ACLU chapter flags Facebook app privacy

The Northern California chapter of the American Civil Liberties Union has put out a campaign designed to raise awareness of the privacy implications of Facebook's developer platform. It's focusing specifically on the popular "quiz" applications, like "Which Cocktail Best Suits Your Personality?" and "Which Wes Anderson Movie Character Are You?" These are largely one-time-use apps that many a Facebook user clicks on and tries out with little concern.

According to the ACLU chapter, "millions of people on Facebook who use third-party applications on the site, including the popular quizzes, do not realize the extent to which developers of quizzes and other applications have access to personal information. Facebook's default privacy settings allow nearly unfettered access to a user's profile information, including religion, sexual orientation, political affiliation, photos, events, notes, wall posts, and groups." For the promotion, it's put together a quiz about how much you know about Facebook-based quizzes.

Side note: Creating a Facebook quiz app to draw attention to the pratfalls of Facebook quiz apps is very meta.

"It's time for Facebook to upgrade its privacy controls so that quizzes can only see what people want them to see," Chris Conley, technology and civil liberties fellow at the ACLU of Northern California, said in a release. "Users need stronger protections than Facebook currently provides."

So are the ACLU-NC's claims legitimate? The most damning one asserts that "regardless of whether a user's Facebook profile is 'private,' by taking a quiz the user allows its developer to gain access to the user's profile information...by Facebook default, every time one of a user's friends takes a quiz, the quiz has access to that user's profile information." That could have particularly alarming security implications if an app turns out to be malicious.

Facebook does not deny this, but notes that "sensitive" information like contact details are not available to third-party apps, and that Facebook has settings for users to tweak exactly how much their friends' apps can see.

Last month, the company modified its privacy settings to make them more user-friendly.

The ACLU chapter recommends that Facebook make it an opt-in, rather than opt-out process for apps to access a user's friends' data and require that apps list the specific profile data fields that they will be accessing.

"We generally agree with (the ACLU's) recommendations and have already made public announcements about relevant changes that are under way," Facebook spokesman Barry Schnitt said in an e-mail. "Specifically, we recently disabled hundreds of applications, including quiz applications, that were inconsistent with Facebook Platform policies...We've also had productive discussions with the Canadian Privacy Commissioner about improving user data controls on Platform. We'd be glad to also have productive discussions with the ACLU and generally catch them up, if they want to give us a call."

The office of the Canadian Privacy Commissioner, which has taken issue with Facebook's privacy policies, is holding a press conference on Thursday to address the subject, and Facebook plans to hold a conference call with reporters in response.

[BShurilla93]

Unbelievable! it's a freaking quiz!

[RompStar_420]

I like Facebook, I never allow to use any of that QUIZ crap and I don't play that retarded Mafia Wars, neither :- )

[allisonis]

I don't care if apps access MY data - after all, it's a trade. But I take serious offense at the idea of apps OTHER PEOPLE have downloaded accessing my data. That's so sneaky and very spyware-like. In fact, this actually makes Facebook spyware, since Facebook is giving each user's information away without permission.

[tundraboy]

I am shocked, shocked that Facebook would have anything else other than the highest respect for ethics and its member's privacy.. . . Not! Another day, another story about Facebook's ethical blinders. So what else is new?

[inachu1]

These apps are pretty annoying to me to want so much information.

When a friend wants me to take a quaiz by one of these apps then I would demand that the following disclaimer be displayed.
1. We will not use this information for any 3rd party historical profile
For all I know a company could be building a persona database on me and they are willing to sell my info to the highest bidder.

[Eskiegirl302]

The ACLU is always in everyone's business. What are they complaining about? I have played those games and never had a problem. Must be the way I protect my own info.

[Eskiegirl302]

What's the matter? I thought the aclu liked being in everyone's business. It's ok for them but not for everyone else?? LoL Facebook is fine. I have had no problems from that site.

[pentest]

If it wasn't for the ACLU we would be living in a theocracy with a dictator on par with the Ayatollah.

[cdwilliams1]

@Eskiegirl302 You are missing the point. Even if you take steps to be careful with your info, like making your profile private, you are still at risk. Basically, when ANYONE you have friended runs an app, that app has the same permission level as your friend. Let's say you have a friend named Sally on Facebook. Sally decided to take the "What flavor bubblegum are you?" quiz. That quiz, and it's developers, staff, company, etc now have access to everything Sally can see on Facebook. Including YOUR profile, YOUR details, YOUR pictures, etc. Even though YOU, Eskiegirl302, never took the quiz or granted permission to those developers.

Those developers can now use your information however they wish. Why do you think developers give away quiz apps and game apps for free? To mine facebook information for marketing and other purposes. This is why the ACLU is upset. Even if you, Eskiegirl302, does everything right to protect your information and never take quizzes or play mafia wars or whatever because of the way Facebook is setup by default your friends can compromise YOUR security just by taking a quiz.

[fjpoblam]

I agree with cdwilliams1: though ACLU may at times seem a bit too strict, I believe in the old hippie saying. "Just because yer paranoid doesn't mean they're not out to getcha." I don't care for the idea that my friends can give away access to my personal information without asking me first. And likewise, I wouldn't give away access to THEIR personal info without asking THEM first. Period.

[mlauzon]

Like 'Comic Book Guy' said in the comments section on the MaximumPC.com web site, and I agree with him:

"So, the ACLU only speaks up after the Canadian government covered all of this, and has since forced facebook to change their privacy policy, the ACLU is extremely late to the game!"

[mlauzon]

Like 'Comic Book Guy' said in the comments section on the MaximumPC.com web site, and I agree with him:

"So, the ACLU only speaks up after the Canadian government covered all of this, and has since forced facebook to change their privacy policy, the ACLU is extremely late to the game!"