YOU ARE HERE: LAT HomeCollections

Facebook widgets pose privacy risks

June 17, 2008|Kim Hart | Washington Post

WASHINGTON — Facebook fanatics who have covered their profiles on the popular social networking site with silly games and quirky trivia quizzes may be unknowingly giving a host of strangers an intimate peek at their lives.

Those mini-programs, called widgets or applications, enable users to personalize their pages and connect with friends and acquaintances. But they could pose privacy risks. Some security researchers warn that developers of the software have assembled too much information -- home town, schools attended, employment history -- and can use the data in ways that could harm or annoy users.

"Everything requires you to give access to personal information or it forces you to ask your friends to do the same. It becomes a real nuisance," said David Dixon, 40, an information technology consultant who recently deleted most of the applications he had downloaded to his Facebook profile after reading on a blog that developers may have access to his information. "Why does a Sudoku puzzle have to know I have two kids? Why does a postcard need to know where I went to college?"

Even private profiles, in which personal details are available only to specific friends, reveal personal information, said Chris Soghoian, a cyber-security researcher at Indiana University. And they're allowing access to their friends' information -- even if their friends are not using the application. That's because MySpace and Facebook Inc., the largest online social networks, let outside developers see members' information when they add a program.

"You want to be social with your friends, but now you're giving 20 guys you've never met vast amounts of information from your profile," he said.

A year ago, Palo Alto-based Facebook started allowing outside developers to create small software programs for members to download. Since then, the company said, about 24,000 applications have been built by 400,000 developers. They've become enormously popular, with users playing poker, getting daily horoscopes and sending one another virtual cocktails, to name a few. More than 95% of Facebook users have installed at least one application, the company said.

Applications have grown so much that venture capital firms have formed exclusively to fund their development, and there is a Stanford University course devoted to creating them.

In February, MySpace also opened up to developers. It has more than 1,000 applications. The Beverly Hills-based company, along with other social networks such as Hi5 and AOL's Bebo, allows applications under OpenSocial, a Google-led initiative that lets developers distribute games and other programs across multiple social networks.

Each site has come up with its own policies on the data that developers are allowed to see. MySpace, the largest social network, with 110 million members, said developers can see users' public details -- name, profile picture and friend lists -- when they download a program. When a user installs one on Facebook, which has 70 million members, the developer can see everything in a profile except contact information, as well as friends' profiles. Members can limit what is seen by changing privacy controls, and both companies say developers are allowed to keep those data for only 24 hours.

Developers can collect other data from members once they've downloaded the applications.

Ben Ling, director of Facebook's platform, said developers were not allowed to share data with advertisers, but they can use it to tailor features to users. Facebook now removes applications that abuse user data by, for example, forcing members to invite all of their friends before they can use it.

Some developers acknowledge the value of the data at their fingertips but say they're careful not to abuse it.

"We don't care who their favorite musicians are, and we're not looking at their pictures," said Dan Goodman, co-founder of Loladex, which helps users find friend-recommended businesses.

Los Angeles Times Articles