I recently experimented with the developer framework offered by Facebook to create Facebook applications. That simply means I experimented and tried to create simple Facebook applications just for fun, nothing that would actually go public. I must say I’m extremely disappointed by the framework offered by Facebook as it’s a total piece of junk if you compare to what Google offers for iGoogle/OpenSocial for example. Anyway, that’s not the point of the article, I know there’s a lot of people that are actually thinking right now: “What the hell is he talking about?”. Let’s get to the real deal, your privacy.
You have to understand that everytime you add a new Facebook application to your profile, this application is not running on Facebook’s servers, it is running on a third party server. One could be running from Daily Common Sense for example. This means that Facebook has absolutely no control over what you do as a third party with the information you collect. Every Facebook application has access to your profile’s information and all your friends’ information. Of course, when you sign up as a developper, you agree to the terms of service that states you are only allowed to store the “profile id” of a person and nothing more. Ok, that’s fair, I mean there’s nothing I can do with your profile id. The only problem is that as a developper, if you install my application, I have access to a lot more than your profile id! I can store whatever information I want from you in my own personal database without you or Facebook noticing. Oh sure, I’m violating the terms of service…So what? Nobody knows I’m doing it!
While the information on your profile is not enough to steal your identity, it is quite easy to sell that information and god knows what happen next. I tried with my personal profile and I was able to get quite a lot of information…And store it.
I don’t want everyone to stop using Facebook, I just want you to be careful with the information you put available on there. Remember that I may be an honest developer and you can be sure that if I someday release a Facebook application I won’t be storing personal informations, but can you assume every developer is honest?