Applications that require a Facebook login are doing so to gain access to you, your name, your friends, your location, your personal details. They are not using the login because they are too lazy to create their own.
Hilton Lipschitz, right here right now
My wife asked me why I deleted Draw Something this week, as we were both enjoying drawing pictures with each other. I told her that Zynga purchased them, who Zynga were and why I did not want them to have access to my information. See Facebook and Zynga Face Lawsuits over Privacy Breach and Facebook in Privacy Breach from the WSJ alone.
She was surprised. She innocently assumed that the Facebook login needed in Draw Something was a good thing, to help identify her to her friends and to help her find other friends to play with. She did not consider anything beyond that.
When I showed her the page on Facebook that listed the apps she had given permission to and what data they could access, she was shocked. She realized that her personal details were now available to unknown parties to do as they pleased without her active consent. She immediately removed permissions from all apps except for iPhoto.
I suspect that she is not the only one out there with the same perspective. That the Facebook login on a web site or game is perceived to be innocent and only needed because it’s better to remember one login and password than hundreds, so better for users. Knowing that the Facebook login is really giving access to your private information to others to use and abuse at will is a different matter.
We geeks know this. We know that Facebook and Google know more about us than the IRS, NSA, CIA, FBI, TSA, DHS and any other TLA could ever think of combined (which is why they subpoena Google and Facebook first). We know that Google uses this data to sell us to advertisers. We know that Facebook uses this data in the same way as well as gives it away to platform developers. We also know that both Google (until recently) and Facebook did try to at least keep the data inside the wall as it were, but that third parties were given wide open doorways into this data and were not required to keep the data private. We know that anything Google or Facebook knows about us is given to and known by hundreds of others. And we know that we don’t know who they are.
We assume that non-geeks know this too. We’re wrong. They don’t. They don’t know that Zynga is not Facebook and not covered by the privacy policy and has access to all their personal data and uses it to sell them to others and does what it likes with it. They don’t know how much data there is to know - name, address, friends, location, shopping, preferences, sites visited, topics covered. They don’t even realize that Facebook knows where they are, and where they were.
Its funny how TV is not real when sometimes it is. We all offer the knowing smile while watching one of the CSI shows when the baddie gets caught because they leave their mobile phone on and the hot cop tracks them down, because it’s obvious that the baddie is too ignorant to turn their phone off. Most TV watchers don’t connect that to the device in their own pockets in reality. Or realize that Facebook and Google do the same whenever they use a product that has a one of their logins. The hot cop can track you down just as easily if you are on the lam and play Draw Something or check Gmail.
If you use a Facebook login on a web site or app, you are giving the operator of that site or creator of that app access to all your private data. And they can and do use it, they can and do give it away or sell it, all of it, and hundreds of strangers now know all about you too. Just from one innocent login.
I don’t know the best way to tell people what they are doing, because I don’t know how to get this information in front of them. Maybe this post is a start. You can help. Tell your non-geek friends, tell your family. Maybe we can help start to protect the privacy of those we know and love. And they can pay it forward.