Facebook Privacy #Fail and How Evils Exploit it?

Facebook_privacy_failIt seems like companies in Pakistan have now fully realized the potential of the internet as an effective tool for advertising and increasing popularity.

Evidence is the fact that more and more local ads are starting to appear on seemingly every web site we visit.

This is maybe good but more and more cases are popping up which point to the fact that these companies may very well be exploiting their user base (those who click on ads / apps – in case of Facebook).

The specific platform I’ll be discussing today is Facebook.

Everybody knows that Facebook is an insecure platform. I’m sure most of you have experienced first hand things like random apps spamming your wall and your friends’ inboxes being flooded with promotional ads for websites, products and whatnot. (I am sure you must have come across this Osama Bin Laden page on May 3rd, 2011 – which caused similar harm to million of Facebook users)

A part of this vulnerability is on display when a user allows a Facebook app to access the private user information. When we allow that app to access our details / private-data, we do not know how much of our details are beings shared / exposed. For all we know, our search habits, friend lists, preferences and likes information could be shared and we’d be none the wiser.

A list is displayed about what’s being shared but not many of us read it. Ideally, Facebook should clearly communicate the users about the data the application may access and it should be restricted to only the very essential details.

But as we all know, Facebook isn’t too big on security proved by the fact that it has been caught selling user data without consent to third parties before. Not only that, various security analysts and companies have accused Facebook of making the default settings for security such that they allow user content to be shared with a larger audience, not to mention changing security settings is a tedious process.

Facebook, should give it’s users an option of allowing or otherwise disallowing the sharing of private data while installing an app, however, you are either supposed to accept the terms or to reject them altogether.

A common method of spamming using Facebook is that an application is created, which may not necessarily be bogus. As users allow their details to be shared, the app stores all data it can lay its hands on. Once it has enough details, they are sold to third parties.

Now these details are a gold mine for hackers, spammers and multinational companies alike. Knowing your preferences from your likes and your email address, a hacker might try to guess your password and succeed. Or he could just use all the email addresses and send spam to them.

This isn’t always the normal spam. It could be targeted spam, for instance, if you are the victim of such activity, a spammer might check your recent status updates. One of them might be like, “In the market for a new laptop, hurrah!” Now the spammer uses this and sends you emails which might include offers or surveys which, upon completion, will reward you with a new laptop.

Another type of exploitation can be by multi nationals. For instance, if they see that “Shahid Afridi” is getting a lot of likes, they might start offering a chance to meet him or offer signed shirts and caps etc. if you buy their product. So, the possibilities are endless.

Now, you may be disturbed by all this, but the fact is this stuff is also going on in Pakistan and it’s used by many of the “big” name companies. Recent examples are of Jazz and Lux (props to Adnan Jabbar for pointing it out), who started online competitions for prizes (they advertised through sponsored links in the Facebook sidebar).

To participate, users had to give out info like name, gender, email address and location etc. Soon after registering, participants email addresses and mobile numbers were allegedly flooded with spam.

As an example, have a look at following app:

djuice_khamoshi_ka_boycott

One may wonder, what this brand has to do with user’s information like: “list of friends, networks that he/she has joined – in fact app is requiring it’s users to allow it to access their any data at anytime – which is unnecessary, I would say.

And by the way, this is not with djuice only, every other apps on Facebook these days are practicing the same. They are collecting huge amount of data to be later used for their marketing purposes.

Join an app – and you are exposed!

This is not the only case. Earlier this year, Telenor was accused of hiring a Google group owner to spam people who weren’t subscribers. Wateen was found guilty by the blogosphere of spamming comments sections of multiple blogs. Ufone was also implicated in similar actions.

News like these only causes these companies to become a source of ridicule and slander. And being the multi-nationals they are, they really should know better than to play with the brand’s reputation.

Market competition is growing stiff but it is no excuse for such behavior. Its high time or the government to step in and put an end to this behavior if its continued.

Talal is the Chief Operating Officer at ProPakistani.


  • Saad

    So true,

    AN app should not be allowed any of the above options. Then again fb is kind of dry without apps so the administration should figure something out as it really is a big issue.

  • Shahid Saleem

    — Everybody knows that Facebook is an insecure platform. I’m sure most of you have experienced first hand things like random apps spamming your wall and your friends’ inboxes being flooded with promotional ads for websites, products and whatnot.

    I can’t say I agree with this. I have been on Facebook for maybe 4 years and this has not happened on MY wall. Also Facebook has tightened rules for applications and now it is easy to keep things from apps, even apps your FRIENDS install.

    — When we allow that app to access our details / private-data, we do not know how much of our details are beings shared / exposed. For all we know, our search habits, friend lists, preferences and likes information could be shared and we’d be none the wiser.

    FUD, FUD, and more FUD. You can CONTROL what is shared and you are openly told by Facebook what you can and cannot deny applications you install (and what your friends install). All applications that install and don’t require special permissions get a small set of data for you. They have NO ACCESS to your browsing habits on Facebook.

    This is not a secret. This is openly visible when you change your privacy settings for applications.

    — A list is displayed about what’s being shared but not many of us read it. Ideally, Facebook should clearly communicate the users about the data the application may access and it should be restricted to only the very essential details.

    Okay, so facebook displays the list but people don’t read it so it is FAcebook’s fault??? What kind of thinking is this? Who cares how clear it is (it is VERY clear) if no one reads it???

  • haris

    aeyy haeyyy.. talal bhaiyya kyu rakha dukhti rug pe haaathh .. ;p ;p samaj t0 gaey e h0ngay aaap sab

  • urgent

    Any tips on getting facebook fan page back? Someone has hacked my Islamic page with more than 15K fans. Need help.
    As far as I googled, facebook does not give page back to real admins but they offer to delete the page which is totally non-sense. What of someone want his page back with all fans?

    • Uzi

      So someone has overthrown your admin position…. It’s the closest guy to you…

  • But, people still enjoy to use it, might be they don’t know the value of privacy.

  • Shahid Saleem

    Well you have to understand… Facebook is a SOCIAL networking site. You want to be a hermit, go to millatfacebook :):):)

  • Ali omair

    Sallam sir Tala sahib aged Yai bat Ap 1 year pahlay kahtay to theek hoti plz update yourself with new facebook policies , mai update Ker dn ga Ap ko pc per pa Ker Abi mobile Sai Hn :p

  • ali omair

    Sir @ Tala Sahib , yai yahan ja ker ap app ki setting change ker saktay ho , screenshot: http://i.imm.io/6G2a.bmp .. mai koi facebook ka fan nai hn , bas ap ko update ker raha hn ,

  • Ameer Hamza

    Nice and Good Article ..!!! :P

  • With facebook issues and debate rolling around for last many years – It should be evident that this is now a public platform!

    so before you use any form of service on facebook (from status to even your inbox message) make sure this is something you wanted to share Publicly!

  • Facebook may have many disadvantages and loopholes but people will still use it and people will use it to exploit it. The most important thing is how to make sure that your information are secure.

  • Propakistani is working for someone as after some time they will delete your comments if they don’t link it. like they did with me on “PTA should block porn” post.
    my last post and visit to propakistani GTH

    • admin

      Aizaz, you know well that we don’t delete comments – if we do, there’s a reason and you would agree that those reasons are pretty significant…

      Please be calm and accept my apology if anything has hurt you.

  • TALHA PAKISTANI

    ppl give a damn about the privacy policies…. i bet most of the users don’t even know about these policies and what companies and brands are doing..

  • tweety

    thats y i never used any apps..

    • Shahid Saleem

      Do you have friends on facebook? Do they use any apps? If so, their apps have access to some info on you.

      • iWhizKID

        And what if i don’t have ANY info shared with my friends.