Did you hear about the TweetDeck bug that allowed users to login and tweet from other accounts that didn’t belong to them? Well, it got us thinking about applications that we allow to access our data and the reality that “online privacy” really is an oxymoron.
In case you didn’t hear about it, TweetDeck user Geoff Evason logged in to TweetDeck and discovered he had access to a bunch of accounts that were not his. He tweeted the following screenshot to TweetDeck alerting them (and the rest of the web) to the issue:
TweetDeck has since fixed the bug, but it made us think about the many, many apps that folks freely grant access to their critical information – and by critical we mean information that one has worked to develop both personally and professionally.
Take your address book, for example. If you stop and think about it, how many applications currently have access to every email address in your address book? Ever consider the damage that could be done with that info if it ever fell into the wrong hands? We’re not just talking about someone sending spammy emails to all of your contacts, we’re talking about someone potentially resetting passwords or accessing not only your social networks but your online banking account and anything else you’ve ever set up using that email address. Scary, hmm?
And then there’s the info we willingly offer up every day when we use social login services. Social login is a great feature, of course. It makes signing in to websites very convenient and personalized, but keeping the privacy trade-off in mind when you use it is important.
It isn’t all gloom and doom. There are efforts underway to protect users’ privacy. It just seems that for every step forward we discover we’ve actually taken two steps back. We had Apple tracking iPad and iPhone users’ locations (unbeknownst to them), Android mining personal data and Path storing users’ address books on its servers.
With passwords being comprised with greater regularity and screenshots of social media missteps spreading like wildfire, what are you doing to protect yourself? Anonymous logins? Kinder, gentler posts so as not to provoke an attack?
When it comes down to it, if you link your “social identity” all over the web, attempting to keep anything “private” online, even using the most restrictive privacy controls on whatever network you prefer, is not advisable.
(Locked briefcase image from Shutterstock)