Sarah Brown is unusually cautious when it comes to social networking. The college sophomore doesn't have a MySpace page and, while she's...
CHICAGO — Sarah Brown is unusually cautious when it comes to social networking.
The college sophomore doesn’t have a MySpace page and, while she’s on Facebook, she does everything she can to keep her page private.
“I don’t want to have to worry about all the different online scandals and problems,” says the education major at St. Joseph College in Connecticut.
It sounds like her info is locked down and airtight. Is it?
Most Read Business Stories
- Seattle among top markets as U.S. home prices increase by double-digit percentages for the first time in years
- Another top Amazon executive to leave company
- Boeing 757 bound for Seattle makes emergency landing
- Alaska Airlines ordered to pay $3.2M to family of woman who died after escalator fall
- REI picks new satellite office ‘surrounded by trail networks’
Turns out, even the privacy-conscious Sarah Browns of the world hand over information to perfect strangers.
They do so every time they download and install what’s known as an “application,” one of thousands of miniprograms on a growing number of social-networking sites designed by third-party developers for anything from games and sports teams to trivia quizzes and virtual gifts.
Brown, for instance, has installed applications on her Facebook page for Boston Bruins fans and another that allows her to post “bumper stickers” on her own page and those of her friends. It’s a core way to communicate on social-networking sites, which allow friends to create pages about themselves and post photos and details about their lives.
People often think Facebook profiles and sometimes MySpace pages, if they’re set as private, are only available to friends or specific groups, such as a university or workplace.
But that’s not true if they use applications. On Facebook, for instance, applications can only be downloaded if a user checks a box allowing its developers to “know who I am and access my information,” which means everything on a profile, except contact info.
Given little thought, agreeing to the terms has become a matter of routine for the nearly 70 million Facebook users worldwide who use applications to spruce up their pages and to flirt, play and bond with friends online.
News Corp.’s MySpace, which has about 117 million unique visitors each month, recently added an applications platform, giving developers access to the profiles of anyone who downloads them. Unlike Facebook, though, MySpace users don’t have to include their names on their profiles.
So what do these third-parties do with the information? Sometimes, they use it to connect users with similar interests. Sometimes, they use it to target ads, based on demographics such as gender and age (something Facebook and MySpace also do).
Facebook and MySpace say they hold application developers to strict standards — and boot them if they don’t comply.
But experts who track security issues think there’s too much personal information flying around, with few guarantees that it’s safe. They also think social networkers have little understanding where their information goes and how it’s used.
“I suspect that there’s a whole lot of clicking without a lot of thinking,” says Mary Madden, a senior research specialist at the Pew Internet & American Life Project who studies privacy issues. “So much of this sharing happens in a way that users don’t see the consequences. It’s kind of a big, black hole.”
Part of the risk stems from Facebook applications being created by anyone, some of them tech-related companies and others individuals with know-how. And they could be anywhere in the world, as is Jayant Agarwalla, co-founder of Facebook’s popular Scrabulous application, a takeoff on the game Scrabble.
Reached by e-mail, he says Scrabulous does use demographic information to target ads that show up as a person plays the game.
But Agarwalla, who’s based in India, stresses that information is provided in “real time” and not stored. “In my humble opinion, users have nothing to worry about,” he says.
Some would argue that it’s much like trusting an online vendor with your credit-card information.
Still, it’s an honor system, says Adrienne Felt, a computer-science major at the University of Virginia. A Facebook user herself, she decided to research the site’s applications and even created her own so she could see how it worked.
Most of the developers Felt polled said they either didn’t need or use the information available to them and, if they did, accessed it only for advertising purposes.
But, in the end, Felt says there’s really nothing stopping them from matching profile information with public records. It also could be sold or stolen.
That could lead to serious matters such as identity theft.
“People seem to have this idea that, when you put something on the Internet, there should be some privacy model out there — that there’s somebody out there that’s enforcing good manners. But that’s not true,” Felt says.
Last year, Facebook users revolted when the company started using a tool called Beacon, which tracked its users’ purchases and actions at dozens of Web sites and then broadcast the data on the pages of the users’ friends.
Beacon has been scaled back.
By comparison, the issue of personal information going to application developers, both on Facebook and MySpace, has been relatively quiet.
Jonathan Gaugler, a 26-year-old New Yorker, is one who finds targeted ads on his Facebook page a bit too invasive.
“Getting married? Do your registry here!” read one recent ad that showed up. Another on his fiancee’s page sought egg donors for fertility clinics.
“Creepy,” Gaugler says.
He keeps his Facebook activity to a minimum as a result — and rarely downloads an application because he doesn’t want to be further targeted.
But many others are much less cautious, seeing the risk of social networking “as low and the reward as high,” says Patricia Sanchez Abril, an assistant professor at the University of Miami’s business school who studies privacy law.
“It is the chosen mode of communication of everyone they know. So if you’re not in it, you’re just not in the loop,” she says. “There’s a lot of peer pressure.”
What they don’t realize is that there is little legal backup if their information is used in a way they didn’t intend.
“This is an area that’s completely unregulated. Yes, there are contracts. But if the receiving end doesn’t abide by the contract, you’re still out of luck,” Abril says.