Do Facebook apps violate your privacy?

Jonathan Strickland. Hey, there, you know this uh, this new podcast um situation here where you're actually sitting across from me is totally throwing me off. Yeah, it's it's kind of creepy. I just wish they hadn't put razor blades in the chair. I just wish because it's really uncomfortable. I just wish you didn't have dead eyes. Well, you know, so let's uh, let's start off this podcast on a positive note. All right? Then? Still we started over there? No, no, no,

we're gonna keep going. We're one take. Darn it, don't you remember we do this in one take. I just should respect my privacy. Oh well, I'm you know, I'm so sorry. You know, I try to respect everyone's private information, just like one of our favorite social media network gig sites. Oh yeah, why don't we lead in with a little listener mail because I've got something for you. Okay, So here's some listener mail. This comes from Anne Marie, who says, Hi, Jonathan,

Hi Chris. I enjoy your podcast and would be interested in hearing a podcast about just how much information Facebook apps can draw. I think many folks would be interested in hearing about just how much information info can be pulled by the apps and games, even if you set your privacy settings to not send out much info. Thanks for the great work and Marie. So today we're gonna talk about Facebook applications, your privacy, and how these three

things come together to essentially devour your privacy. They don't see, your privacy pretty much goes out the window. Yes, um, and I don't think most people do want to know. I think most people don't want to know. First of all, let's step in the way back machine. In fact, I expect to hear amazing time traveling special effects. So let's let's revel in that. I bet there will be some. It wasn't that nice boy. That's no pressure to live at all, is it? Sorry? Liz. But anyway you'll come

up with something we've said that. Oh you know, I totally forgot to set the time. We're gonna have to do it again. No, no, no, We'll just we'll just imagine that we did. So let's go back to when Facebook first premieres, and of course it's originally for college students. Eventually it gets rolled out to high school students, and then a little bit later it gets rolled out to the rest of us who graduated long ago, and uh, and took over. Actually yeah, and so at this point,

Facebook does not have any third party applications. Uh. It had a lot of applications that Facebook develop for themselves, uh, in partnership with other people in some cases, or other companies. But that's right. So before May two thousand seven, you had basic applications like being able to share photos and

things like that. But but that was about it, right, and so Facebook was the only entity you were dealing with in that in that case, and then in May two thousand seven, Facebook starts to talk about it's uh Application Developer program, where they start to allow third parties to develop applications to run on Facebook. Facebook would act as the platform and the applications would run on top

of it. The applications themselves would exist on other servers, so it's not Facebook's servers that are running these other apps. And these could be practically anything that you can imagine. And a lot of the early apps were things like, you know, uh, zombies, pirates, Ninja's like you could you could play games where you're tagging people to become zombies or pirates, ninjas or whatever. Your friend just bit you, Yeah, really, do you want to join Werewolf Wars or whatever it was?

And so, um, well poking was around before because that was a Facebook thing, but their super Poke super Poke is different, yes, super duper Poke, yes, yes, all the different Poke variations. Um so those kind of explode onto

the scene. And what people may not have realized at the beginning was that by opting into these applications, they were essentially giving these third parties access to all of their information, and according to the terms of service, those third parties could pretty much do whatever they wanted with

that information. And not only was it your information, it was linked to your friends pages as well, and in some cases at least the developer would be able to access your friends pages even if your friends had set their profiles to private. So let's say that you have set your profile to private, I have Okay, well this

this is very fitting, all right. So for those of you who have set your profiles to private, I imagine that one of the reasons for that is so that you were not targeted by third parties, by people who are just you know, wanting to sell you something or whatever. You just want your Facebook experience to be you and the friends that you have chosen to contact and and

connect with through Facebook. You don't want anything beyond that. Uh. The problem with these apps is that if any of those friends that you have connected with were to install one of these apps on their on their Facebook profile, that third party developer would now be able to read your information as if he or she were one of your friends. So this is a problem obviously, it's already

that's a violation of privacy right there. Now, what kind of information are we talking about, Well, anything that you might have given Facebook. So any of your you know, sexual preferences or relationship status. Um, you're the way you vote movies, you like TV today, that's a big one. Your birth day, your gender, um, well, none of that could be used for any kind of identity theft. Well, I mean, not like social security numbers. It could. However, it could very easily be used in some cases for

identity theft. Actually, but I was I was being facetious. I I understand, but sometimes we have to spell these out because otherwise I get listener mail um and so, yes, it could be used for identity theft. But even if it's not used for that, it can be used. These third party developers could sell your information to vendors who are targeting advertising at you. And again, you have no say in this because it's all part of the terms

of service in the applications. And and furthermore, in the early days of apps, one of the biggest problems was that applications it had absolutely no need to access all

of that information. By default, we're getting all of that information. Yeah, So you'd be like, Hey, I want this cool application that lets me give virtual balloons to my friends, and suddenly you know, you're you're you install that application, and you've just handed over your information, including things like your relationship status and your sexual orientation and your job history and your education history. Why do they need that if all you're doing is handing over a picture of a

balloon to one of your friends. Yes, yes, that's true. Or you know, if you wanted to find out which Harry Potter house you belong to. Yes. Oh, don't even get me started on quizzes. All right, So anyone who has befriended me on Facebook probably knows that I I harbor a deep seated hatred for quizzes on Facebook. I think that they are the most irritating app to come out of Facebook, or out of any third party developer, I should say, because again, Facebook is not the one

developing this, They're just providing the platform. Um. It's one of the most irritating things to come out uh in the Facebook realm. Ever, Um, I I hate seeing them. First of all. I think pretty much every quiz will tell you. The result will tell you what you wanted to hear in the first place. Yes, so you don't learn anything new about yourself by taking one of these quizzes, Okay, you're not gonna learn that. Hey, you know what I

learned today. I'm a slithering No if you're sliw yeah, okay, yeah, I mean I'm slithering through and through. I mean we all know this. That's I mean that's the you know, dark Mark, I'm all about it. You know, it's gonna move the next tattoo. So the uh, that's the thing is that it wouldn't tell me something I didn't already know.

You know, I'm gonna answer these and and a lot of people I'm guessing are answering these quizzes in such a way so that they'll get the result they want sure, you know, like they're like, oh, I don't want to be Cyclops, want of Wolverine, So I'm going to choose this answer because that's more of a Wolverine answer. So, because anybody can write these quizzes and so they're often

very very transparent to begin with. Right now, That's another interesting thing is that people can write these quizzes using different apps. Now that you have to install the app again through Facebook to be able to write these quizzes. So first of all, you're giving a third party developer access to your information because you want to write a quiz, and then they're getting information from everyone who takes that quiz because they're the ones who developed the tool for

the quiz itself. The information is not coming back to you when people take your quiz. It's going. And I'm not talking about you know, their results. No one, no one over at the application cares about what the results are. They care about that personal data. So the people who make the applications that allow you to create quizzes, they've got enormous databases full of information because every so many

people are creating quizzes and taking quizzes. That's one of the things that you see if you do a lot of reading about so social networks, as Jonathan and I have, is that a lot of people see the value in companies like Facebook and Twitter in my space is not in the website itself, but in the information about the subscribers because they're able to market to those people and that the amazing demographic information that they've got at their disposal. Um,

that's the real value of the company. So basically, any of that information that gets distributed to other parties also gives them, you know, the same the same or similar types of power. Of course, Um, some of that's changing, you know. I actually saw right before we came in, I saw an article on the Computer World that Tony

Bradley had written. Um, there's a company in Seattle called app Bank, and they are going to help people write apps essentially um as in, you know, you can actually create your own apps and quizzes using their platform and basically they get a cut of whatever money you make with your app or quiz. UM. So that's kind of interesting because I don't know if that information you know, not to put I I don't know what app banks

motives are. I would assume that they are legitimate, you know organization that is, you know, involved in and trying to create and cash in on their ability to help you make applications because the applications themselves. UM. You know, there are quite a few legitimate applications out there for Facebook and they are making you know, money for those developers.

So you know, I don't I don't think at bank UH is trying to do anything nefarious, but that doesn't stop anybody from signing up for, you know, for their services and trying to get information that way, so you know, they're gonna have to be very careful. I think I think it's important for any person using Facebook to understand that when you install an app on your Facebook, UM, you are essentially giving that vendor access to your profile as if you were befriending that person. UM, keep that

in mind. So if you post stuff on your Facebook that you know, you don't mind if your friends see it, but you don't really want anyone else to see it, remember that before you start installing apps, because you are essentially giving that that entity the same rights as your friends and UM and again like the whole, if you set your your says to private and someone else, uh installs this app and that allows the vendor to look in at you, that would probably upset you. I mean

it would upset me. And it's true, it totally can happen. Um. This has caused lots of issues for Facebook. There was one point where Facebook said Facebook executives were saying that, uh, they were going to change the app development process so that apps would only be able to access the information they absolutely needed to have in order to function the way they were supposed to function. You know why that is?

It's because groups like the American Civil Liberties Union, the a c l U and uh, you know, the Canadian Internet Policy and Public Interest Clinic have been putting pressure on Facebook to change their policies. It's called Facebook A I knew you were going to do that. You love

you love listener mail from Canada. I've got I've got more to say about Canada in a little bit, but go ahead, okay, Uh yeah, I mean apparently Facebook was retaining information from accounts that had been closed, and uh that's you know, against the law, and in Canada, right, there was there was one point where I saw I saw a claim from a Facebook executive that was made to someone who writes it for Senet. I apologize because I this is from memory. It's just from an article

I've read ages ago. But I remember that the executive said that they Facebook was certain that once that the data that the vendors had wasn't being used for any uh any well, you know, underhanded purposes, and the reporters once was. There's no way Facebook would know that because once the information leaves your servers, you don't know what

how it's being used. I mean, you you can maybe hopefully weed out the obvious bad apples from the bunch, but there's no guarantee that any particular vendor is behaving the way it should based upon the general policies. Of course, that's not limited to you know, social media. That's you know, well sure sure, But the point being that, you know, Facebook really couldn't make this guarantee that the data was

but that good. But they don't know. Now, let's let's talk quickly about Beacon, since that just beacon, Beacon Beacon. So Beacon was this, uh, this this concept that Facebook came up with that was almost universally um decried. They people just hated the idea of Beacon anyone who was like really looking into the privacy issues anyway. So there's what Beacon did was it was a kind of an application that would was automatically part of Facebook. You didn't opt into this, In fact, you had to opt out

of it. And Facebook doesn't necessarily make things easy to opt out of. You have to really know where to look. Yeah, you have to really know where to look in order to change certain privacy settings and do things like opt out of applications like Beacon. And the idea behind Beacon was that it would link your activities through various sights to your Facebook accounts, so that you could presumably keep your friends up to speed with what it was you

were interested in. And the idea behind here is kind of, you know, as kind of nice as the idea is that you know you can if you're interested in a in a book series, for example, you would automatically let people know that, hey, you just purchase the latest you know in this in this series of books, so people could say, hey, you know, maybe I should read that because he's a cool guy. I like his taste, and he's reading this. Now. Let's say it sort of serves

two purposes. I mean, one, you've got the social networking aspect of it, where you're sharing cool stuff with your friends. Hey, I just checked out this cool new cd uh. And you have the company on the other end, who goes, hey, and you can buy it from my store right now

for just only that. But again more targeting advertising because they start seeing what individual people like to purchase and then they can target ads specifically at you based on that, and and it makes sense you'd go, Okay, well, they probably won't mind this as much because we're adding sort of a social flavor to it and maybe it'll get

people to be cool. And it's kind of like I think it was kind of presuming that this way, it takes out the middleman, Like, you know, you would probably want people to know that you are shooting this series, so we're just gonna take that that extra step of you having to type it out and we're just gonna make that automatic, which could possibly go wrong with this. So here's some Here's some issues that Facebook thought about before they implemented this, or if they did think about it,

they didn't think about it hard enough. One is that let's say that you're searching for something that you don't necessarily want the world to know that you're looking for. Let's say that you're uh buying a book on cancer treatments. Okay, that's very serious issue. And now suddenly if it goes to your Facebook that so and so just bought, you know,

living with Cancer book. Now all these people who may not have known whether you know, whether it's you who are suffering through this or you're buying it for someone else that you share about. You don't want all your Facebook friends to something like, oh my god, are you okay if you're not ready to talk about that kind of thing, especially if it's not you know, your own condition and it's someone else's. You don't want every the whole world to know that you just bought this book.

So there's that there's that kind of privacy issue, And of course there's also you know, if you were buying something a little more lascivious. Let's say the heaving bosom for instance. Now in hardback, if you wanted to go and purchase the heaving bosom, uh, you know, then next thing, you know, everyone knows you bought this, and you're going to withstand tons and tons of teasing for the rest

of your natural life. Please stop. Look, it was for a relative anyway, Or let's say you were purchasing it for someone a gift, a surprise for that person. But it's not a surprise anymore because it was published on Facebook. And that's a good point. So that's a very good reason right there. Yeah, there are plenty of reasons that have nothing to do with oh, well, you know it's all the people who are worried about their you know, they're porn getting out there on Facebook. No, it has

nothing to do with that. I mean for some people, sure, I'm sure it has something to do with that. But it goes well beyond just those kind of like he he, he's a naughty boy kind of of comments. You know, there are a lot of legitimate reasons why a perfectly innocent purchase you would not want that to be broadcast across the world Wide Web, and Facebook is pretty broad. I mean there's millions, hundreds of millions of users. So Beacon got a lot of complaints starting off the right.

Off the bat actually ended up there ended up being a class action lawsuit leveled against Facebook, uh by by a group of users who all claimed that Beacon was violating their privacy and that, for instance, the main crux here was an issue with Blockbuster. Okay, so that was

one of the vendors that was partnered with Beacon. If you were to rent a movie from Blockbuster, it would send that out on your Facebook feed, and suddenly everyone knows that you just rented you know, Big Trouble Little China, best movie ever made, by the way, Um, I haven't seen it. Yeah, no, it's it's Big Trouble Little China. Godfather too. Um so you haven't seen cud Father to Oh my god. Alright, wait, I gotta take a moment.

I don't know that I can continue just off the bat. Right, So anyway, with broadcast this, well that's technically against the law. Companies like Blockbuster are legally obligated to keep that information private. Yeah, it's it's in this specific instance, right, It's not all media. It's in in this broke a specific law, right, a specific law that states that that vendors that rent out in films cannot publish what people are renting, what specific

people are renting. Now you might be able to say, like, this is the most popular rental this month, but that's different because it's anonymous. You're not saying Bob Smith rented this this month. So anyway, that that class action lawsuit eventually lead to Facebook saying, WHOA, sorry, we totally did not think this through before we pushed beacon out the door, and they quietly discontinued it, and then in September of

two thousand nine they officially killed it. Uh. Now, Facebook Connect, which is a new service on Facebook, does a lot of the same things, but it's all opt in. You can choose what you you share with Facebook Connect, as opposed to it being you know, the default. So that's that's a good step. But I mean, it does a lot of the same things. So if you're using Facebook Connect,

just be aware that it's essentially the same thing. It's just now they're they're doing it with your permission as opposed to just assuming you're okay with it, right, right, You know there there actually have been, um, some applications that have asked for very sensitive information like credit card numbers, et cetera, and um, you gotta wonder what they're going

to do with that. Um you really shouldn't wonder. Just don't use those Yeah, that's I've actually seen an article by by somebody who didn't realize that it had nothing to do with you know, um, they were giving away their very personal information. Yeah no, no, you really shouldn't be giving them that kind of stuff. Giving adding those kind of aplications gives them the vendors way too much power over your information, whether they're planning on doing anything

with it or not. That's beside the point. Now, some some applications are actually phishing scams. They're trying to get your personal information so that they can neither commit identity theft or they can do a credit card fraud or whatever. Um, So you know, looking to see what kind of information they're asking for and thinking about it before you just agree. That's that's key, you know. I mean, even if Facebook really buckles down and tries to prevent as much uh

hanky panky as possible, stuff is gonna get through. Because we're talking about thousands of applications being added all the time and Facebook can't police all of them. If they did, then it would suddenly be a huge nightmare for Facebook. I mean you you know they they I'm sure they

don't even have the manpower to do that. So, unlike Apple's App Store, where they review each app thoroughly before it goes live, I don't know how much time Facebook can spend looking at each individual application before it goes live on on the site. Um And a part of their philosophy was that the hive mind would kind of sort out what's good and what's not good, that people would adopt applications that are fun and useful and they

would ignore the ones that are kind of fishy. I don't know how true that is, because if you look at some of the pictures people post to Facebook, I would say that some people don't have that critical thinking skill. You know. I'm just saying, if you have a picture of yourself unconscious with a bottle of booze laying next to your head as your profile picture, you may not have the critical thinking skills necessary to determine what is and is not a good application. Because you know, employers

look at Facebook. Potential employers look at Facebook. Pretty sure a picture of you passed out next to a bottle is not gonna be the kind of thing that most employers are going to be looking for, unless you're interviewing for maxim or something. But um, so I said I was going to get back to Canada. Yeah, I was kind of hoping you'd forget about that. No, no, no, I've remembered day. So the Privacy Commission in Canada had major issues with Facebook. Um and took these issues to

Facebook and demanded that Facebook makes some changes. And the very first thing they they raised. The first issue they raised was third party application developers. So let me just read this. This is a quick overview of what happened and what Facebook says it's going to do. The sharing of personal information with third party developers creating Facebook applications

such as games and quizzes raises serious privacy risks. With more than one million developers around the globe, the Commissioner is concerned about a lack of adequate safeguards to effectively restrict those developers from accessing users personal information, along with

information about their online friends. Facebook's response, Facebook has agreed to retrofit its application platform in a way that will prevent any application from accessing information until it obtains express consent for each category of personal information which wishes to access. Under this new permissions model, users adding an application will be advised that the application wants access to specific categories

of information. The user will be able to control which categories of information and application is permitted to to access. There will also be a link to a statement by the developer to explain how it will use the data, which I think is kind of interesting. That's that's the first I've ever heard that about a link to actually

say this is why we need the information that we're requesting. Um. No telling when this will take effect, but apparently Facebook says they'll totally do it, okay, UM, if you're curious. The other elements that the Privacy Commission was concerned with was d activating versus deleting accounts on Facebook, because if you deactivate, you haven't deleted. You're just you're just stepping back.

We know, some of your information stays out there unless that you've written on other people's wall, you know, all that kind of stuff. If their accounts are still active, that that material is still there well that and that was part of the issue was that they were stating, you know, Facebook really needs to define the difference between de activating and deleting, make it clear to the user, and make it easy for a user to choose whichever option he or she wants, because again, it ain't easy

to find this stuff. You've got to really hunt around. But I mean that's you know, the whole purpose of the site is to connect people to each other, so it kind of, you know, making it easy to pop out of that is antithetical to their business model. Um. The other two elements were personal information of non users, so people who don't actually use Facebook but are visiting Facebook to look at whatever. And what to do with the accounts of deceit users, which we've talked about a

little bit. You know, what happens to your online identity when you, you you know, shuffle off the mortal coil. I've been doing some research on that. I want to hit that again in greater details. Yeah, we're going to do another, I think, because that is a really interesting It's becoming more and more relevant because as as the current generation that's really the movers and shakers of of what's going on today and future generations which are going to be

even more integrated with the online world. It's the stuff is kind of important. Um So anyway, good on you Canada for taking Facebook the task and holding them responsible for this kind of stuff because you know, it's just it's and and hopefully this will these will be policies that will roll out worldwide and it won't just be for our Canadian friends, because then will be like, why do they get all the privacy? Really, you need to stop like poutine? What oh now that you're gonna get

mail now? You know, because you just you just denigrated a a national food buddy. I don't like a lot of American national foods, is sure, Chris is a very picky eater. That's not even a joke. So let's boil it down. Okay, Facebook apps, Yes, they do get access to your information. Uh. Depending upon the application, it may get access to a lot of your information. What they do with that information is pretty much up to them.

Um So, if you're okay with your information being spread throughout the Worldwide Web and being used for things like targeting advertising or whatever, feel free to use those applications. If you're a little more concerned, about your privacy. You might want to cut back a bit on the application use, especially applications that you don't know who's behind it, right,

and quizzes, just stop doing them. Stop doing quizzes because really they're they're so irritating to have those pop up and fee fill up my friend feed so that I can't read any status is because I have to find out which hobbit my buddy is you read friend feed? I'm stunned. My my friend the my news feed where all my friends status is feed dot com. No, I very rarely get a friend feed. Yeah, Facebook, So we'll

see how that works out. But uh and yeah, like I said, the quizzes don't really tell you anything you didn't already know, so it's useless anyway. Please stop taking them. Okay, that's thank you, So I do too, but that a new one pops up every day, at least one, and I've got friends who will take like six or seven at a time, so you'll just bloom blue bloop and uh. Yeah, I wanted to create a quiz that said what kind

of Facebook user are you? And no matter what answers you put in, the result would be you're the kind of jerk who likes to take Facebook quizzes. You know it's he's going to do that now. Well, I can't because the quiz tool that I wanted to use specifically stated that you can't use the term Facebook in your quiz because they want to protect their their corporate identity. So even if I had created one, it wouldn't have worked out. And so you guys are spared my my

snarky quiz. Well that's about all I have about Facebook apps and privacy. So I guess this takes us to our second installment of Listener, ma'am. And this listener mail comes from Nosh and I hope I'm saying that correctly because I don't have an pronunciation guide. Hi. I'm Noh twelve years, nine months and twenty six days old and I'm from Vietnam. How are you guys doing. I really like your podcast, so just keep on rocking. I would also like to thank you guys for putting in the

effort to make a great and enjoyable podcast. But I have a request and could you guys simply at the end of every podcast us provide a short and brief summary covering all the main points that you guys were talking about so I can memorize them more easily. Thanks well, thank you so much for that email. It's very nice of you to write. Um, we tried to sum up a little bit just then, because yeah, summing up is is useful. The challenge for us is that we don't

script these podcasts out at all. Chris and I sit down, we've done our research, and then we just talk out through a you know, whatever the topic is, talk around it and give it context. So it's challenging to sum up at the end because it's just a conversation. So it's it's for one thing, I have to remember what I've talked about little last twenty five minutes, and I have trouble remembering what I said two minutes ago. So

but we will see what we can do. We'll try and be as clear as possible, because we do understand the need for that kind of summary. If any of you have any comments, questions, concerns, anything like that, not no noah tech quests like my computer is not doing this, no tech support, but any other kind of questions, you can write us. Our email address is tech stuff at how stuff works dot com. If you want to learn more, about Facebook and different kinds of applications. You can read

about that at how stuff works dot com. Crispy and I will put you again really soon for moral thiss and thousands of other topics does it how stuff works dot com and be sure to check out the new tech stuff blog now on the how stuff Works homepage, brought to you by the reinvented two thousand twelve camera. It's ready, are you