Mac Forum / Country Specific / UK Mac Group / May 2008

Although I have a Facebook account, there's very little personal
information on there, partly because I've always felt pretty uneasy
about Facebook applications, especially the first line that says "Allow
this application to access all of my personal  details"?

I've wondered what Facebook does to make sure that the applications that
are available haven't been written to harvest information for identity
theft.

It turns out the answer is very little.

<http://news.bbc.co.uk/1/hi/programmes/click_online/7375772.stm>

Essentially the story is that the BBC created a Facebook application to
send personal details to an external email address. The application  can
not only extract details of people who install the application, but also
the details of any friends of those people.

I'm a bit surprised there hasn't already been a big ID theft scam
discovered based on Facebook info skimming.

Facebook's response to the BBC Click article says basically that
naughtiness is not allowed, and any applications found being naughty are
either asked to comply, or removed. In other words, if an application is
found to be harvesting users' information they'll take action - closing
the barn door after the horse has bolted. If you find out you've had
your identity stolen using information from Facebook, you are encouraged
to tell Facebook:

"When a user adds an application, they agree to the Facebook platform
Application Terms of Use, which allows the developer to make requests
for access to the information in the user's profile, excluding contact
information.
Users are strongly encouraged to report any suspected misuse of
information to Facebook.

We have sophisticated technology and a dedicated team to address
inappropriate activity by applications. Access by applications to
Facebook user data is strictly regulated and if we find that an
application is in violation of our terms and policies, we take
appropriate action to bring it into compliance or remove it entirely.

Facebook is committed to user safety and security and, to that end, its
Terms of Service for developers explicitly state that applications may
not use adware, spyware, or other deceptive techniques.

It is not just the policies that dissuade misuse, it is the fact that
there is accountability for such misuse. Facebook has an entire
Investigations Team that watches the site and removes content and
third-party applications that violate Facebook's Terms of Use.

Facebook users also police the site and use the "report" button if they
come across violators of our Terms of Use."

I wonder if Facebook would comply with the UK Data Protection
regulations?