Facebook - Are Those Annoying Applications Stealing Your Identity?

Date May 6, 2008

If you're new here, you may want to subscribe to my RSS feed or get new posts via email. Thanks for visiting!

Anyone who has used Facebook knows all about the non-stop deluge of crazy applications that your “friends” have installed and were nice enough to invite you to install. But what do those applications actually do?

We’ve written about identity theft and Facebook before, as well as new Facebook privacy controls. The BBC’s show Click has an interesting new segment on how easy it is to have your data stolen on Facebook by a maliciously coded app. In fact, they built one!


The Miner Strikes

The Beeb created an application called The Miner in less than three hours. If you installed this app, it would go through yours and your friends’ profiles:

But whatever it looks like, in the background, it is collecting personal details, and those of the users’ friends, and e-mailing them out of Facebook, to our inbox.

I added the italics - note that your friends, even if they never installed the application themselves, would be victims.

Now, you might be thinking “why would I be stupid enough to install an application called The Miner?”. Fair enough, but there is absolutely nothing to stop putting similar code to this inside some other “fun” application like a game, photo app, quiz, whatever.


Facebook’s Response

Facebook’s response to this was predictably weak.

It told us that it has an entire investigations team watching the site, and removing applications that violate its terms of use which would include our Miner application.

It also advises users to use the same precautions while downloading software from Facebook applications that they use when downloading software on their desktop.

As the BBC mentions, compounding this problem is that applications do not actually run on Facebook’s servers, so the company really has very little idea what is going on.


A Little Protection Goes A Long Way

How can you protect yourself? First things first - when you get an application think to yourself “do I really need to install this?”.

Assuming you do need, it, watch the window that comes up when you install the application. Uncheck this setting unless it really really needs it:

Allow This Application To Know Who I Am And Access My Information

Aside from that, it is time to take a trip to the Facebook privacy settings and tighten things up there to control who can see what.

The BBC’s Click segment is here, and they have a video about it here (why do you not let us embed BBC, why oh why).

Related Posts

  • Video: Protecting Yourself From Identity Theft On Facebook
  • The Best Of Identity Thoughts: May 2008
  • Facebook Privacy - New Controls
  • Identity Theft and Facebook
  • House Stealing: Identity Theft + Mortgage Fraud = Big Problems

    • Category Posted in Identity Theft, Social Networks

    Leave a Reply

    XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>