Facebook Shares Personal Information Across the Web By Default
AVG warns you need to logout of Facebook if you want to maintain your privacy
Melbourne, 13 May 2010 - AVG (AU/NZ) recommends that everyone consider the advice from AVG Technologies' Chief Research Officer, Roger Thompson, and actively LOG OUT of Facebook every session in order to prevent their privacy being compromised if they don't. As Thompson revealed today…
Pssst... You want to see something reeeeeaaaally scary?
Here it is...
On 29th April 2010, I surfed to CNN.com to check out the news... something I do quite often... I happily read about the oil spill and the asteroids, and then noticed the bit I have circled in red. It's a bit hard to read, but it says "Log in | sign up", and then "Friends' activity", followed by "View more friends' activity"!
Not 'View friends' activity', but 'more' friends' activity. I'm not logged in, but CNN knows who my friends are on Facebook! And just to prove it, the next line shows a post by one of my friends, recommending a video.
Given that Facebook has 400 million users, the odds make it unlikely that they just 'happened' to grab one of my friends.
I thought to myself, "They knew who I am! Dang! I wonder how many other web sites know that?"
And then, a couple of weeks later, I noticed that CNN.com had changed.
Now it says, "Hi! Log in or sign up to personalise", followed by "Log in with Facebook to see your friends activity", followed by some generic Facebook messages.
So I'm thinking, "What's going on? Is CNN no longer getting the information, or is CNN no longer disclosing that they have it?"
The answer is neither of those.
As is often the case, it turns out there's a more prosaic, but still alarming explanation. One of my AVG colleagues, Jas Dhaliwal, knew what was going on. He explained...
"The 'social plugins' are designed to show which of your friends are voting '"like' on a site's specific news stories. If none of your Facebook friends are clicking the 'Like' button, then Facebook aggregates the popular stories that are 'liked' on the site as a whole.
"The social plugins take the step of Facebook Connect, one step further. Connect was designed to be a 'Single Sign-On' for the web. In other words, you log into Facebook once, and when you visit other sites around the web, it would log you on to their site, using the Facebook credentials already provided.
"At the recent F8 conference, Facebook announced that they were going to remove the Connect button. So, if you've logged in once, it will remember your login. The social plugin caches that login data and uses a custom API to show which of your friends (i.e. your social graph) are visiting the same site.
"Why? Because, I'm likely to stay longer at a site, if I know my friends have been there… so says the psychological theory. Facebook have done a very, very bad job at explaining this. For most people, when they see CNN's Facebook plugin they are surprised, because as a user, you haven't given CNN or Facebook explicit permission to connect to your social graph/friends list."
Jas Dhaliwal concludes, "If you want to stop this type of behaviour, and thus do not want to see the stories that your friends are interested in as they visit the web, simply click "Log Out" of Facebook. This is something nearly no one does. Simply, closing a Facebook tab or window DOES NOT log you out of Facebook. I think the user community needs to be educated specifically on this."
Folks... you need to LOG OUT of Facebook once you finish reading posts. You just don't know what information could be leaking.
Just today, CNN was talking about the so-called Bling-Ring, where some LA kids made a point of robbing celeb's homes. They would use Google Earth to survey the homes, and find ways in. Paris Hilton lived in a gated community, but the kids found via Google Earth that there was a gully that went under a fence, and when they went and looked, found they could easily walk right in.
Then they simply watched Twitter until Paris announced that she was going out, and walked right up to her house.
And what about the social platforms that have location information? Telling your friends "I'm at the coffee shop" is fine for those interested in joining you for coffee, but there will be bad guys out there with larceny in their hearts.
Privacy, folks.... it's a serious issue.
Do you spend a lot of time on Facebook socialising? Protect your online identity with the latest Internet Security from AVG.