Facebook dropped a privacy bombshell on an unsuspecting user base before the start of the holiday weekend: Going forward, it will make a user’s address and mobile phone number accessible as part of the User Graph object. That means that users’ addresses and mobile numbers are now available to third party developers of such apps as, say, FarmVille.
Facebook acknowledged it was dealing with “sensitive information” in the blog post making the announcement. For that reason, it created a special opt-in permission requirement for the phone number and address to be explicitly granted to the application developer through Facebook’s standard permissions dialog.
It also pointed out that these permissions only provide access to a user’s address and mobile phone number — not to friends’ addresses or mobile phone numbers.
Privacy and security advocates, not surprisingly, were unimpressed by Facebook’s nod to consumers with its opt-in form.
Facebook did not respond to MacNewsWorld’s request for comment in time for publication.
As for Facebook’s decision to grant developers this information, Rotenberg expressed more scorn.
In general, granting information to third parties has become a very slippery slope, with little attention being paid to what they are using it for.
“Increasingly, it is being used for purposes other than app development,” noted Rotenberg, “such as advertising or behavioral targeting.”
Facebook’s decision will leave users open to security threats by rogue developers, suggested Graham Cluley of Internet security research firm Sophos in a blog post.
“Facebook is already plagued by rogue applications that post spam links to users’ walls, and point users to survey scams that earn them commission — and even sometimes trick users into handing over their cellphone numbers to sign them up for a premium rate service,” he wrote.
Shady app developers will find it easier to gather this data now that Facebook has legitimatized it, he continued, predicting an increase in identity theft as a consequence of making this and other data available on Facebook.
Developers are also at risk with this system, pointed out Douglas Karr, founder of DK New Media and author of Corporate Blogging for Dummies.
“Since this data isn’t ‘scrubbed’ against national do not call and do not mail data, Facebook may be putting application developers in a precarious, dangerous position if the data is somehow misused,” he said.
With so many ways this decision could go wrong, there is a significant likelihood of a backlash, predicted Simon Buckingham, CEO and founder of Appitalism.com. “This is a major change for users, and many won’t realize that they have given permission for their phone numbers to be gathered.”
When they do, he said, hell is going to break loose. “With 600 million members, Facebook needs to err on the side of caution. This type of information is sensitive, and it is almost guaranteed that a lot of users will be unhappy about its disclosure.”