![]() It seems there isn’t a day that goes by without Facebook and privacy being in the news. Earlier this year, there was the small matter of Facebook reportedly storing hundreds of millions of user passwords in plain text, with the data accessible by employees for several years. The bad news? It didn’t bother to let you know-a slip that's hard to imagine from a company that truly valued giving you complete control over your data.Facebook Privacy Settings: Check and change your privacy settings on Facebook today Still, the good news in all of this: You can safely ignore Apps Others Use. A developer with multiple apps, they say, could gather a different, specific set of data about a user from each if that person installs three or four apps, the company suddenly has assembled close to a full profile, without the user granting those sweeping permissions to any single app. The pair note also that even today, Facebook’s data policy has holes. “The read_mailbox thing, that was not good enough.” I think that’s good enough,” says Biczok of the protections Facebook put in place in 2014. “You have to be friends, install the same app, and give the user_friends permission in order for your data to show up at his side. That was only deprecated in Graph API v2.4, introduced more than a year after Graph API v2.0, which Facebook had identified as the solution to its developer-related data woes.īiczok says that incident offers a stark contrast to the way Facebook responded to the user_friends debacle. A permission called read_mailbox, if granted to an app, potentially allowed a developer to read private messages between friends-even if only one of them had installed it. It’s taken years, and the largest scandal in the company’s 14-year history, to even identify the problem in the first place.īiczok and Symeonidis point also to less publicized forms of overreach. And it’s that negligence, rather than the specific settings, that concerns privacy advocates. But it’s a long-existing one.”įacebook fails to offer a satisfactory explanation either, although the company does say it plans to introduce improvements to settings to "reflect current practices" within weeks.īut it’s taken years, and the largest scandal in the company’s 14-year history, to even identify the problem in the first place. “Even if I do a thought experiment and try to imagine myself into their place, it’s maybe just an error in the software development process. “I can’t really make any sense of it, actually,” says Biczok, who says that the data categories in the settings pane line up essentially one-for-one with a permission called friends_XXX, which allowed developers to harvest friend data, and which Facebook says was phased out with the advent of Graph API v2.0 in 2014. (It also may have been even earlier that's just as far back as the Graph API explorer goes.) Using the Graph API explorer, which details what Facebook developers could and could not do on the platform through its various iterations, they determined that the kind of permissions Apps Others Use covers have not been available since at least Graph API v2.5, which was released in October of 2015. That’s not just spin the timing of the changes was confirmed by Gergely Biczok of Budapest University of Technology and Economics's CrySys Lab, and Iraklis Symeonidis of COSIC, KU Leuven, two researchers who have spent the last several years studying Facebook privacy. Facebook says that it will close that loophole, and get rid of the Apps Others Use setting altogether, as part of a larger privacy settings overhaul it announced Wednesday. Everything else under that setting is useless. After the publication of this article, Facebook did identify one edge case in which the setting would apply: If you have the "Posts on my timeline" option checked, an app could access a photo or video that a friend uploaded, but only if it appeared on your timeline, because you also allowed tagged photos of yourself to show up there. Developers haven’t been able to raid someone’s friend list in years-unless both friends have downloaded the same app-despite what that particular setting would have you believe. It’s not, though, how Facebook has worked since 2014, when it shut off that spigot. If you downloaded an app, you granted the developer of that app access to scads of information about all of your friends, presumably unbeknownst to either of you, unless you happened to be a close reader of buried preference menus. This is precisely how Facebook used to work.
0 Comments
Leave a Reply. |