WTF FaceBook?

December 10, 2007 Filed under: General — Kellie AFP @ 11:33 pm

I admit I haven’t been on FaceBook for very long. When I finally took the plunge, it was somewhat grudgingly, dragging both my feet all the way.  When I went to FaceBook tonight, I was greeted with this little beauty at the top of my home page.

FaceBook

Eh? You won’t store my login info or contact anyone without my permission? Damn tooting you won’t because no way in hell am I about to give a third party my login info, for my email or AIM account. Even my ISP doesn’t *know* my password for my email account. I’m certainly not opening up access to my whole account just so you can see my address book or BuddyList. And I sure the hell hope none of my “friends” on FaceBook who have me on their contact list does either. I mean not everyone necessarily puts their IM info in their profile. And I may have more than one email addy in someone’s address book which may or may not be the addy I’m using on Facebook. “Without your permission” is ALWAYS a big red privacy flag for me. It’s a long shot away from saying “We do not/will not store or contact anyone.”

The recent issues regarding FaceBook and privacy doesn’t make me feel all warm and fuzzy like it is. For those who haven’t heard, the tracking of user’s activity on other web sites via the FaceBook cookie, even if you were logged off of FaceBook. Heck, I’m not too terribly thrilled with their overall Privacy Policy in general. I’ve already stopped installing many FaceBook apps because the developer automatically has access to some of profile info, what info being somewhat nebulous in the Privacy Policy. When I started trying to utilize the Privacy Settings for Apps, I was taken on click circle, the end result being to restrict access to personal information seemed to be remove the app. Although, it seems the developer would have already had access. Hell, when someone sends a message I have to install the app just to see what they sent. I’ve already stopped that in many cases when I have no clue who the developer is. I’m sure some think I’m anti-social, but that’s why. I just don’t think I should have to give some unknown party, who can be anyone, access to an unknown amount of my personal informatlion just in order to “see” what a friend has sent me.

Back to FaceBook’s attempt to grab my email/aim login info. The form isn’t even on a secure page. Ok, so I viewed the source code and the form does Post to a SSL URL. Still, it’s not something I like to see. I much prefer such information being tranmitted on a page that is already on the “https://” domain. It’s also the usual accepted method in terms of security. But I also saw other coding tags in parameters such as “autocomplete=off” and tags which referenced storing. Not saying anything neferious is being done by FaceBook, but not things that made me feel warm and fuzzy. Why are they even there? On the side, I NEVER use any autocomplete things for my username and password to anything for security reasons. Call me paranoid, but I see the kinds of stuff that does go on out there.

FaceBook has a lot of potential. But are going to have to take privacy and security issues, even the appearance of such, more seriously for the long haul. The newness and coolness will eventually wear off for the people who are blindingly clicking any link that comes through FaceBook. Reputable companies take such things seriously.

To be blunt, the first thing that went through my mind when I saw that box was…damn that looks like something you’d see on a damn phishing site.

So yeah..WTF FaceBook? I’m no I’m not thrilled that you may be accessing PPI on me from my “friends” who aren’t as security conscious which *I* haven’t given you.

12 Comments »

  1. This isn’t anything new. They’ve had this feature for as long as I’ve been there. I even used it and found a couple friends I wasn’t aware were on Facebook. This is a very common feature among social networks and is more or less the standard. There are even other sites like Meebo that let you chat on AIM via an AJAX interface. In fact I wouldn’t mind offering this feature on my own social networks. It helps users avoid searching for all their friends everywhere they go.

    Comment by Scott — December 11, 2007 @ 5:41 am

  2. It’s the first time I’ve gotten it on FB, but again I haven’t been using FB for that long.

    I personally don’t use Meebo, I’ve never had a reason to need to. However, Meebo does state on their homepage that they encrypt the passwords (as they should say). And they specifically state at the beginning of their privacy policy they do not store the passwords. No qualifiers. Meebo also hasn’t been caught (more than once) with their pants down around their ankles over privacy issues…at least that I’m aware of. I didn’t find anything specifically in the FB privacy policy regarding third party passwords they are collecting nor the other information needed to match people in your contact lists with FB profiles.

    Of course I lean towards the paranoid site because of I’m aware of the degree social engineering and social sites are used to engage in questionable tactics from being used as a platform for spammers (MySpace incidents of phished accounts used by a CPA Network for spamming) to installation of adware (Zango on MySpace) to IM services exploited for all kinds of malicous behavior.

    End users seem to have a blindness to security and privacy issues in the social context. The technology can give some cool features to end users. Companies using them need to be diligent in their privacy and security if end users are to feel confident in them long-term, a seeming critical point for social networks. For me, FB has a ways to go to earn my trust…but then again I’m on the paranoid user end of the spectrum. I do try to practice safe surfing. :)

    Comment by Kellie AFP — December 11, 2007 @ 7:09 am

  3. The way I interpret that message is they won’t store any 3rd party logins or passwords. Just because it isn’t in their privacy policy doesn’t mean what they say isn’t true.

    Comment by Scott — December 11, 2007 @ 8:11 am

  4. Tylenol rapid release gels description….

    Tylenol overdose. Pictures of different kinds of tylenol. Tylenol….

    Trackback by Tylenol. — November 7, 2008 @ 8:21 am

  5. I came across. Thank you.

    Comment by myzobra — November 11, 2008 @ 2:21 am

  6. Good blog

    Comment by samuells — November 15, 2008 @ 6:04 am

  7. Thanks a lot for this post

    Comment by extremschmuser — November 15, 2008 @ 9:22 am

  8. Thanks for the post,

    Comment by inkue — November 15, 2008 @ 3:43 pm

  9. Hmm. Good.

    Comment by glauciarezende — December 8, 2008 @ 5:10 pm

  10. Nice post man i just signed up to flickr to!

    Comment by jgalucio — December 9, 2008 @ 6:20 am

  11. Hmmm, I am tempted to try this.

    Comment by wadeball — December 11, 2008 @ 4:41 pm

  12. Keep up the good work! :)

    Comment by Aland — December 11, 2008 @ 8:46 pm

RSS feed for comments on this post. TrackBack URI

Leave a comment

Line and paragraph breaks automatic, e-mail address never displayed, HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

(required)

(required)