As I mentioned in the previous section, hackers gained access to Duke University's Twitter account by breaching a 3rd party application linked to it called Twitter Counter. 3rd party apps that collect personal user information through Facebook linking is undoubtedly a point of concern for privacy issues. Why might this notion of 3rd party applications and other entities be concerning? There are two (2) main reasons why Facebook users should be aware of which applications have been granted permission to collect data: (1) data being sold to advertisers and other 3rd party entities and (2) Interconnectedness of accounts and the threat of hacking those applications.
(1) Data being sold and transfered to advertisers and other 3rd party entities
According to a Wall Street Journal investigation published in 2010, some 3rd party applications linked through Facebook were tracking and collecting user data and selling it to advertisers and Internet tracking companies. Citing 10 of the most popular applications that year--including Farmville and Texas Hold'em Poker--the WSJ accused apps of selling users' Facebook identification numbers to advertisers; these advertisers were able to understand millions of individuals' habits and in turn target specific advertisements to them. According to the data I collected, less than 11% of respondents were concerned with their privacy as related to advertisers; according to the Pew Research Study data cited in the infographic on the first page, 28% of respondents were concerned with advertisers collecting their data (Steel and Fowler).
In February of 2013, Facebook announced that it would be partnering with 4 different companies that collect behavioral data through the social media platform. Data collected ranged from customer email lists, to loyalty card subscriptions, to Web browsing history, to online divorce records, and much in between. These companies--Acxiom, Datalogix, Epsilon, and BlueKai--focused on data collection through various sources. Gokul Rajaram, then the product director for advertisements at Facebook, stated of the partnerships, "Our goal is to improve the relevance of ads people see on Facebook and the efficacy of marketing campaigns." Economists and other experts cited Facebook's need to increase its revenue as the reason behind increasing targeted advertising. Instances of targeted ads are quite common. For example, this could be seen in the marketing campaign launched by JackThreads, an members-only male clothing store. Facebook found millions of users' who had linked into the JackThreads website through their Facebook accounts and began displaying specific targeted ads of previously viewed items on their feeds (Sengupta).
Despite the fact that many individuals feel targeted advertisements are simply a part of being a Facebook user, and thus are unconcerned with 3rd parties collecting their information, there are some privacy implications. Advertisements are increasingly being molded to very specific users--consequently, 3rd parties are collecting data not only from what individuals "like" on Facebook, but also from other Internet habits. This means that someone, somewhere, is tracking a huge majority of the actions one does online and trying to profit off them. While Facebook continually defends its practices, saying that targeted ads are actually beneficial for users, the fact remains that if 3rd parties can buy and collect data on habits (which to many might not seem concerning), they can also potentially collect more personal information. To conclude, it is safe to assume that nothing one ever does online is absolutely private.
(2) Interconnectedness of accounts
In 2015, the widely popular application "Most Used Words" posed a major privacy nightmare for Facebook users. Used and shared by over 16 million individuals, the app collected a person's most frequently used words on the social media platform and displayed them in a colorful figure. In order to do so, the app--created by Korean company Vonvon--used an extensive amount of permissions, meaning users had to grant access to a number of things. These include (1) name, profile picture, age, sex, birthday; (2) friend list; (3) all timeline posts; (4) all photos and tagged photos; (5) education history; (6) hometown/current city; (7) all likes; (8) IP address and; (9) device info. Once a user gave permission to the app to collect this info, there was no way to be sure what Vonvon would do with it. According to the app's privacy policy, a user "... acknowledge[s] and agree[s] that We may continue to use any non-personally-identifying information in accordance with this Privacy Policy (e.g., for the purpose of analysis, statistics and the like) also after the termination of your membership to this WebSite and/or use of our services, for any reason whatsoever." And, despite making public statements saying Vonvon did not disclose user information and data to other 3rd parties, a review of the Privacy Policy--which many users undoubtedly failed to have read--reveals the company could legally do so. It notes, "...this Privacy Policy does not apply to the practices of entities Vonvon does not own or control, or to individuals whom Vonvon does not employ or manage, including any third parties to whom Von von may disclose Personal Information..." So, despite the fact that the company claimed it never sold personal data to other entities (which many experts question), the fact remains that many Facebook users were unfazed by the wide-reaching access a 3rd party app was requesting (Bischoff).
According to a Wall Street Journal investigation published in 2010, some 3rd party applications linked through Facebook were tracking and collecting user data and selling it to advertisers and Internet tracking companies. Citing 10 of the most popular applications that year--including Farmville and Texas Hold'em Poker--the WSJ accused apps of selling users' Facebook identification numbers to advertisers; these advertisers were able to understand millions of individuals' habits and in turn target specific advertisements to them. According to the data I collected, less than 11% of respondents were concerned with their privacy as related to advertisers; according to the Pew Research Study data cited in the infographic on the first page, 28% of respondents were concerned with advertisers collecting their data (Steel and Fowler).
In February of 2013, Facebook announced that it would be partnering with 4 different companies that collect behavioral data through the social media platform. Data collected ranged from customer email lists, to loyalty card subscriptions, to Web browsing history, to online divorce records, and much in between. These companies--Acxiom, Datalogix, Epsilon, and BlueKai--focused on data collection through various sources. Gokul Rajaram, then the product director for advertisements at Facebook, stated of the partnerships, "Our goal is to improve the relevance of ads people see on Facebook and the efficacy of marketing campaigns." Economists and other experts cited Facebook's need to increase its revenue as the reason behind increasing targeted advertising. Instances of targeted ads are quite common. For example, this could be seen in the marketing campaign launched by JackThreads, an members-only male clothing store. Facebook found millions of users' who had linked into the JackThreads website through their Facebook accounts and began displaying specific targeted ads of previously viewed items on their feeds (Sengupta).
Despite the fact that many individuals feel targeted advertisements are simply a part of being a Facebook user, and thus are unconcerned with 3rd parties collecting their information, there are some privacy implications. Advertisements are increasingly being molded to very specific users--consequently, 3rd parties are collecting data not only from what individuals "like" on Facebook, but also from other Internet habits. This means that someone, somewhere, is tracking a huge majority of the actions one does online and trying to profit off them. While Facebook continually defends its practices, saying that targeted ads are actually beneficial for users, the fact remains that if 3rd parties can buy and collect data on habits (which to many might not seem concerning), they can also potentially collect more personal information. To conclude, it is safe to assume that nothing one ever does online is absolutely private.
(2) Interconnectedness of accounts
In 2015, the widely popular application "Most Used Words" posed a major privacy nightmare for Facebook users. Used and shared by over 16 million individuals, the app collected a person's most frequently used words on the social media platform and displayed them in a colorful figure. In order to do so, the app--created by Korean company Vonvon--used an extensive amount of permissions, meaning users had to grant access to a number of things. These include (1) name, profile picture, age, sex, birthday; (2) friend list; (3) all timeline posts; (4) all photos and tagged photos; (5) education history; (6) hometown/current city; (7) all likes; (8) IP address and; (9) device info. Once a user gave permission to the app to collect this info, there was no way to be sure what Vonvon would do with it. According to the app's privacy policy, a user "... acknowledge[s] and agree[s] that We may continue to use any non-personally-identifying information in accordance with this Privacy Policy (e.g., for the purpose of analysis, statistics and the like) also after the termination of your membership to this WebSite and/or use of our services, for any reason whatsoever." And, despite making public statements saying Vonvon did not disclose user information and data to other 3rd parties, a review of the Privacy Policy--which many users undoubtedly failed to have read--reveals the company could legally do so. It notes, "...this Privacy Policy does not apply to the practices of entities Vonvon does not own or control, or to individuals whom Vonvon does not employ or manage, including any third parties to whom Von von may disclose Personal Information..." So, despite the fact that the company claimed it never sold personal data to other entities (which many experts question), the fact remains that many Facebook users were unfazed by the wide-reaching access a 3rd party app was requesting (Bischoff).
It is safe to assume that many web users do not realize how interconnected their various accounts are. The graphic above does a good job of depicting a typical web of connectedness between various applications and accounts. As you can see, everything is linked back to a personal/work email address. If an attacker were to start from the outside of the web--for example, imagine a hypothetical bubble added onto the Facebook bubble that represents a 3rd party app (such as the popular Texas Hold'em app). If a hacker breaches the Texas Hold'em app, he/she in theory could gain access to an individual's Facebook account because it is linked to the app. Following the graphic down, a hypothetical breach of a Facebook account could not only grant access to personal information through the social media site, but also lead to a subsequent breach of the individual's personal and/or work email account. This is undoubtedly a point of privacy concern due to the personal and sensitive material that may exist in an email account. Furthermore, as can be seen on the right side of graphic, applications (that also link out to Facebook) such as Spotify or Uber also collect financial information--specifically credit card information. So, not only do 3rd party apps pose a risk to personal information privacy, but also financial information as well.
Click here to return to the home page, and here to move on to the next page.
Sources:
Bischoff, Paul. "That "Most Used Words" Quiz is a Privacy Nightmare." Comparitech. N.p., 19 Mar. 2017. Web. 20 Apr. 2017.
Sengupta, Somini. "What You Didn’t Post, Facebook May Still Know." The New York Times. The New York Times, 25 Mar. 2013. Web. 20 Apr. 2017.
Steel, Emily, and Geoffrey A. Fowler. "Facebook in Privacy Breach." The Wall Street Journal. Dow Jones & Company, 18 Oct. 2010. Web. 20 Apr. 2017.
Zaharia, Andra. Heimdal Security. Heimdal Security, 11 May 2016. Web. 20 Apr. 2017.
Sources:
Bischoff, Paul. "That "Most Used Words" Quiz is a Privacy Nightmare." Comparitech. N.p., 19 Mar. 2017. Web. 20 Apr. 2017.
Sengupta, Somini. "What You Didn’t Post, Facebook May Still Know." The New York Times. The New York Times, 25 Mar. 2013. Web. 20 Apr. 2017.
Steel, Emily, and Geoffrey A. Fowler. "Facebook in Privacy Breach." The Wall Street Journal. Dow Jones & Company, 18 Oct. 2010. Web. 20 Apr. 2017.
Zaharia, Andra. Heimdal Security. Heimdal Security, 11 May 2016. Web. 20 Apr. 2017.