Most of us have been aware, for quite some time, that Facebook and other social networks are free for a reason, despite what the messages that often go viral may tell us! It can be summed up in this simple phrase: if you’re not paying for it, you’re not the user, you’re the product. Ever noticed how the adverts on these services are quite scarily targeted at your exact interests and recent activity that is documented on the site??? By being able to take the data that you freely store on theses services, the operators can offer external organisations the opportunity to target advertisements at specific individuals who are more likely to be interested in the adverts and as such actually respond in some way to them – generating more income for those operating the service. We can’t really moan about this though, we signed up to Facebook, we *should* have read the terms and conditions, we know what to expect.

The second way of exposing our personal details for use by others is by using apps on these social networks, and giving the apps permission to access and use our data. Obviously, some of these apps have entirely pure and innocent intentions and won’t harvest our personal details and sell them on to the highest bidder. Others, however, are created with the sole intention of gaining access to our information, harvesting, packaging it up and selling it on to whoever wants to pay for it. Take this example: I recently saw that some of my friends on a particular social network had been taking part in a ‘competition’ to win a large amount of blu-rays and a new blu-ray player. I decided it would be rather good fun to investigate, and see how much of my life history this particular competition required for me to stand a chance of winning this rather tasty prize. Imagine my feigned horror when I read the following:

“We’ll need a way to contact you if you win. By clicking the Login button below, we’ll have permission to collect your information and contact you by email.” Well, thats fair enough, I suppose its too difficult for me to just enter my email address. Clicking the login button (haven’t entered my details yet) the app then tells me that by signing in, I will be consenting to the following:

  • Allowing the app to access my basic information, including: Name, Profile picture, gender, networks, user ID, list of friends and ‘any other information I’ve made public’.     Scary rating: 2/5
  • Send me email. Well, I get that much spam, what’s a little more? Scary rating: 1/5
  • Post to Facebook as me – they may post status messages, notes, photos and videos ‘on my behalf’. Smells like account hijacking to me, do you just want my password instead???? Scary rating: 4.5/5
  • Access posts in my feed. Hmmmmm, this doesn’t seem necessary to just notify me if I’ve won this competition. Scary rating: 2/5
  • Access my data any time. Even when I’m ‘not using the application’. So they can still get my data if I disable the app? Hmmmm. Scary rating: 4/5
  • They may also access my check-ins. A little bit stalkerish. Scary rating 3/5
  • Access my profile information – “likes, music, tv, movies, books ,quotes”. This is obviously a key part in contacting me. Maybe they’ll offer me some more targeted competitions next time, in exchange for my first born, perhaps? Scary rating: 2/5.

I wonder how many people haven’t read this rather large ‘small print’ before allowing an app access to their data and more so, how many of these people have actually won the competition? Basically, if you’ve accepted these terms and conditions, you can’t moan about it, can you! At least they’re being honest about it.

The third and final (at least for this post) method that some of us may (unknowingly) be exposing our personal data to external organisations is through our “friends”, that is bot accounts that are posing as proper users of social networking sites in order to befriend us and gain access to our personal data. Depending on an individuals privacy settings, any ‘friend’ could be able to access everything you’ve ever written or stored on your profile. An article on TechCrunch, referencing a paper written, and experiment carried out, by the University of British Colunbia shows how a team of researchers developed a method of automatically creating and populating accounts, sending out friend requests, developing friend networks and using this access to people’s accounts to harvest their personal data. Obviously, they didn’t sell it on to others, merely analysed the data they could gain access to and then deleted it. They’re nice people, aren’t they :-).

The report highlights some rather interesting facts:

  • After creating and populating 102 bogus accounts, only around 1 in 5 were identified by Facebook’s ‘Immune System’.
  • These accounts were able to ‘make friends’ with just over 3,000 accounts.
  • The total amount of accounts that were exposed through being able to see other accounts on friends walls etc, was just over 1,000,000 accounts.
  • Over 250Gb of personal data was recorded during the course of the study.
  • People were more likely to accept random friend requests from ‘attractive’ people – even though they didn’t know them. Are you one of these people?????
  • People were more likely to accept a random friend request if they had a friend in common. This suggests that as a bot’s friend network increased, it would become easier to befriend more people.

So, beware!!!!!!! Just who are you letting use your ‘personal’ data and do you actually know who your online friends are?