NEWS FROM THE LAB - Thursday, August 25, 2011

Facebook to Prevent 3rd-party Apps From Seeing Your Information Via Your Friends? Posted by Sean @ 12:46 GMT

On Tuesday of this week, Facebook announced significant changes to their profile controls and sharing options. The roll out of these changes begins today, August 25th. You'll find an excellent summary of the changes by Jason over on our Safe and Savvy blog.

Meanwhile, we've been busy digging into the details and reading between the lines.

And there's lots of details to consider:

Dig Into the Details

Wait… there's more:

Dig Into the Details

Aha! Now this is interesting (Facebook buried a good lead here…):

Info accessible through your friends

"This setting has been replaced so that instead of just being about your friends, this now prevents anyone you shared something with from re-sharing it with applications."

If we are interpreting this correctly — Facebook will now prevent third-party applications from seeing your information via your friends. This is something that the American Civil Liberties Union (ACLU) took issue with already back in December 2009 (the last time that Facebook made similar changes).

ACLU Blog Of Rights

The ACLU even created an application to demonstrate just how much access applications have via your friends:

ACLU, What Do Quizzes Really Know About You?

And this is the information that is available by default:

Info accessible through your friends

Based on our polling, not many people realize the implications of this privacy setting.

And the only real way to be sure your friend's third-party applications are blocked is to completely disable Facebook's "platform".

Dig Into the Details

Facebook recently began offering refined privacy controls in its Application Settings for what your applications share with your friends. Each individual application's "App privacy" can be adjusted:

App privacy

But based on our reading of these new details, it looks as if Facebook is about to take this one step further and will simply prevent all third-party application access via Friends.

And that would be excellent news.

Still, if you have a Facebook account, don't wait, take the time now to examine your Privacy Settings and adjust the "Info accessible through your friends" in the "Apps, Games, and Websites" section, just to make sure that your settings reflect your personal preferences… before Facebook's changes are applied.

P.S. to the ACLU: You really should consider decommissioning your "Quizzes" application and delete its page.

The application doesn't work properly anymore, and you've allow the page to become overrun by spam.

Dig Into the Details


Updated to add on September 5th: Unfortunately, we've now seen the new setting and our interpretation was far too optimistic.

Facebook claims it tries to use simple English… but this is clear as mud.

This is the language of the old setting:

"Info accessible through your friends: Control what information is available to apps and websites when your friends use them."

Here's the language of the new settings:

"How people bring your info to apps they use: People who can see your info can bring it with them when they use apps. Use this setting to control the categories of information people can bring with them."

In other words:

Info accessible through [anyone]: Control what information is available to apps and websites when [anyone] uses them.

It now appears to us that Facebook is doing the exactly the opposite of what we had hoped and is expanding the reach of applications to data mine from your account if Facebook's platform is enabled.

Here's the details from within the setting:

"People on Facebook who can see your info can bring it with them when they use apps. This makes their experience better and more social. Use the settings below to control the categories of information that people can bring with them when they use apps, games and websites."

So, the applications of anyone that can see your info can use it. If you don't want "anyone's" applications accessing your information — make sure that your important info isn't shared with "everyone", and deselect all of the categories from the setting.

Because otherwise… Facebook will share it almost all of it by default to anyone that asks for it.