Oh, Facebook, Why Can't I Quit You?
Category: Social Networking
Apps present another security risk. "Both [tracking and apps] are big concerns. But I'd have to say that the app gap is a big problem," said Rebecca Jeschke, a PR rep from Electronic Frontier Foundation. "You shouldn't have to share your info with your friend's applications because you want to use just one application."
- 2013 Social Media Analytics Best-Practices
- App Development for a Multi-Platform Environment that Won't Break Your Back or Budget
White PapersMore >>
Facebook apps present other possible security problems. We've already seen issues with apps such as Path gaining access to contact data on phones. A similar thing could happen with poorly coded Facebook apps and malware. Apps can give hackers access to information they normally wouldn't have and act as windows into other websites. You never know who is writing an app. Some apps are written by big companies. Others are written by a random guy in his bedroom. Granting an app access to your friend list, gender, or info could compromise your privacy and even your company's secrets. "There have been multiple vectors, scams, malware, clickjacking scams, based on Facebook apps that were either written poorly or written to be intentionally malicious," Soltani said.
Then you have social engineering, which is designed to trick users into giving information so the hacker can gain access to Facebook. "The attacker knows information about the victim that they're able to exploit for a variety of purposes, including identify theft, revealing personal info, and attacks on password reset dialogues," Soltani said.
Think about it. If a hacker knows your hometown, favorite pet, or high school best friend, it allows him access to something he wouldn't normally have access to without that information. A number of celebrities had their email accounts accessed after an attacker used data that was classified as publicly available to guess their password reset secrets. Remember when Sarah Palin's email was hacked? "As we post more on social networks, we also reveal information that may be used in a way we didn't anticipate, including guessing our passwords," Soltani said.
Living your life out in public can not only give hackers too much information that compromise your privacy, but it can give your employers a window into your private life. An employer can tell if you are at home or at work by looking at what you are posting on Facebook--especially if you are surfing while on the company network. What's more, Facebook itself could track your whereabouts. "Facebook knows when you go to work and go home, which would be an interesting privacy leak," said Jeremiah Grossman, CTO at WhiteHat Security. Employees who use Facebook apps at work put their companies at additional risk, he added. "A work compromise might lead to intellectual property loss, fraud, and account compromise."
It's easy to understand what is private in real life. You wouldn't say out loud anything you didn't want your co-workers to hear. But many people are not as cautious online. Online communities like Facebook can also present unusual problems for a company when employees mix work with personal. Jules Polonetsky, director of the Future of Privacy, said every responsible company needs to have a social media policy. For instance, a salesperson might connect with prospects on Facebook and then gets fired. The employer does not have access to that person's personal Facebook page, thus does not have a record of the contacts made. In another scenario, an employee might check in at a client's headquarters, forgetting that he is sharing his location. Competitors can look at his check-in and see what client he is talking to.
"There are a range of ways employees need to understand and need to manage their social media. People often merge professional with personal. There needs to be a more rigid separation to ensure lines between personal and company data [are kept separate]," Polonetsky said.
In the meantime, Facebook stands to benefit ever more prosperously from our indiscretions. Sean Gourley, co-founder of Quid, a data analysis and consulting firm, thinks about the power of algorithms and how it's being used to manipulate people into consuming more. "A billion people are competing with each other and sharing more info. That's the world that we got, the world Mark Zuckerberg created--a platform that can collect as much information out of us, using addictive game mechanics and using algorithms to sell you stuff. The more you share, the more you project, and the more money Facebook makes--and the richer Zuckerberg becomes. Slowly we will wake up to this" he said.
So the next time you feel the urge to make your life look better by updating your Facebook page, think about the possible professional risks of posting, the security risks to your company, and the algorithms that are used to sell you stuff you didn't even know you needed.
Now that's the heart of consumerism. How do you "like" that?
Boonsri Dickinson is the Associate Editor of BYTE