How Facebook sells your personal info -- and gets away with it

How Facebook sells your personal info — and gets away with it

May 25, 2010 by Valerie Helmbreck

Posted in: adoption, Communication, Facebook, In this week's e-newsletter, social networking, Web 2.0, Web sites

Repeat after me: Facebook is a business, its job is to make money. Now, go check your Facebook privacy settings and see how you’re helping this Internet tsunami sweep through your life and contacts to add to their coffers.

That’s the message that’s being spread far and wide these days by Web security experts who believe most users of the social networking site have no idea how their activities on the site are being used in the marketplace.

Each time Facebook “revamps” its features, you can believe it’s not just to make finding that old college classmate or long lost cousin easier.

The message from Joan Goodchild, senior editor of CSO (Chief Security Officer) Online, is that each time Facebook touts a re-design or a new format, you can bet your last nickel that it’s being done as an excuse to re-set your privacy controls to a Facebook-designated default that lets the site’s owners peddle your info and activities far and wide.

Goodchild discussed the social networking site’s various privacy traps on CBS’ “The Early Show on Saturday Morning” and her top five Facebook pitfalls are worth repeating here:

• Your information is being shared with third parties
Facebook wants to make money, and they can do this by sharing your information with advertisers who want to market their products to you.

• Privacy settings revert to a less safe default mode after each redesign
This means every time Facebook exclaims “Heads up, we’ve got a fresh look!” make sure to check your security settings and change them back to where you want them. Otherwise Facebook can share your info with advertisers — a primary function of their business model. And watch out for those cutesy applications like Farmville or Which Jane Austen character are you? That application gets permission to access your info and could be sharing it with others without your knowledge.

• Facebook ads may contain malware
Basically Facebook is pretty sloppy about vetting their ads, says Goodchild, which could result in you clicking on an anti-virus software ad and downloading an actual virus.

• Your real friends unknowingly make you vulnerable
If one of your friends’ profiles gets hacked by a third party, that hacker can then see whatever info you’re putting out there to your pal. So if your friends aren’t making good decisions about what they share on the Web, you could be affected as well.

• Scammers are creating fake profiles
If the world knows the name of your mother, father, second-cousin and best friend from grade school, someone out there might just make a fake profile with one of their identities and beg you to say, wire $5,000 to them after they get mugged in a foreign country. Also, if you have like, a bajillion friends, the odds are that a few of those are scammers who aren’t who they say they are. Recommendation: Trim that “Friends” list down to a few trusted folks.

As Facebook grows in influence and power, it also seems to be finding plenty of trouble to get itself into.

Just last week, users discovered that a security hole made their private chats not so private — everyone on their contact list could listen in.

In addition, more than a dozen privacy and consumer protection organizations have now filed a complaint with the FCC claiming the site plays with privacy settings intentionally to make users’ personal info fair game for commercial use.

Remember the mantra I told you from the beginning? Repeat it. Now go check (or delete) your Facebook profile.

FinanceTechNews.com delivers the latest Finance news once a week to the inboxes of over 150,000 Finance professionals.

Click here to sign up and start your FREE subscription to FinanceTechNews!

Tags: advertising, business model, Facebook, privacy features

Richard

We need really strong federal laws about changes to privacy settings. Every site that collects personal data should be required to get informed permission to pass it on. They should be required to offer tools which let any user identify all outbound transfers of personal information.

Every organization that holds personal information should be required to allow the subject of that information to audit and challenge it AT NO COST

Does this hurt many a business model? Probably. Sorry (not really)

I include the credit rating agencies and Fair Issac (FICO) in this.
Simon Axten

Hello,

I work for Facebook.

Some of Ms. Goodchild’s answers are just flat out wrong. We’d welcome the opportunity to talk with her and fully explain how Facebook works, especially our advertising programs. In the meantime, readers should know that we don’t sell or otherwise share data with advertisers. Any assertion to the contrary is false. Specifically, if an advertiser targets people interested in boating, we’ll serve ad impressions to Facebook users with “boating” on their profile somewhere. However, we don’t provide the advertiser any names or other personal information about the Facebook users who view or even click on the ads.

Also, it doesn’t matter what information is public for ad targeting. The user is just as likely to see a targeted ad if “boating” is private as if it is public. In both scenarios, the advertiser does not get the info.

In summary, the connection Ms. Goodchild describes between public information and advertisers just doesn’t exist.

In the future, we would appreciate the opportunity to comment. We can be reached at any time at press@facebook.com. Thanks.

Simon Axten
Not My Real Name

The Internet’s world-wide; Federal laws have as much useful control over it as your town’s speed cameras have on the Interstate. If you don’t trust somebody with your information, Don’t Give It To Them. And if you think the Feds should be able to audit every database any time they feel like it, at the information-holder’s cost, that means they can demand your cellphone, iPod, and laptop without a warrant – are you sure you want that?

What? You gave Facebook your real birthday instead of Jan 1 in some random year? Did you include your mother’s maiden name just to make *sure* it’s unique? You gave them your real zip code instead of 90210 or 20006? Yes, that means when that store chain wants to send you coupons, they’ll be for their Beverly Hills branch instead of the one near your house, but at least they won’t be sending all your real-life friends spam saying “Richard bought a new ____, don’t you want one too?” Or they’ll only spam the friends who sent you that dancing puppy for your farm on your birthday (but it’s so CUUUTE!)

Computer privacy was a concern 50 years ago when mainframes cost millions of dollars, used punch cards, and need teams of hundreds of programmers for months just to add new queries; now anybody can carry a much faster computer in their pocket and find out anything on the net just by asking. It’s far beyond the ability of anybody to regulate, and much farther beyond the ability to have regulations without radical unintended consequences. You’ll have to protect your own privacy by actually not telling people stuff, even if you don’t get that dancing puppy icon.
http://www.financetechnews.com Valerie Helmbreck

Mr. Axten: Thank you for weighing in.

All due respect, however, I read about and write about technology daily. I have a Facebook account. I cannot for the life of me figure out your privacy settings and what they mean or how your company intends to market my information. Your privacy instructions are, not to put too fine a point on it, incomprehensible. And if an experienced technology writer can’t figure them out, what chance does an ordinary user have?

If you want to make sure we all know “how Facebook works,” maybe crafting some comprehensible, clear instructions on how to use it and how information will be used would be a great place to start. The failure to do so could very well be seen as a willful attempt to obfuscate Facebook’s business behavior.

I’m just saying.
Valerie Helmbreck
Socialized

Facebook, you guys are SELLOUTS!!!!!

And the second somone else comes along with a similar “product” that has the users interest in mind as opposed to $$$ we will DEFINATELY sell you out too. Cant wait for a similar FB site that has strong OPEN and honest privacy standards for their site. Yes internet life is all around scummy and in the stone age, thanks for making it just that much less inhabitable. It will take time for our socialization there as it took us time in our own non-internet history.

Later.
Richard

to Not My Real Name

I did not say I wanted the feds to be able to audit data bases.

I think that anybody who collects information about me, either to exploit or sell, should have a legal obligation to inform me they are collecting it and to provide a convenient, no cost mechanism by which I can audit it.

If that means 99% of the organizations that collect personal information today decide they need to give up the practice, it if fine with me.
Keith

Just like for credit information, Federal law should require sites that collect any personal information treat it confidentially unless a user has specifically authorized greater release. This is especially true if a user has intentionally set their “share” settings to something like “Only Friends” and then Facebook (unbeknownst to the user) purposely resets these settings to something more open (e.g. “Everyone” or “The Whole World”).

I understand websites need to do occasional re-designs to keep up with technology or changing social norms, but the site should make every possible effort to retain the same level of security settings originally selected by the user and if that it is not possible, then put them at the “closest match” security wise to their previous settings.

If a new functionality is rolled out that could possibly affect security or privacy, then the site should be obligated to set the default setting to as limited/secure as possible until the user “opts-in” to sharing more openly. Either that, or a bold notice should be put at the top of the screen or login clearly identifying the new functionality and that data will be openly shared unless the user changes the newly set default security/privacy setting by xxxx date!
Areyoukiddingme

Valerie Helmbreck, you need to find a new job. Your response to Facebook shows your ignorance and your ineptness at your job. As far as the rest of you, seriously, have you lost every bit of your common sense? Don’t release information on-line that you don’t want to share with the world.
http://www.donallenagency.com Amber Amber B-Bamber

I stopped going on Facebook when i realized it was taking me 45-90 minutes a day just to check everything, I don’t have that kind of time to waste on frivolous pseudo-friends, but i’ll go back & see if i can adjust the privacy settings to avoid possible viruses & super spamming, thx Val.
Elise

This article shows how ridiculous the idea of privacy has gotten. WHO CARES if they sell the information? I do not care if Facebook tells the world that there are 5,486,234 females, age 23, (of which I am one) in a certain portion in the US. Facebook is a business, not a volunteer based organization. We should be glad we get it free, and only fuss if some information sharing causes damage. I doubt it will cause any damage at all, much less damage than people cause to themselves by posting ridiculous drunken pictures of themselves.
Richard

Elise

Facebook is no simply selling statistical data which keeps you anonymous. Facebook would like to have you conduct many kinds of personal business via Facebook partners and then sell the information they gather.

Do you want to look at a group for women with breast cancer and the next day get advertisements for herbal cures?
wow!

Areyoukidding me, you have a valid point but the real question here for every one is, why do you need to be part of an online social group? What is a matter with the real world with real people? Can you not be honest, just as Facebook is doing to the global society, with friends and family with what your are doing and who you are with by way of mouth over a cell phone transmittion or a by personal conversation? If you really believe Facebook is private then please come to your senses and realize the government is watching! I have been researching Facebook for a speech and it is amazing that more often that not I will pull up a Facebook page by not navigating properly but it will show almost anything I want to see. Pics, posts, blogs, and most of you probably spend so much time on Facebook that you didn’t know you can Google Facebook users and get their information. The internet is a place to find information. That is why the U.S. used it for the military. So, anyone of you who thinks that any add on FB or any other site is harmless think again. If you really feel that no one tracks what useres do on the internet think again. The internet is the “Information Highway” and all content is subject to inform someone else whether it is a government agency or a bum in India. Now think about how much you put on the World Wide Web. Did you not know it is all across the globe?
http://www.facebook.com/directory/people/B-11355721-11357400 page

Hello, Neat post. There is a problem with your web site in web explorer, may check this? IE still is the market chief and a huge portion of other people will omit your excellent writing because of this problem.

Below are a few free resources you may find useful.