Sign up to our newsletter
The latest security news direct to your inbox
Facebook and Skype announced the launch of Video Chat on Facebook using the Skype platform. Users must download the newest version 5.3 (although 5.5 beta is also acceptable). If a person takes the plunge and installs the new version, logs in and grants Skype permission to one’s profile on Facebook then pay attention please. The news stories are not talking about this for those interested in privacy.
And we found in our recent Harris Poll survey that nearly 70% of respondents are indeed concerned with privacy on social networking sites.
What are the lessons we aim to walk away with? Let us explore this using the 5.5 Beta thru the following questions:
As the reader steps thru this article, please feel free to click on image thumbnails for an enlarged view.
Once the new version is installed and running and after logging into Skype there is a new Facebook tab available with an option to connect.
I begin to step thru the connection process and found the familiar Facebook login screen as shown next.
Upon logging into Facebook via the Skype client application I am duly presenting with the “Request for Permission” screen as shown below.
Let us break these out for observation.
From what I have observed over time this is a fairly routine and “required” access setting. Facebook defines it as:
Includes name, profile picture, gender, networks, user ID, list of friends, and any other information I’ve shared with everyone.
Same observation as above, defined by Facebook as:
Skype may email me directly at … .
Another common observation I have seen, and described by Facebook as:
Skype may post status messages, notes, photos, and videos to my Wall.
This option (and those that follow) is where we start to head into permission settings that are questionable to me (and to some extent even the options preceding).
“Skype may access my data when I’m not using the application”.
Undefined by Facebook.
Undefined by Facebook.
Defined as “Skype may read my check-ins and friends’ check-ins”.
“About Me, Birthday, Hometown, Current City, Website and Facebook Status”.
“Photos Uploaded by Me, Videos Uploaded by Me and Photos and Videos of Me”.
“Birthdays, Hometowns, Current Cities, Websites, Photos, Videos, Photos and Videos of Them, ‘About Me’ Details and Facebook Statuses”.
For purposes of this article, I click ‘Allow’ and check further.
Once enabled, this is the view of my Facebook page thru Skype.
Immediately I visit my Facebook Privacy Settings for Applications through an Internet Browser and check the Access Log for Skype. Snapshot is provided below.
In the minute that Skype has had permissions to access the following bits of data from my Facebook profile:
I wonder why Skype would like to know about my friend’s’ photos?
A person may modify the changes to the initial “Approve/Deny” selection for Skype’s permission request. These are the following options that are fixed and removable:
|Required / Fixed||Optional / Removable|
|1||Access my basic information||Post to my Wall|
|2||Send me email||Access posts in my News Feed|
|3||Access my profile information||Access my data any time|
|4||Access my photos and videos||Access Facebook Chat|
|5||Access my friends’ information||Check-ins|
Permission for Skype on Facebook look like the following screen shot after all the options to Remove have been executed.
However, Skype is still permitted as a “Requirement” to access information on my friends.
Skype is asking for access to lots of information about you, and also about your friends. The key in using this application either by yourself, or by a friend is to configure your own Privacy Settings for your Facebook profile.
Even if you do not use Skype for Facebook, it is important to review your settings. Be sure to read my Guide on Facebook Privacy:
Pay particular attention to “info accessible through your friends”, a snapshot of which is provided below. If your settings look like this (default by Facebook), then a friend of yours who installed Skype and connected with Facebook has already accessed your data.
While you are checking this, confirm what you are sharing publicly if your desired interest is to remain private. If your intention is to be public, then your current settings may be just fine.
It is my intent to let folks know that should you elect to bypass using Skype on Facebook, be wary of what you share with your friends and what your friends are permitted to re-share.
Skype can access virtually anything about a profile on Facebook if a person gives it permission including phone number, photos, videos and chat.
Skype may access your information directly.
Should you elect to deny permission (skip Facebook and Skype integration), your own friends may choose otherwise. So if a person permits their information to be shared through their friends, Skype can still access that person’s data.
Skype may access your information indirectly.
Your own privacy mileage may vary yet I leave you with the ultimate question (may apply to anything on the Internet, not just Skype or Facebook):
Do you want your life without your knowledge accessible by Skype (now owned by Microsoft) through your friends, or by you?
It would be nice to know your choice, so please let me know by commenting on the blog or by sending me a message.
In the meantime, enjoy the new feature if you are using it. I signed up for this using my work Facebook account. See you around the Internet!
Since many folks are indeed concerned with Privacy on social network sites, feel free to check into the LinkedIn Privacy Guide article.
Please implement good password techniques and keep our ecosystem free and safe.
Thank you, Paul Laudanski.
Author ESET Research, ESET