Facebook/app data privacy – sharing gone wild

So you browse your favorite restaurant review site and settle on a great Mediterranean restaurant, and “magically” a variety of preferences get fed back to your Facebook profile, to be shared, re-shared and re-shared, ricocheting around the internet to form purportedly value-added experiences elsewhere you visit. That’s great news if you want your preferences bounced around, giving websites and apps information that could possibly provide a more personalized experience wherever you visit. It’s also bad trying to protect maddeningly automatic Personally Identifiable Information (PII) and preference sprawl, all at the speed of light.

There is a macro trend flooding the interwebs that almost EXPECTS users’ information to be fed and cross-fed elsewhere online. When I signed up on pinterest.com, it expected (and indeed required) me to provide Facebook or Twitter logins, so the ooze of my information back and forth begins, in order to give me customized output based on it.

This frictionless sharing can make it devilishly difficult to control personal privacy sprawl. I have a friend who a few years back determined to keep his own identity completely off of the internet. This included no pictures, signing up for mandatory online services using aliases, etc. It was simpler then. Moving forward, my friend will have quite a time as more and more online services move to a 2-factor authentication scheme where users have to provide things like passwords, along with you guessed it Facebook/Twitter logins, which are then linked to everything else.

Aside from the obvious parallel of my friend feeling like he’s being forced to sign up for the Matrix, mostly to volunteer to be invaded by curiously personal floods of advertising, should he have a right to keep his own private life pretty much to himself?

Advertisers, on the other hand, are creatively looking for ways to get in front of more targeted eyeballs than just wide net venues like traditional TV. One of those ways is invading the app world and embedding revenue models into things people are already doing, and monetizing the data. Your data. Well, sort of, really more like a snapshot of someone just like you, aggregatized and sold as a pile of targeted data. My friend would argue that doesn’t seem very anonymous in the traditional sense. And he wouldn’t be alone.

For those who value their own privacy, it’s a tough road ahead. Someone remarked that we are seeing the end of the age of privacy, but at what price? Those who have had experiences with personal information spreading wildly out across the internet to those they don’t know, ala racy tropical vacation pictures involving margaritas and double-dares, know the pain incurred and subsequent reputation damage that can happen firsthand. But what can you do once your data is out there besides change your identity, and possibly lay off the margaritas? Good question, and one that lots of folks will wrestle with as the app sprawl goes wild, taking your information with it, and then trying to get it back.

My colleague Stephen Cobb points out an article showing how a single breached Facebook account became a potential leverage point for scams aimed at the myriad friends that account owner had. This highlights that your security/privacy is only as strong as its weakest link, which might be a close friend who’s not particularly interested in either privacy or security until they get burned, and then you do too.

Author Cameron Camp, ESET

  • Stephen Cobb

    On the issue of getting burned by shared photos you can't delete, this article from ars technica offers some perspective:

    arstechnica.com/business/news/2012/02/nearly-3-years-later-deleted-facebook-photos-are-still-online.ars

  • http://twitter.com/zcobb Stephen Cobb

    I try to live by the rule “never post anything online that you don’t want your Mum to see”.

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

1 article related to:
Hot Topic
09 Feb 2012
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.