back to article Many Facebook users expose all to strangers

Many Facebook users are happy to give up access to their personal profile to strangers. In a random survey of Facebook users, 41 per cent were happy to divulge personal information - such as email address, phone number, and date of birth - by agreeing to accept a complete stranger as a friend. Sophos, which conducted the …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    just so we're clear...

    We're supposed to be happy that our governments are collecting and mining all of our personal information in the name of our own security, but we're supposed to prevent anybody else from finding out anything about us because, even with all of this information, said governments can't prevent people from taking out credit cards in our name or otherwise pretending to be us?

  2. Anonymous Coward
    Anonymous Coward

    You dont need to add them...

    If your in a large network, such as "London"

    Then by default (not sure if it still is) other people from your network can see your profile.

    So they dont even need to accept you as a friend

  3. Anonymous Coward
    Anonymous Coward

    Limited profile

    I believe Facebook has the option of using a limited profile, which is publicly visible, but only trusted friends can get access to more personal information. Problem is, not many people use the limited (or restricted, forgotten what it's called) profile.

  4. M

    What a loads of....

    Ribbit!

  5. Jamie Jones Silver badge

    Re: just so we're clear...

    Exactly.

    Who is the great PR guru who has managed to make 'identity theft' OUR PROBLEM ?

    Any system that gives credit or access to bank accounts or whatever just based on these bits of information is damn well broke, and needs to be fixed, and if any organisation is stupid enough to use these things to prove ID, then they should be 100% liable, and the onus should be on THEM to prove otherwise.

    Everyone I went to school with could still know my date of birth. Anyone in the village who knows us/of us could know my mothers middle name.. My full name and address and phone number ? Ditto. Email address ? That's never been private..

    This should NOT be a problem for us, but the institutions, so why is it so difficult to sort things out if an organisation ILLEGALLY gives our money/information/credit or whatever to someone else ?

  6. Pascal Monett Silver badge

    Isn't that nice ?

    So, dear customer, we have specifically made a social application that you have subscribed to on purpose, but actually you can't trust either the application, nor the users, nor even the management, if you value your privacy.

    Have a nice day.

  7. John Miles

    Of course

    There was a time when any person socialising via web, you'd be highly suspicious of any details they gave you – because they were liable to exaggerate or outright lie about things like age, jobs etc. just to impress

  8. Roast Duck

    re - Of course

    y wud i ever lie about my own stuff !!! i am simple kid going to a decent college and in my early teens.. care to be my friend ???

  9. Christopher Herot

    This is not th

    While I am saddened that so many people have so few friends that they will accept a friend request from a frog named Freddi Staur, the "personal information" they were sharing turns out to be things like addresses and phone numbers. Last time I looked, I could get this information more quickly by looking in that thick, white book that my local phone company leaves on my doorstep every spring. If we want to deal with identity theft, the place to start is with institutions such as banks and phone companies that accept as proof of identity information that is widely disseminated. Even the favorite Social Security Number is not so good - it's not a secret if every company you do business with has a copy. (If you live in the USA, look at your Social Security Card. If you got one before 1972 it says right on the front "Not to be used for identification.")

  10. Anonymous Coward
    Anonymous Coward

    What about...?

    What about MySpace - is it the same? I have a profile there (not telling what it is!) and have secured it so only people I know or who know me can be added as friends. It isn't difficult and if you have a profile of that type and you're worried about "identity theft" then that's the way to go. Identity theft has been going on longer than I can remember - there was a guy sacked from the bank I worked in in the 70's for fraud committed by identity theft.

  11. Anonymous Coward
    Anonymous Coward

    Personal Information

    I never put my full addy on my profiles, at most I only put my "City of Origin". This is Mexico City ... good luck finding me amongst 20 *million* residents. No full name on those either.

    As well as others, I also hate that financial institutions use easily accessible information for verification processes. But I also have a gripe with the "secret question" dudes. Why do I have to choose one of a preset choice of questions? The "questions" are so lame they are easily guessed by anyone you've met and have known for more than a week. Or maybe even less... remember how Paris Hilton got 0wn3d.

    (Of course, I could do like a friend: his answer for "Pet's name?" is something along the lines of "I DON'T HAVE A F**KING DOG!!!")

  12. Anonymous Coward
    Anonymous Coward

    I claim royalties!

    I posted a note on this on facebook months ago, someone pay me cash as clearly i'm a genius!

  13. Anonymous Coward
    Anonymous Coward

    A Guide

    This is a cut n paste from a quick n dirty guide i wrote for some of my less than techy friends on facebook some months ago. I claim props (i am so sad it hurts)

    Ill post some here for anyone whose interested in securing facebook although i don't pretend that it is a a complete and perfect solution, just better than doing nothing.

    [quote]

    I am sure many of you have got random friend requests from apparent complete strangers without any form of explanation at all. I am also sure that you would not automatically add said strangers to your “friends” without reason. However some people feel awkward at rejecting friend requests even from complete strangers. This is of course what these people are relying on to get information. Other than that Facebook allows people to see information from your profile if you message them back asking them such logical things as “Who are you?” Facebook grants this access to them for 1 month and if you haven’t changed your privacy settings this is as good as adding them to your friends list. This is also what these people are relying on. Finally the Facebook search listing system is quite powerful and discloses enough information about you on default settings to be a concern particularly for people searching within a Network.

    Firstly on your profile at the bottom of your page Click the button “Public Listing” then cut n paste that URL / Address into your browser to see what information you are giving out when people search for you. This by default is often too much information so click “Return to Search Privacy” on that screen. You don’t need to limit who can search for you or who can view your public listing otherwise people won’t be able to find you if they are not already friends and this will stop you being able to re-united with old friends. Instead you just change what people can see when they do search for you. However I would take a tick out of the box “Allow my public listing to be indexed by external search engines” as there is just no need or advantage to that option. At the bottom of the page is a section called “What Can People Do With My Search Results” I would suggest that only thing they need to be able to do is “See your picture” & “Send you a message” so take ticks out of every other box. They don’t need to see your friends, you should only let people you like POKE you (hehe) and you can add them as a friend later. Don’t forget to click SAVE at the bottom of the page. Now when people search for you they will only be able to search on Facebook and only have access to the minimum of information they need to contact you and nothing else. You can check to make sure it works by looking at your public listing as in the beginning of this whole thing, you should see a much more safe search listing / public listing.

    The next thing you may want to change is your privacy settings for you “Poke, Message, and Friend Request” so start by clicking “Privacy” in the top right on your profile screen and then on the screen that follows “Poke, Message, and Friend Request”. This bit is simple just take a tick out of every box except “Basic Info” and then click SAVE at the bottom of the page again. This will increase your privacy when you reply to messages or poke someone who isn’t on your friends list. It is useful as sometimes you may receive a message from someone and you may not be sure who they are so you may want to message them back but in doing to Facebook will grant them one months access to your profile. This option will limit what access they have during this one month to what they actually just need to speak to you and nothing else. This will defeat the secondary method people use to obtain access to your full profile as otherwise if you reply without changing these options they gain nearly as much information for a whole month as they would by being on your friends list. Therefore you can message them back with more confidence you aren’t giving them private information.

    The final thing I would recommend you change in your privacy settings is who can see what in general. You do this by going again to the “Privacy” in the top right on your profile screen and then on the screen that follows “Profile”. On this screen just change everything to “Only My Friends” in the entire list of drop down boxes present on the screen and then click SAVE. This is obvious as it will mean that only your friends will be able to see these items on your profile as opposed to everyone or strangers in your network. If you prefer to have some elements of your profile shown to non friends / strangers then select the relevant option on each of the drop downs but be careful which you choose as people you don’t know will be able o see this information by dint of just being in your network.

    There are other things you can change such as your limited profile and application privacy settings but there are other notes around on this and if you need them then just shout up. I will assume that if you know about your limited profile then you will be comfortable enough with computers and Facebook not to need a “How to” guide like this,

    Disclaimer – The above will help you improve your security and privacy but I don’t claim to be an expert on Facebook so if this really bugs you use the Facebook Help Options for detailed information. This guide is just designed to firstly make you think about security / privacy and take some basic steps to securing / improving yours if you haven’t already.

    [/quote]

    Caring but sad, i need to get out more

  14. Graham Cluley

    Good advice for better privacy and security on Facebook

    Some good tips there to start people in the right direction on Facebook. The problem is much more of a human one than a technological one -- Facebook have put controls in place, it's just that people aren't using them. Sigh..

    Sophos has published some step-by-step advice on how to set your privacy settings on Facebook which may be of use to many readers concerned about identity theft online:

    http://www.sophos.com/security/best-practice/facebook.html

This topic is closed for new posts.