonderful world of internet marketing!

I wouldn't exactly call it IM, rather it is more of a scam where user gets nothing of value. Also the micro niche sites fall in the same category. I know some people enjoy doing this and making money out of it as I used to but now it just seems so wrong.

posted on Apr, 21 2012 @ 01:57 AM
reply to post by niceguybob

Yes, I do not just think but know that its exploited for things you cannot think of. Every word you type online can be used to make money out of you, control you and against you. But this thread was specifically focused on facebook apps.

posted on Apr, 21 2012 @ 08:21 PM
reply to post by morpheusxxz

I wouldn't exactly call it IM, rather it is more of a scam where user gets nothing of value. Also the micro niche sites fall in the same category. I know some people enjoy doing this and making money out of it as I used to but now it just seems so wrong.

How do you know users get nothing of value?'s not a scam, done correctly users are targeted according to their's marketing!

new topics

top topics


log in