Facebook has come under fire for a new policy that allows third-party application developers to gain access to users’ addresses and phone numbers, with one security firm warning users to remove that information from their profiles entirely.
Security firm Sophos has even released a blog post warning users about the new changes, saying that unsuspecting users could be caught out if they don’t change their privacy settings.
“The ability to access users’ home addresses will also open up more opportunities for identity theft, combined with the other data that can already be extracted from Facebook users’ profiles,” senior technology consultant Graham Cluely said in a blog post.
The news also comes as reports suggest investment bank Goldman Sachs has backed off from a plan to sell Facebook shares due to excessive media coverage.
While the use of third-party applications has allowed Facebook to become the most popular social network in the world, a range of privacy fears have also emerged as a result. These apps usually want to access private data, and Facebook has come under fire for granting them that access.
Facebook made the announcement on its own website, informing developers that “we are now making a user’s address and mobile phone number accessible as part of the user graph object”.
But it also pointed out that as a result of this information being so sensitive, new permissions must be explicitly granted to the application through the standard permission dialogue, which appears whenever users grant applications permission to view their profile.
The company argues that this move will make it easy for people to share information they’ve entered into Facebook with other website.
Even so, the backlash from members has been loud, with messages spreading over Twitter and Facebook itself saying the move is yet another invasion of privacy.
Cluely said in his blog that unsuspecting users will simply agree to the new changes without actually reading what they do.
“I realise that Facebook users will only have their personal information accessed if they “allow” the app to do so, but there are just too many attacks happening on a daily basis which trick users into doing precisely this,” he said.
Cluely says there are plenty of rogue applications that post spam links to users’ walls, along with others that send users to surveys that earn those app developers commissions. Cluely says providing access to mobile phone numbers could see people signed up for premium services without their knowledge.
“Now, shady app developers will find it easier than ever before to gather even more personal information from users. You can imagine, for instance, that bad guys could set up a rogue app that collects mobile phone numbers and then uses that information for the purposes of SMS spamming or sells on the data to cold-calling companies.”
“The ability to access users’ home addresses will also open up more opportunities for identity theft, combined with the other data that can already be extracted from Facebook users’ profiles.”
Cluely recommends it would be better for Facebook to approve all of the developers who have access to that information, but until then, he offers some simple advice: totally remove your home address and mobile phone number from your Facebook profile.
Sophos also says users need to look at their privacy settings and ensure every one of them is up to date, and in line with how much information you want broadcast.
The issue of privacy is one that has plagued Facebook since its beginnings. As more people join the service, and more third-party applications start harvesting data from profiles, the company has come under fire.
Businesses should also be aware of installing rogue apps through their profiles, which can cause some major damage if they spam your Facebook “wall”. In such a situation, those spammed links would show up on your members’ feeds, perhaps causing them to block you altogether.
Meanwhile, both the Wall Street Journal and New York Times have reported Goldman Sachs has backed off from selling Facebook shares to wealthy investors, with sources reporting the firm is worried the initial calls for interest could be viewed by regulators as solicitation.
“Goldman Sachs originally intended to conduct a private placement in the U.S. and offshore to investors interested in Facebook,” Goldman said in a statement, according to the NYT.
“Goldman Sachs concluded that the level of media attention might not be consistent with the proper completion of a U.S. private placement under US law.”