Back to News & Commentary

Facebook Application Privacy Breach Exposed

Nicole Ozer,
Technology & Civil Liberties Director, ACLU of Northern California
Share This Page
October 18, 2010

This past weekend, the Wall Street Journal reported that the most popular Facebook apps consistently share information about you and your friends with advertisers and other third parties, no matter what your privacy settings are. This isn’t the first time a significant and ongoing privacy invasion and violation of Facebook’s own rules has been uncovered not by internal Facebook oversight but by an outside investigation. Facebook needs to stop addressing this problem with secret “policy enforcement” and start putting choices and control back where it belongs: in your hands.

How apps really work is still a mystery to many users. That’s why we wrote this Facebook Quiz to help you understand what happens behind the curtan and how much information about you these apps can really see — even if you never use an app yourself!

Facebook, to its credit, has taken some steps to address this, including creating a granular permissions model designed to put some limits on the data that each app can access and launching an applications dashboard that helps you understand how much information the apps you run are collecting about you. These are both steps in the right direction, as we pointed out in both cases. But neither is a complete solution. Granular permissions gives you more transparency about the apps you run but not full control over what information you share, and doesn’t give you any greater control over the apps your friends run. And the apps dashboard, while a good concept, doesn’t tell you anything about the apps your friends run that access your information.

That’s why we, along with other privacy advocates, have continued to push Facebook (PDF) to improve its privacy controls and address the “app gap.” Unfortunately, Facebook’s response to our Open Letter was to claim that it “heard these concerns” but had already done what needed to be done.

As we pointed out then, and as the recent breach clearly shows, there is definitely still more to be done. In order to fix the app gap and make sure that personal information about you is only accessed by people and developers you trust, Facebook must give you complete and meaningful control over which apps can access your information and what information these apps access. Of course, Facebook should continue to enforce its own policies about what apps can and can’t do with your data, but it also needs to recognize that putting more control in your hands can only help the situation by letting you choose to share your data only with apps that have earned your trust.

So do your part! Over 90,000 people have already signed the petition to Facebook demanding better control over their personal information. Sign it here today!

Learn More About the Issues on This Page