Bad idea whatever they do to it .
You could make it put up a fullscreen box with flashing borders and honking sirens saying "Allow me to steal your identity and burgle your house" and the idiots would still click ok ......
Facebook has "temporarily disabled" a controversial feature that allowed developers to access the home address and mobile numbers of users. The social network suspended the feature, introduced on Friday, after only three days. The decision follows feedback from users that the sharing of data process wasn't clearly explained and …
You could make it put up a fullscreen box with flashing borders and honking sirens saying "Allow me to steal your identity and burgle your house" and the idiots would still click ok ......
If Google's philosophy is to "go right up to the creepy line, and not cross it", it seems Facebook's equivalent is "jump as far into creepy as you can, then backtrack a little to placate the most vocal critics".
When the user is about to allow it, print their personal details in big bold red letters on the screen saying "Do you really want Company X to know this information?"
But of course, they don't want to make it obvious, because most of the people who will be mining for this information (and from which Facebook will profit) have no real need to know this information except for the purpose of pushing more unwanted crap and services on you.
I might click OK this week when I have no juicy info.
Then a few months down the line I get tempted into the "link this account to your mobile so you can MMS right ot your news feed" feature and I forget I already gave Zynga permission to SMS spam me as and when.
Or better still "reply to this text to stop this sort of spam" [only 1.50 per message, two messages required]
"However, because many users often click through permission dialogue boxes without paying attention,"
Now now, John, we're all intelligent people here, and you know the problem is much more insidious than that.
The problem is that you have no choice as to what information you share with the app, just share and use or don't share and don't use.
The Facebook interface gives you a very brief summary of what information will be shared, but it doesn't make the app developers justify the data gathering.
Facebook holds its hands up and claims its between user and app developer, but they allow people to write silly little games and then demand whatever information they like in exchange, without ever properly informing the user what they're up to.
The problem is NOT that users don't read the small print, the problem is Facebook.
Although posted elsewhere, and relating to another matter and dark matters, this is quite relevant, and relative, and exposes more data than Facebook, the Great Phish, would probably approve of and allow.
Posted by AmanfromMars on 1/18/2011 6:35:12 AM
George Sign, Hi,
It appears to be a race to the bottom for the top prize of junk currency status for both the Euro and the Dollar, and these two comments on a tale of dodgy dealings here ...... http://www.wired.com/epicenter/2011/01/goldmans-facebook-offering-americans-need-not-apply/ ..... hit the nail right on the head, and would not disagree with the above
[blockquote]Posted by: Jdhanc1 | 01/17/11 | 8:58 pm | .....
Why in the hell would they allow the investment of U.S. currency? Since they know it’s about to collapse….why let it touch them? (besides the free stuff of course.)
Posted by: jaraluce | 01/18/11 | 12:36 am | ..... the us is going to lose its status as the reserve currency of the world and we will face hyper inflation. within the next five years. [/blockquote]
Although it is probably more months than years away, the way things are progressing so rapidly. Who ever heard of a $50billion float/IPO refusing to accept dollars before. Proof positive of their zero real worth, methinks, whenever you can just call up the printers for more.
And Facebook and its valuation are relegated to the level of being another one of those funny peculiar and crooked Sub Prime, Collateralised Debt Obligation in a Structured Investment Vehicle things, which is going nowhere but downhill to the bottom of the hill and the scrap heap/junk yard?
IT's a Mad, Mad, Mad, Mad World and you have to be Pretty Crazy to Live Well in it? :-) ...
It had never really registered that banking jargon is more obtuse than martian dialect, but you're right-- collateralized debt obligation, what the fuck does that even mean when there's no real collateral involved? Maybe the lizard-man conspiracy theorists have a point ;-).
Agreed that facebook's valuation makes no sense (1.5 billion a year in revenue == 50 billion market cap how?). At this point, if I don't see cash in the bank, strong profitability, and preferably a good dividend, I'm not buying any stock. Not sure that the dollar is going to hell in a handbasket quite as soon as you suggest though-- the Euro is having some tough times itself and economist types seem to agree it will probably get the magic status before the Yuan. That said, it is definitely coming and I don't see any coherent plan from the US to create real economic growth as opposed to inflating yet another bubble.
Three days is more than enough to harvest loads of personal data by these companies.
It's an easy UI change - when the app requests it, the authorisation screen shows the permissions that the app wants and has "Give them my home address" and "Give them my mobile number" unchecked, so the user has to tick the box to hand over that information.
That way, the default "click through to get it working" workflow would not hand over your details to the application; but would still get the app running.
Can we have a Mark Zuckerberg with devil horns please?
I had this same thought - should be quite easy really.
Also, they should add a feature where the number of people that do share and that don't are recorded on a per-app basis. Then some drone at FB-HQ would get a list each day of the apps with the highest back-out ratio and have a quick look. Then a good proportion of suspect apps could be shut down. There should also be an easy way to "report" any app you have recently installed/used
In order to use TicketThing with Facebook, please visit our site first at <link> and register with us then you need only provide your TicketThing registered username to connect with your Facebook account.
Simples. The endpoint site gets the data WITHOUT it going through FailBook.
They just got caught trying to dip their hand into their users' till again, so backtracked.
"should be quite easy really"
Of course it is easy, there are many ways it could be done. The fact that it isn't done, even after so many times of being dragged through the press should tell you that it is being not done, by choice.
I deleted my telephone number from Facebook two years ago but it was clearly never deleted fully because it was shown back to me during the security information check update last month! grrrr...
Presumably if you enter a new number it would have replaced your old one, but deleting it doesn't remove it fully.
Does facebook have a customer services number you could have changed it to instead perhaps...? It would be nice to think that they get spammed for leaking your information!
... unless you overwrite first.
"Does facebook have a customer services number you could have changed it to instead perhaps...? It would be nice to think that they get spammed for leaking your information!"
Or that any spam so leaked bypasses the intermediary and goes straight to the office tasked to deal with it (in the UK, anyway), and to whom you would therefore complain. At the moment, as far as Facebook is concerned, this is my address:
C/O Information Commissioner's Office
Cheshire SK9 5AF
I hadn't thought about adding their phone number as well. I'll get right to it.
Once it's there it's there for good.
At best, overwriting is mere inconvenience. FB will have incremental, daily, weekly etc. backups.
Enter your phone number or whatever info and a month or two later there's probably a dozen or so inaccessible-to-user backups, but completely accessible to FB.
Overwriting may also flag change and draw attention (same as encryption does, even though snooper can't read it).
It staggers me beyond belief that people actually put real/correct facts into FB.
Mindbogglingly stupid, methinks.
Some 5 years ago I wrote a namespace which can be used as proxy bad (or good, you are never quite sure) information. When FaceBook was a bunch of "dumb fucks" at Harvard and Google was actually trying to live up to their motto, both were free to put this in their client API's. They had a choice.
But then my server logs would have been bombarded by the Dodgy Who Can't Read Directions. That never happened, and I'm not guessing it will.
More likely than not, a web form will not accept a link in lieu of an, for example, address.
Do the Boy Scout thing, Be Prepared.
Why is the concept of "sheeple" a no-no?
How can they be that stupid? Including the "temporary" backtrack, which is clearly only to shut the complaints up for a while. I'm happier and happier I never signed up nevermind gave them any real information. Once it's out, it's out, and giving it to facebook is evidently the same as seeing it on a public billboard for eternity, even if they promise to take it away. They just won't.
Who says governments are any different? Oh, that's right. They have armies forcing you to sign up. This is but a small illustration of things to come, people. Just so you know.
that I've never even been tempted to sign up for a farcebook account.
If you think like this you'll never experience anything :)
As long as you're sensible, you should be fine.
(Why do you need to put in your address or phone number if the people already know you!?)
Why do I need farcebook, when I already have friends?
If they want people to be able to send out text messages to users, could they not simply provide a permission that allows applications to have access to a FB API that lets them send a SMS to a user. With the right framework they could even charge the app owner for SMS sent so it doesn't actually cost facebook anything.
As for your address, well the only way to stop that being abused is to vet the applications to make sure they're being owned by real stores.
"As for your address, well the only way to stop that being abused is to vet the applications to make sure they're being owned by real stores."
What, because 'real stores' won't abuse your information? Although the following is regarding abuse of an email address, rather than phone number and postal address, it's worth reading in light of that comment:
(The emails I received from them were actually prior to the end of December - I'm sometimes late looking at my email if it's not one of my work accounts - and I don't think I've had any since then. Presumably a pre-VAT increase campaign. But still.)
They need feedback to pull this feature after 3 days! they couldn't see the problem before then? that's still 3 days of users data pretty much out the bag now sitting on some slimey marketers hard drive ready to spam even more unwanted calls and crap to some unsuspecting sod.
Even looking at the "privacy" controls it looks like this shit it opted in by default as per normal with Facebook. How long before people start seeing this for what it really is and opt out of Facebook its self I'm sure I will be.
http://www.theregister.co.uk/Design/graphics/icons/comment/megaphone_32.png Not to worry. We will all still be chanting the Facebook Creed!
The Mrs put the facebook app on her phone, which proceeded to borg her contacts and upload them to fb... exposing that info to world+dog is just an API "upgrade" away.... scary
Hmmmm... did it?
The FB app on my phone (HTC Hero) grabbed all my FB contacts and put that info on my phone but no contacts were taken from my phone and uploaded to FB.
It did Link any matches it found but it certainly didn't create any new FB "friends" for me because I know of at least 4 of the phone contacts I have are on FB but not on my friends list.
I'd be interested to know what app she's using?
Curious how Facebook have spent the last two weeks having a splash screen demanding your mobile phone number with no way to disable it and then lo and behold they have an API which uses this info.
Indeed, though my solution was simple. Every time I see that, I simply bypass it via the FB logo. I kept doing so until they stopped asking.
Time and time again FB introduces a new 'feature' then afterwards figures out the implications.
It is the sign of poor/immature management and equally poor planning.
Hard to believe there are 5.000,000 dummies who trust FB with their life data - happily plundered by police, lawyers involved in litigation, human resources departments, credit bureau's, bail bondsmen, etc. - and not necessarily in the users interests, either.
afters yesterdays little revelation I wandered through the (cr)apps I have installed in FaceBook to see what permissions they were using. Some were fine... absolution minimal usage (eg Pico), but others (eg FarmVille) "required" access to my pictures to be able to function. Huh?!
needless to say those that wanted more than basic info are now gone. I'm backing off on my FB usage to the point where it's just a place to get email from folks who won't use a real email client ...
@JaitcH, oh it's not poor planning. The attitude of Zuckerberg, he's said again and again "Privacy is dead", that privacy is no longer a "social norm", and so on. He quite simply doesn't care about privacy and doesn't think anybody else (at least anybody else that would use a social network) should either.
...in other words, the company that paid $$$$$$$$ for access to that data has got all they want now (how many unique users access the most popular apps daily?) so the feature can now be turned off and quietly forgotten.
Just how many addresses and phone numbers have been slurped in the past 72 hours?
More to the point, why is that despite there being a story like this about Facebook every other week, people still ask me why I don't have (and won't make) an account there? Isn't it bloody obvious!?
Now I know that many of my friends have been sync-ing the contact lists from their phones to FB. This means my real name and telephone number are potentially accessible via other contact lists even if I do not allow access to my own details.
And I suspect your privacy not as good as your most stupid friend. More likely your privacy is defined by the aggregate stupidty of all your friends.
"Why, you may take the most gallant sailor, the most intrepid airman or the most audacious soldier, put them at a table together- what do you get? The sum of all fears." - Winston Churchill
Having come across "rogue" apps before on facebook and clicked report (and indeed the same with groups etc) I am no longer entirely surprised to see that the app is still sitting there a week later having no been removed yet.
The stats for facebook reckon that there are up to 250million active users in any day - going on the basis of how many people on my list fall for the stupid "copy and paste this status update to your status" bollocks I'd estimate a good 50-80 million a day will therefore be stupid enough to fall for apps requesting access to your private info. But even if it was much lower maybe 5 million a day?
Even if the app gets reported and is up and running for 48 hours before it is pulled - that's a *LOT* of stolen information.
The thing that concerns me most is that I have no idea why a genuine app would want this information anyway? most websites allow me to create an account using the "facebook connect" and if they need more information from me than facebook gives them by default - that's fine I will give more information if it is needed but I would rather be the one in charge of that decision.
Farmville was mentioned above - this is the same issue Android has - an app tells you what permissions it needs to work without telling you either why it needs those permissions (eg what it intends to do). A better system would be for an app to work on basic permissions (eg yes allow this to app to run) - if you try to do some something which requires the app to need more permissions then it can ask you and you can either grant or deny.
FWIW Farmville requires access to your pics in order to post screenshots of your farm to your pictures album (to gain one of the badges) but the app will function perfectly fine without having access to your pictures - but it is not an option.
I understand the Microsoft UAC issue but the problem is not the Microsoft kept popping up a box asking you to allow whatever action to take place - the problem was uneducated users. I still VERY firmly take the attitude that if a user gets a virus or their identify stolen because they wander around blindly clicking "Allow" on every box that pops up - maybe they will learn an important life lesson very quickly? But "dumbing down" doesn't solve the primary problem - while it might make facebook easier - it isn't going to stop the user clicking on the link in that email from the Nigerian President or whoever asking you to help them transfer $100million for a cut of the money.
For instance, I use the TRIPADVISOR Cities I've Visited app. Its a useful way of sharing your travel.
Now it wants (as "required" items of data)
- access my basic information
OK - I can live with it knowing my name, profile pic, and data I've shared with everyone (not that I do share with 'everyone') and list of friends.
- send me email
OK - not a problem
- access my profile application
NOT OK _ why does it need to know my faviourite TV show?
- access my familiy and relationships
NOT OK_ why does it need to know my relationships ?
- access my photos & videos
PART OK - but only the ones I WANT to give it to use.
- Access my friends' information
NOT OK - why should my friends surrender data on the basis on MY travel details?
What we can see here is a GOOD APP that is being OVER GRABBY with its information requests.
The END USER needs to be able to SELECTIVELY say NO to data requests, and if that hamstrings the application then the application can say "oops - can't do that because".
Facebook only "temporarily" suspended a personal data-sharing feature? This should send up a red flag to everyone. Be careful what personal information you have on your profile. The more you give out, the more you put yourself at risk for identity theft!! It will eventually be shared with outside sources. We have no way of knowing who those outside sources are and what they will do with personal information they get from users. Action should be taken against Facebook to stop their constant invasion of user privacy. They don't seem to get the message that this is a major privacy breach issue with a lot of people, who don't want their personal data given out all over the internet, developers and to outside 3rd party sites.
Facebook will find out one day, when all their users close their accounts and make a mass exdous to another social-networking site, that will respect users and their private information. Until a new social-networking site becomes available to give Facebook a wake up call, protect yourself and give only your name and date of birth, with the birth year hidden, on your Facebook profile. DO NOT, under any circumstances, give out your address, phone number, credit card, employment information and education on your Facebook account!