Facebook U-turns on phone and address data sharing
Facebook appears to have U-turned on plans to allow external websites to see users’ addresses and mobile phone numbers.
Security experts pointed out that such a system would be ripe for exploitation from rogue app developers.
The feature has been put on “temporary hold”, the social networking firm said in its developers blog.
It said it needed to find a more robust way to make sure users know what information they are handing over.
“Over the weekend, we got some useful feedback that we could make people more clearly aware of when they are granting access to this data. We agree, and are making changes to help ensure you only share this information when you intend to do so,” the firm said.
The updates would be launched “in the next few weeks”, it added and the feature will be suspended in the meanwhile.
Facebook’s volte-face is likely to be a case of ‘once bitten, twice shy’.
Facebook’s troubled privacy history
- July 2010: Personal details of 100m users are published on the net to “highlight privacy issues”
- July 2010: German officials launch legal action against the site for accessing and saving the personal data of people who do not use it
- July 2010: Facebook begins to roll out further changes to the site in its ongoing efforts to appease critics of its privacy practices
- May 2010: The site announces that it will simplify its privacy settings in response to growing disquiet from it users that they are too complex
- May 2010: A fix for a security flaw that allows users to eavesdrop on the live chats of their friends and see their pending friend requests is rushed out
- December 2009: Ten US privacy groups file a complaint to the Federal Trade Commission over Facebook’s new privacy settings
- December 2009: Facebook introduces another set of privacy controls
- February 2009: Changes to the sites terms of service provoke the ire of privacy campaigners
- May 2008: A Canadian privacy group files a complaint against the site accusing it of violating privacy law
- May 2008: The BBC finds a flaw in the website that could expose people’s details
- January 2008: The site faces investigation in the UK after users find they can’t permanently delete their profiles
November 2007: Members force the site to changes its controversial advertising system Beacon, which told friends and businesses what they looked at or bought
Last year, wide-ranging changes to privacy settings resulted in a loud chorus of disapproval from both users and privacy experts, including the Canadian privacy commissioner, Jenny Stoddart.
The firm was forced to radically simplify privacy settings. Ms Stoddart said at the time that the social network had “vastly improved” the sharing of personal information with third-party developers.
Facebook founder Mark Zuckerberg has made no secret of his desire to open up the relationship between the network’s 500 million members and the wider internet.
Having access to mobile phone numbers and physical addresses could have real benefits for users, the firm said in its blog.
“You could, for example, easily share your address and mobile phone with a shopping site to streamline the checkout process, or sign up for the up-to-the-minute alerts on special deals directly to your mobile phone.”
But Graham Cluley, a senior analyst at security firm Sophos, said it would also be very easy for rogue developers to jump on the bandwagon.
“You can imagine, for instance, that bad guys could set up a rogue app that collects mobile phone numbers and then uses that information for the purposes of SMS spamming or sells on the data to cold-calling companies,” he said.
Facebook has introduced a dashboard which allows users to decide what level of access to grant various apps they sign up for.
It also said that users would have to grant permission to any apps or sites that had wanted to access people’s home address or phone number.
But many people still click ‘accept’ far too quickly, said Mr Cluley.
“Facebook does alert users to the fact that this information will be shared with others, warning prompts and other pop-ups are so frequent that they are often ignored,” he said.
“The best solution would be to permit users to provide this data, via a dropdown or checkbox, when they choose to add an application, but it should not be required,” he added.