Which Facebook Apps Steal Your Data (and How to Stop Them)
The biggest privacy problem with Facebook isn’t Facebook itself, it’s Facebook’s apps. There are more than 500,000 games, puzzles, quizzes and other time wasters in the Facebook platform, many of which exist for the sole purpose of sucking data out of your account. Worse, these apps not only can access your information, they can also grab data from your friends’ profiles, depending on their privacy settings. Thank you, obnoxious Farmville fans.
Facebook establishes limits about what data apps can access and what they can do with it, but they don’t appear terribly motivated to enforce those rules. For example, in October 2010, ten popular Facebook apps were found to be slurping up user data in direct violation of Facebook’s own terms. In response, Facebook removed some of those apps on a Friday, then reinstated them on the following Monday.
Now you can take matters into your own hands and find out who the real data vampires are. PrivacyScore from PrivacyChoice is a Chrome plug in that rates how each app deals with your data on a scale from 0 to 100. It can also do the same for Web sites. You can view these scores on the Web, on Facebook or, if you’ve installed the Chrome extension, by clicking the PS icon in the browser bar when you install an app.
- How to murder a Flash cookie zombie
The second 50 points come from the trackers used by each app or site. That score factors in the privacy policies for each tracker, whether they belong to an oversight group like the Network Advertising Initiative or Ad Choices, and how frequently the company’s tracking cookies appear for a particular app or site. So if Evil Web Tracking Company A appears on 10 percent of the app’s pages and Slightly Less Evil Web Tracking Company B appears on 90 percent, Company B’s privacy score counts more.
The bottom line, says PrivacyChoice CEO Jim Brock, is that you get a single easy-to-grok numerical score without having to wade through all that stuff I just mentioned.
So far, PrivacyScore has rated more than 200 popular Facebook apps and nearly 2000 sites. Using a combination of automated tools for parsing privacy policies as well as human reviewers, they hope to have more than 5,000 apps rated by year end.
Though the service is free to consumers, Brock hopes to make money by selling access to his API to Web publishers who want to publicize what good privacy citizens they are to the rest of the world.
"The biggest surprise has been how much a single number focuses attention and effort on the part of the companies that are rated,” he says. “We get calls from publishers all the time and their first question always is, ‘How do we improve our score?’ I’ll hear from the person who owns privacy at a particular publisher and they’ll say now they finally have the measurement they need to get their boss’s attention."
One notable flaw in the ointment is that the PrivacyScore is based almost entirely on the policies published by the apps and tracking companies. As we’ve seen more than few times, companies occasionally end up violating their own privacy policies – sometimes accidentally, and sometimes accidentally on purpose.
Brock says they’re still trying to work out how to include actual compliance with policies and things like data breaches into his rating system, as well as how to deal with Do Not Track opt outs that are really Do Not Target Me With Ads But Continue to Collect My Information opt outs.
Is PrivacyScore a cure for Facebook’s app afflictions? Not really. It’s more like an over-the-counter medicine; it relieves the more obvious symptoms without removing the underlying cause. Still, the relief is welcome. Maybe one day it will force the big app publishers to clean up their acts, and push some of the more evil developers out of the app game entirely.
Got a question about social media? TY4NS blogger Dan Tynan may have the answer (and if not, he’ll make something up). Visit his snarky, occasionally NSFW blog eSarcasm or follow him on Twitter: @tynan on tech. For the latest IT news, analysis and how-to’s, follow ITworld on Twitter and Facebook.