Archive for the ‘SNS’ Category
Posted September 30, 2008on:
“After Facebook released v1.1 of their iPhone application, they promised that a bigger, badder v2.0 was in the works for September. They cut it pretty close, but they’ve kept their word. Just a few hours ago, the second major release of the Facebook application hit the App Store, bearing a whole new user interface and a slew of fresh features.” Techcrunch
Techcrunch announced however i downloaded the app before this article cameout
My exp with 1.1 was annoying since you could’nt do a lot of new things that have made facebook even more addictive. Comments on newsfeed items, pic comment from a Div pop up etc etc ….
Anyways ..im still testing it ..and will post it here again
Facebook is no stranger to the complaints of privacy activists. First, it was the site’s News Feed feature back in 2006. Most recently, the company’s Beacon service drew widespread criticism. This blog post will outline yet another major privacy issue, in which Facebook recklessly exposes user data.
Facebook launched its widely popular application developer program back in May 2007. As of press time, there were more than 14,000 applications. Some, including most of the popular apps, are made by companies, while a few of the popular apps, and a significant number of the long tail of the less popular applications are made by individual developers.
But a new study suggests there may be a bigger problem with the applications. Many are given access to far more personal data than they need to in order to run, including data on users who never even signed up for the application. Not only does Facebook enable this, but it does little to warn users that it is even happening, and of the risk that a rogue application developer can pose.
Privacy problems for the user
In order to install an application, a Facebook user must first agree to “allow this application to…know who I am and access my information.” Users not willing to permit the application access to all kinds of data from their profile cannot install it onto their Facebook page.
Screenshot of adding an application
What kind of information does Facebook give the application developer access to? Practically everything. According to the Application Terms of Service,
“Facebook may…provide developers access to…your name, your profile picture, your gender, your birthday, your hometown location…your current location…your political view, your activities, your interests…your relationship status, your dating interests, your relationship interests, your summer plans, your Facebook user network affiliations, your education history, your work history,…copies of photos in your Facebook Site photo albums…a list of user IDs mapped to your Facebook friends.”
The applications don’t actually run on Facebook’s servers, but on servers owned and operated by the application developers. Whenever a Facebook user’s profile is displayed, the application servers contact Facebook, request the user’s private data, process it, and send back whatever content will be displayed to the user. As part of its terms of service, Facebook makes the developers promise to throw away any data they received from Facebook after the application content has been sent back for display to the user.
Researchers blast Facebook
Some applications may make use of all this data, but as researchers from the University of Virginia have detailed in a recent report, Facebook provides applications with access to far more private user information than they need to function. Adrienne Felt, a student and lead researcher on the project, told me that of the top 150 applications they examined in October 2007, “8.7 percent didn’t need any information; 82 percent used public data (name, network, list of friends); and only 9.3 percent needed private information (e.g., birthday). Since all of the applications are given full access to private data, this means that 90.7 percent of applications are being given more privileges than they need.”
Felt condemned this practice, and said that it violated the the idea of least authority, an important security design principle that states that an actor should only be given the privileges needed to perform a job. In other words, she said, an application that doesn’t need private information shouldn’t be given any.
“Regardless of the click-through disclaimer that Facebook makes users accept, I don’t think people understand what’s happening to their data behind the scenes. If applications don’t appear to use private data–but then they all have this same standard click-through screen–how can users differentiate between applications that really need access to data and all the rest?”
More than your own data–selling out your friends
Facebook’s Web site and lengthy application terms of service curiously fail to mention something rather important. In addition to providing the application developer access to most of your private profile data, you also agree to allow the developer to see private data on all of your friends too.
Many Facebook users set their profiles to private, which stops anyone but their friends from seeing their profile details. This is a great privacy feature that can protect users from cyberstalkers and is completely gutted by the application system. To restate things–if you set your profile to private, and one of your friends adds an application, most of your profile information that is visible to your friend is also available to the application developer–even if you yourself have not installed the application.
The good news is that Facebook lets you configure the amount of your own private data that your friend’s applications can see. The bad news is that it’s hidden away, requiring several clicks through menus to find a page listing specific privacy settings (Privacy -> Applications -> Other Applications). Furthermore, the default values are extremely lax, such that a user who has yet to discover the preference page is essentially sharing her entire profile by default.
This friend data-sharing “feature,” and the ability to protect against it, isn’t mentioned anywhere else on Facebook’s site, nor are users informed about it when they install an application.
On Tuesday, I had the opportunity to briefly chat with Chris Kelly, Facebook’s chief privacy officer. During our conversation, he dismissed claims that Facebook does nothing to inform users that applications have access to data on user’s friends, stating that “we have made things very clear to users, and they understand it very well.” However, by press time, he had yet to send me a link to anywhere on the site where this information was “clearly” explained.
As for actually getting user permission before using their data in new and creepy ways, Solove said that the company “seem to have a very cavalier attitude to their users consent.”
Ok. So in order to give your friends virtual naughty gifts, play scrabble online, or see your daily horoscope, a user has to hand over all their private profile data to some unknown company or developer. No need to worry though, because Facebook has safeguards in place, right?
“Before providing any information to any Developer through the Facebook Platform, Facebook requires each Developer to enter into an agreement…which…strictly limits their collection, use, and storage of Facebook Site Information.” (Facebook application terms of service)
Ah, good. Facebook requires that each developer protect the privacy of the user information and requires that they not store a local copy. I’m sure Facebook enforces this vigorously, audits developers, and throws the book at anyone who violates this rule, right?
“[each application] has not been approved, endorsed, or reviewed in any manner by Facebook…we are not responsible for…the privacy practices or other policies of the Developer. YOU USE SUCH DEVELOPER APPLICATIONS AT YOUR OWN RISK.” (Facebook application terms of service)
I asked Facebook’s Kelly what his company is doing to ensure that application developers do not violate the rules by saving a copy of user data that passes through their servers. He cited “extensive security mechanisms operating behind the scenes,” although, he refused to expand on this, due to “security reasons.” He wasn’t too happy when I accused him of practicing security though obscurity, a concept widely mocked in security circles. He dismissed my charge as a mischaracterization.
Kelly claimed that his company “has a variety of techniques to determine if [developers are saving user data.]” As a PhD student in Information Security, I can quite confidently say that from a technical perspective, this is impossible. Simply put, once the data leaves Facebook’s servers, the company has no way of knowing what happens to it. Thus, giving Mr. Kelly the benefit of the doubt, I can only assume that Facebook has a team of trained psychics on staff who use their mysterious powers to ferret out rogue developers.
Who are the application developers
Kelly said that users can determine a developer’s trustworthiness by looking at their profile page, and that somehow, users can combine to form some kind of intelligent hive mind. “One of the factors is what applications your friends are installing. Untrusted applications don’t get added very often as the collective mind is choosing what is trusted in real time.” He further added that it is “up to your friends to make that determination in real time. If an application is going to give them some utility, they’ll know that the applications have to obey the rules.”
Call me a cynic–but I fail to see how thousands of 18-year-olds can collectively assess the data protection practices of some random developer in a foreign land. Remember, these are the same 18-year-olds who post photos of themselves passed out drunk on their public profile pages.
Would I trust the hive mind of Indiana University students to tell me which bar in town has the cheapest beer? Sure. But to expect them to evaluate a company’s privacy practices? No way.
A public outcry
Unfortunately, as alarming as this issue is to privacy activists, there is a good chance that it may fail to gain the attention of the millions of Facebook users necessary to actually force the company to fix its policies. While both the newsfeeds and Beacon scandals were “in your face,” most users have no way of knowing what, if any, data is being transmitted to application developers by Facebook, and thus are unlikely to be motivated to complain.
Furthermore, even users who are aware of the privacy risks of Facebook applications may still end up installing them. To not do so is to isolate yourself, to cut off communication channels, and in some cases, to cause insult your friends.
In what can only be a great example of life imitating art (see below), I asked security researcher Adrienne Felt which, if any, applications she used. She told me that in spite of the fact that she had spent significant time investigating the privacy risks, she still ended up installing an application because her friends wanted to send her some virtual Christmas presents. Not wanting to offend them, she put aside her privacy concerns, and installed the app. As she told me, due to the peer pressure, “I had a hard time saying no.”
As has been long expected, Facebook has begun to work on making its service available in multiple languages as it expands internationally–and it’s doing so by utilizing the power of its millions of users by enlisting them to volunteer a few minutes. The site has spent the past few weeks asking international users to participate in the process by installing a “Translation” application that lets them translate words on Facebook from English to their native languages. It only applies, of course, to Facebook-generated text; anything entered by users, like interests or favorite movies, remain as-is.
The Translation application is initially available in French, Spanish, and German, and Facebook has said that thousands of users have enlisted in the process and are “actively translating.”
But it’s more complicated than that: “This doesn’t mean that once a user has finished translating the site will be available in that language,” a release from Facebook explained. “In order to get the best possible quality translations, we have a voting system. Other translators of that language will be able to vote on the quality of the translation by giving it a thumbs up or thumbs down. Users are also able to report any poor translations or translators.” Essentially, Facebook has prank-proofed the system.
Full versions of Facebook in French, Spanish, and German will be available, ideally, before the end of March; when those are complete, the next set of languages (which have yet to be determined) will enter the translation process.
A handful of other social networks already offer a variety of languages based either on personal preference or geographic location. Friendster, which is popular in Asia, allows its users to toggle back and forth between English and Chinese; MySpace operates more than a dozen international sites with both language and content targeted toward the culture in question.
as reported on news.com
So said one adamant Facebook user in the wake of the news that game manufacturers Hasbro and Mattel were trying to do something about the wildly popular, unquestionably addictive online game known as Scrabulous.
The game, which rose to fame when its creators turned it into an embeddable Facebook application, is a word game that’s a whole lot like the classic board game Scrabble. It uses a playing board with “bonus” spots just like Scrabble. In fact, the rules are identical to Scrabble‘s.
The companies in charge of the “real” Scrabble, for obvious reasons, aren’t happy.
Game companies Hasbro, which distributes Scrabble in North America, and Mattel, which is responsible for its overseas trademarks, have reportedly asked Facebook to remove the game from its application directory. And you can tell it’s a serious legal matter because nobody’s talking.
Facebook declined to confirm the report, and it said that it has not yet issued any kind of statement about Scrabulous; representatives from Hasbro did not respond to calls for comment.
The similarities between Scrabble and Scrabulous are crystal-clear, and it’s a no-brainer to see why Hasbro and Mattel are miffed. To add to that, Scrabulous serves up advertisements, which means that its creators are making money off the concept. But what the game companies really ought to do is take a step back and realize that they can use Scrabulous to their advantage–without removing the viral game from Facebook.
Fans of Scrabulous, for one, aren’t happy about the takedown news. On Facebook, an unofficial group called “Save Scrabulous” is growing fast, with more than 7,000 users at last count (and 5,000 hours before.) Its members, including the aforementioned “hunger striker,” are livid.
“Leave Scrabulous alone!” one of them posted in the group’s message board, a thinly veiled allusion to the “Leave Britney Alone” viral video.
Others were more visceral: “I’ve burnt my Scrabble board in protest!” one exclaimed.
Scrabulous is the creation of two brothers in India, Jayant and Rajat Agarwalla, who founded Scrabulous.com in 2006. When Facebook launched its developer platform in May, the Agarwallas soon transformed their Scrabble spin-off into an application designed for the social network, and it caught on like wildfire. More than 2 million Facebook members are active Scrabulous users, and several hundred thousand of them play the game each day.
It was a catch-22 for the Agarwallas. The “Scrabulous guys” became Facebook celebrities, but the exposure meant that they were much more visible–and so were the obvious similarities between Scrabble and Scrabulous.
“It wouldn’t be an issue if Scrabulous weren’t so popular, right?” observed Darren Herman, director of digital media for marketing firm The Media Kitchen. It’s the sheer mass of Facebook Scrabulous users that have made it a high-profile case as well as an inevitably ugly situation, if the game is indeed taken down. “We’re seeing the power of social media in its early days. Since we’re still trying to figure out the rules of the game, no pun intended, these types of issues are bound to arise.”
In other words, according to Herman, the debate over Scrabulous is indicative of the fact that the world–or at least certain mainstays of the game industry–still hasn’t quite figured out that a traditional course of action just doesn’t always work on the Web.
“I don’t think they are crazy to think this way,” Darren Herman said when asked if Hasbro and Mattel are totally off base. “Scrabble came out in a time when everyone guarded their (intellectual property) tightly.”
In the old order, a takedown notice may have been the only route. But this is the Web, and plenty of people have pointed out that Hasbro and Mattel are sitting on a marketing gold mine with Scrabulous. They have a gleefully addicted fan base, a machine for viral buzz (Facebook’s platform), and the deep pockets to offer to buy Scrabulous outright–or at least strike an innovative advertising deal.
There’s also no direct competitor. Neither Hasbro nor Mattel operates a Web-based, ad-supported version of Scrabble; video game manufacturer Electronic Arts owns the rights to electronic versions of the game, and it currently sells a PC game of Scrabble for about $20. (EA was not available for comment on the Scrabulous issue.) With Scrabulous, all three companies may be sitting on a marketing treasure trove.
Hasbro and Mattel might not get it. But the members of Save Scrabulous think that they do.
“Do these greedy fools not realize that they should be paying the creators of Scrabulous for all the damn fans of the game they created?” one angry Scrabulous fan from the United Kingdom asked on the group’s “wall.” He brought up a further point–that this is getting people excited about the musty old board game in a way they haven’t in years. “It’s like the music vids put on YouTube. It makes me buy tracks I never would have done, and frankly, before this game emerged, Scrabble was just something for rainy days in my childhood.”
Another member of the group put it more concisely. “Scrabulous brought Scrabble back in style. They should be thankful.”