Facebook Tests Boundaries of Privacy

Over the past week, Facebook has come under fire for privacy related issues. As Wired magazine stated:

Like many social networks, the increasingly popular Facebook allows its users to mark their profile page as private, semiprivate or open. However, even if you mark your profile to be visible only by friends, that doesn’t change how you turn up in Facebook searches or whether your profile is open to indexing by search engines.

Searches for Christian women who are lesbians or Muslim men interested in other men return a list of results even if the person has not listed their profile as public. While Facebook has since fixed the glitch, there are still people that have their profiles set to public. I stumbled upon one profile in particular that had a hate comment posted on her profile, perhaps a result of someone who read the Wired article. Regardless, as Facebook grows at a rapid pace, certain privacy issues are beginning to get uncovered. While attending last week’s Social Media club in Washington, DC, the issue of privacy as related to the new platform came up.

Many people add and remove programs without thinking about the privacy implications. When you add an application you are required to check a box which states “Allow this application to know who I am and access my information.” If you choose not to check the box, you receive another message stating the following: “Granting access to information is required to add applications. If you are not willing to grant access to your information, do not add this application.” With a simple click you are granting practically complete access of your personal information to the application developer. According to the Facebook Developers Terms of Service you cannot keep any information more than 24 hours that is not specifically identified as being storable indefinitely. I browsed through the documentation and could not personally identify anything that was listed as being indefinitely storable, but I know for a fact that many of the applications do store information indefinitely. Additionally, once you remove an application, the application developer is supposed to remove all personally identifiable information from their database, including your user ID.

While the terms are nice in theory, there is nobody being held for accountability. What system is in place to ensure your information is not being stored indefinitely, or after you have removed the application? Additionally, what is preventing developers from using your information with malicious intentions? The bottom line here is that Facebook has protected them self from most lawsuits due to the language used in their developer terms. As of now there is nothing set up to ensure that your information is not being used for bad purposes. Should there be a link that says “report this application for violation of terms?” Whatever the solution is, I have a feeling that most people don’t know how much information they are actually giving away when they quickly add and remove their applications. Do you think users should be more concerned or Facebook should be more open about what information is being transferred to the developer?