I was talking to my friend, and she showed me her privacy settings and her applications. She had hundreds of applications, and only used about 20 of them. Additionally, a lot of her applications had access to almost everything, as you mentioned. Most Facebook users don’t know that their information is being shared. However, there was a study done on Carnegie Mellon college students and they were educated about the settings. According to the study, “The percent decrease of users who provided their website address had the largest drop with a drop just under 12%. Additional emails being provided dropped by 8.33%, primary e-mails dropped 6.4%, and AIM screenname disclosure dropped by 2.44%. The amount of phone numbers and cell phone numbers remained
constant. The disclosures of current addresses increased by 8.33%.”
The full study can be found at http://lorrie.cranor.org/courses/fa05/tubzhlp.pdf
Obviously, education didn’t have much of an effect on how college students protected their information. But I wonder if people in their 30s and 40s might have a different reaction? Nobody has done a study on that yet. One woman went to Blockbuster, rented a couple movies, and then went home and checked her Facebook. Her status detailed the movies she bought, and she sued Facebook (news article can be found here http://www.myfoxdfw.com/dpp/news/consumer/
mesquite_woman_sues_facebook%2C_blockbuster).

That said, I still love Facebook. It’s the only means I have for keeping in touch with friends and family.

Don’t read too much into the post from Deepquest as that information is actually an error in that particular application not revealing a flaw in Facebook itself. Also, the article about the Zynga team is really more about how those applications have taken advantage of users to make money, not to steal information. Zynga routinely used marketing techniques on Facebook to grow their applications installed user base and then misleading marketing offers within games to drive up revenue. It has never been about stealing identities because they can’t.

That said, there are some legitimate privacy concerns on Facebook (and every other website for that matter). FB Applications do have some access to your information if your not installed, but it’s limited. It’s roughly the same information that you can get about a person if your not logged into Facebook and visit a person’s profile. To see this in action, logout and then go to your profile page.

Just my $0.02.

Erik

These dirtbags are why I don’t accept gifts, play games, or do anything but connect and communicate with my friends on Facebook. Every stupid little app you add gets access to your personal information unless you explicitly tell it not to, and Facebook completely fails to inform folks of how much privacy they’re giving up.

The biggest problem, though, is that Facebook has no way of policing the applications developers. For instance, the API terms of service say that you’re not supposed to store the personal information made available in the API — just use it temporarily and forget it. But how could Facebook ever enforce this rule? They’d have to periodically review the code of every app! (And that’s assuming the developer provided the correct code. Really, they’d need to do a full audit of the app developers’ systems.)

This is a disaster waiting to happen. Tomorrow, one nasty developer could create the next Scrabulous and steal the identities of millions of Facebook users. Hell, forget tomorrow, this scenario has likely already happened hundreds of times over — and the baddies are just waiting for the right moment to strike.