Facebook Privacy #Fail and How Evils Exploit it?
It seems like companies in Pakistan have now fully realized the potential of the internet as an effective tool for advertising and increasing popularity.
Evidence is the fact that more and more local ads are starting to appear on seemingly every web site we visit.
This is maybe good but more and more cases are popping up which point to the fact that these companies may very well be exploiting their user base (those who click on ads / apps – in case of Facebook).
The specific platform I’ll be discussing today is Facebook.
Everybody knows that Facebook is an insecure platform. I’m sure most of you have experienced first hand things like random apps spamming your wall and your friends’ inboxes being flooded with promotional ads for websites, products and whatnot. (I am sure you must have come across this Osama Bin Laden page on May 3rd, 2011 – which caused similar harm to million of Facebook users)
A part of this vulnerability is on display when a user allows a Facebook app to access the private user information. When we allow that app to access our details / private-data, we do not know how much of our details are beings shared / exposed. For all we know, our search habits, friend lists, preferences and likes information could be shared and we’d be none the wiser.
A list is displayed about what’s being shared but not many of us read it. Ideally, Facebook should clearly communicate the users about the data the application may access and it should be restricted to only the very essential details.
But as we all know, Facebook isn’t too big on security proved by the fact that it has been caught selling user data without consent to third parties before. Not only that, various security analysts and companies have accused Facebook of making the default settings for security such that they allow user content to be shared with a larger audience, not to mention changing security settings is a tedious process.
Facebook, should give it’s users an option of allowing or otherwise disallowing the sharing of private data while installing an app, however, you are either supposed to accept the terms or to reject them altogether.
A common method of spamming using Facebook is that an application is created, which may not necessarily be bogus. As users allow their details to be shared, the app stores all data it can lay its hands on. Once it has enough details, they are sold to third parties.
Now these details are a gold mine for hackers, spammers and multinational companies alike. Knowing your preferences from your likes and your email address, a hacker might try to guess your password and succeed. Or he could just use all the email addresses and send spam to them.
This isn’t always the normal spam. It could be targeted spam, for instance, if you are the victim of such activity, a spammer might check your recent status updates. One of them might be like, “In the market for a new laptop, hurrah!” Now the spammer uses this and sends you emails which might include offers or surveys which, upon completion, will reward you with a new laptop.
Another type of exploitation can be by multi nationals. For instance, if they see that “Shahid Afridi” is getting a lot of likes, they might start offering a chance to meet him or offer signed shirts and caps etc. if you buy their product. So, the possibilities are endless.
Now, you may be disturbed by all this, but the fact is this stuff is also going on in Pakistan and it’s used by many of the “big” name companies. Recent examples are of Jazz and Lux (props to Adnan Jabbar for pointing it out), who started online competitions for prizes (they advertised through sponsored links in the Facebook sidebar).
To participate, users had to give out info like name, gender, email address and location etc. Soon after registering, participants email addresses and mobile numbers were allegedly flooded with spam.
As an example, have a look at following app:
One may wonder, what this brand has to do with user’s information like: “list of friends, networks that he/she has joined – in fact app is requiring it’s users to allow it to access their any data at anytime – which is unnecessary, I would say.
And by the way, this is not with djuice only, every other apps on Facebook these days are practicing the same. They are collecting huge amount of data to be later used for their marketing purposes.
Join an app – and you are exposed!
This is not the only case. Earlier this year, Telenor was accused of hiring a Google group owner to spam people who weren’t subscribers. Wateen was found guilty by the blogosphere of spamming comments sections of multiple blogs. Ufone was also implicated in similar actions.
News like these only causes these companies to become a source of ridicule and slander. And being the multi-nationals they are, they really should know better than to play with the brand’s reputation.
Market competition is growing stiff but it is no excuse for such behavior. Its high time or the government to step in and put an end to this behavior if its continued.