STE WILLIAMS

Facebook ‘Most Used Words’ game accused of stealing and selling user data

Do you know what words you use most on Facebook?

No? Well, there’s a game for that: one that will make a word cloud that shows your verbiage leanings, with your most-used words rendered front and center, nice and big.

“3,” much?

That was one of the biggest/most frequent “words” used by a friend of mine, as I saw in her word cloud.

And thanks to a post about the game – which is called Most Used Words on Facebook – from UK-based VPN comparison website Comparitech that recently called it a “privacy nightmare,” I was initially ready to urge friends like her to please not touch the game with a 12-foot pole.

The game maker has vehemently denied the accusations. More of that in a moment, but here’s what the initial dustup was about:

Over the course of just a few days, Most Used Words on Facebook has been shared millions of times, including, like I said, by my friends, and possibly yours.

As of Sunday, when Comparitech published its piece, the game had reportedly been shared over 16 million times, by people who agreed to sign over “almost every private detail about themselves to a company they likely know nothing about.”

Since that post, there have been multiple stories about how the viral app is hoovering up people’s personal information and is able to sell it to whoever it wants.

According to Comparitech, that includes:

  1. Name, profile picture, age, sex, birthday, and other public info
  2. Entire friend list
  3. Everything you’ve ever posted on your timeline
  4. All of your photos and photos you’re tagged in
  5. Education history
  6. Hometown and current city
  7. Everything you’ve ever liked
  8. IP address
  9. Information about the device you’re using, including browser and language

But it’s not just your info, it’s also your friends’ info, Comparitech said.

After you click on a Most Used Words post, a page will pop up, offering the option to grant access to your profile so the app can see what you’ve posted.

The post goes on, noting that the game or quiz or app or whatever you want to call it wants access to everything you’ve ever liked, will gather information on your computer, such as IP address and browser used, information about your entire friends list, including people who’ve never used the app, and all the photos in which you’re tagged.

But as many commenters on Comparitech’s post have pointed out, the list of what Words Most Used pulls out of Facebook is basically just a description of what Facebook knows about us.

If your Facebook setting is set to “public,” that information list is about as private as your underwear drying on the clothes line.

Besides that, your IP address and all sorts of information about your computer (enough to produce a unique browser fingerprint) are handed over to every website you visit as a matter of course.

Still, Comparitech dove into the privacy policy of the company behind the game, which is South Korean startup Vonvon.me, and found some things that seemed pretty alarming at first blush, such as:

  1. No takebacks if you’ve already taken the quiz: “…you acknowledge and agree that we may continue to use any non-personally-identifying information in accordance with this Privacy Policy (e.g., for the purpose of analysis, statistics and the like) also after the termination of your membership to this website andor use of our services, for any reason whatsoever.”
  2. Vonvon’s hands-off after it’s purportedly sold personal information to third parties, who can do whatever they want with it: “…this Privacy Policy does not apply to the practices of entities Vonvon does not own or control, or to individuals whom Vonvon does not employ or manage, including any third parties to whom Vonvon may disclose personal information…”
  3. Vonvon notes that it wouldn’t share your personal information with third parties unless it’s notified you first, but in the same sentence, it admitted that the privacy policy itself is already one way of notifying you.

Fast forward to early afternoon on Tuesday, and you’d find that Vonvon was, as we say in the States, having kittens over the coverage.

Vonvon CEO Jonghwa Kim sent Comparitech an indignant response, saying that the privacy policy quotes were selectively carved out to fit the writer’s premise, which was a “false accusation” about selling user data to third parties.

In fact, the company never stores personally identifying information (PII) on its servers, he said, and only uses PII to produce engaging content:

We only use your information to generate your results, and we never store it for other purposes. For example, in the case of the Word Cloud, the results image is generated in the user’s web browser, and the information gathered from the user’s timeline to create personalized results are not even sent to our servers.

Also, in the case of our quiz “What do people talk behind my back?” we use user’s school and hometown so that we may pull up close friends rather than pairing random person among your 500 fb friends in the results. We use this information only to process familiarity of friends, and again, the information is never stored in our databases.

The company doesn’t sell user data, he emphasized, since there’s nothing to sell:

As we do not store any personal information, we have nothing to sell. Period.

As far as the privacy policy goes, Kim noted that the “non-personally-identifying” information it hangs onto is just that: information that doesn’t identify a user:

“Non-personally-identifying” information is not the same with “personal” information. Are we the only company in this planet use analytics tools to better understand our users with cumulative behavioral data?

Nope, Mr. Kim, you certainly are not.

His letter goes on. Comparitech has appended it to the bottom of its original post.

I’d suggest it’s well worth a read. But then, so too is Vonvon’s privacy policy, as privacy policies always are.

Regardless of whose side you come down on, the fracas is a good example of the kind of access we routinely offer up in return for a mildly diverting 30 seconds of entertainment. It’s also a reminder of why we should read privacy policies before we sign up for Facebook apps.

Most Used Words on Facebook is far from the first or only app wanting to access our data.

You can always tweak what the app can access by getting rid of apps you’ve already authorized by clicking the lock icon on Facebook’s top right corner, going to “See More Settings,” and checking out the “Logged in with Facebook” list under the Apps section.

Click “x” to remove apps you don’t trust or recognize.

Of course, as Comparitech said, the best way to protect your data is to abstain from connecting third-party quizzes to your profile in the first place.

After all, even if Most Used Words on Facebook is as privacy-respecting as Mr. Kim insists, there are plenty of scam quizzes out there. Remember the Super Bowl survey scam of 2013?

None of those who clicked on the offer for a “fan pass giveaway” got a free pass. No, all they got was their personal details sold off to the highest crook bidder.

You can protect yourself, and your friends, by just staying away.

As much fun as it is to see what cat you’re most suited to or which Disney Princess is your soulmate; if you have to hand over the keys to your privacy to find out, repeat after me: it’s not worth it.

Image of Facebook logo courtesy of 1000 Words / Shutterstock.com

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/sC6Zojfg7jg/

Comments are closed.