Oh, Facebook, Why Can't I Quit You?

Spending time on social media is the modern day cigarette habit. But if you are addicted, you're not alone. There are one billion people with the same habit, regularly feeding Facebook with the most intimate information about themselves.

As the world watches Facebook go public today, it's important to understand that Facebook is a business and must make money to live up to its $100 billion valuation. At the center of this is you, the user. Behind the nicely designed Facebook pages is an intelligent algorithm that targets ads to get you to buy stuff. CBS reports that Facebook makes 80% of its revenue from serving up ads. This is about $4.34 per user.

Every status update, every photo, every "like"--every action you take on Facebook becomes valuable to it. Everything you do is tracked online, so advertisers can predict what they should sell you. As a Facebook user, you are its product.

Facebook's all-night hackathon. Source: Jez Burrows, a product designer at Facebook.

Of course, Facebook's advertising platform might not be all that it is cracked up to be. GM pulled its $10 million ad campaign. There have been reports that 44% of Facebook of users don't click on ads. But don't feel too sorry for Facebook.

Facebook has become adept at mapping the reward centers of our brains, manipulating us to create online worlds even when those activities might not be in our best interests. The first thing I do when I wake up in the morning is check Facebook to see if I've gotten any messages and see if any of my friends have posted something to their walls. The activity stream suggests that they, too, have gotten into the habit of checking Facebook in the morning. Why? Checking Facebook brings a quick dose of satisfaction if people "like" your photo or comment.

The more data you feed it, the more Facebook knows about you. A recent New York Times article revealed that Target knew a teen was pregnant before her father did. Of course, Facebook is not the only problem. Every big company can track your information. "Google knows more about my interests than my wife does," computer security specialist Bruce Schneier said. "That is a little bit creepy." He cracked, "Now tell me about your sex life," to illustrate the intimacy of some information.

AT&T and Apple know a lot about you, too. "In some ways, the Web permeates all our lives. These companies are becoming powerful because of where they sit. If you have a Kindle, all of your browsing goes through Amazon," Schneier said.

But there are specific issues with Facebook that users should be aware of. Privacy expert Ashkan Soltani sympathizes with addicted Facebook users. "Facebook is essentially Brokeback Mountain. Everyone thinks 'Why can't I quit you?'" But he is concerned about several security loopholes Facebook opens up for companies. One is the accidental disclosure of corporate information. "This could simply be posting a photo with sensitive product or trade secret info. We've seen this happen to military troops, who inadvertently disclose info. So it's not surprising that 'average joe employee' accidentally reveals a new product launch," he said.

Apps present another security risk. "Both [tracking and apps] are big concerns. But I'd have to say that the app gap is a big problem," said Rebecca Jeschke, a PR rep from Electronic Frontier Foundation. "You shouldn't have to share your info with your friend's applications because you want to use just one application."

Facebook apps present other possible security problems. We've already seen issues with apps such as Path gaining access to contact data on phones. A similar thing could happen with poorly coded Facebook apps and malware. Apps can give hackers access to information they normally wouldn't have and act as windows into other websites. You never know who is writing an app. Some apps are written by big companies. Others are written by a random guy in his bedroom. Granting an app access to your friend list, gender, or info could compromise your privacy and even your company's secrets. "There have been multiple vectors, scams, malware, clickjacking scams, based on Facebook apps that were either written poorly or written to be intentionally malicious," Soltani said.

Then you have social engineering, which is designed to trick users into giving information so the hacker can gain access to Facebook. "The attacker knows information about the victim that they're able to exploit for a variety of purposes, including identify theft, revealing personal info, and attacks on password reset dialogues," Soltani said.

Think about it. If a hacker knows your hometown, favorite pet, or high school best friend, it allows him access to something he wouldn't normally have access to without that information. A number of celebrities had their email accounts accessed after an attacker used data that was classified as publicly available to guess their password reset secrets. Remember when Sarah Palin's email was hacked? "As we post more on social networks, we also reveal information that may be used in a way we didn't anticipate, including guessing our passwords," Soltani said.

Living your life out in public can not only give hackers too much information that compromise your privacy, but it can give your employers a window into your private life. An employer can tell if you are at home or at work by looking at what you are posting on Facebook--especially if you are surfing while on the company network. What's more, Facebook itself could track your whereabouts. "Facebook knows when you go to work and go home, which would be an interesting privacy leak," said Jeremiah Grossman, CTO at WhiteHat Security. Employees who use Facebook apps at work put their companies at additional risk, he added. "A work compromise might lead to intellectual property loss, fraud, and account compromise."

It's easy to understand what is private in real life. You wouldn't say out loud anything you didn't want your co-workers to hear. But many people are not as cautious online. Online communities like Facebook can also present unusual problems for a company when employees mix work with personal. Jules Polonetsky, director of the Future of Privacy, said every responsible company needs to have a social media policy. For instance, a salesperson might connect with prospects on Facebook and then gets fired. The employer does not have access to that person's personal Facebook page, thus does not have a record of the contacts made. In another scenario, an employee might check in at a client's headquarters, forgetting that he is sharing his location. Competitors can look at his check-in and see what client he is talking to.

"There are a range of ways employees need to understand and need to manage their social media. People often merge professional with personal. There needs to be a more rigid separation to ensure lines between personal and company data [are kept separate]," Polonetsky said.

In the meantime, Facebook stands to benefit ever more prosperously from our indiscretions. Sean Gourley, co-founder of Quid, a data analysis and consulting firm, thinks about the power of algorithms and how it's being used to manipulate people into consuming more. "A billion people are competing with each other and sharing more info. That's the world that we got, the world Mark Zuckerberg created--a platform that can collect as much information out of us, using addictive game mechanics and using algorithms to sell you stuff. The more you share, the more you project, and the more money Facebook makes--and the richer Zuckerberg becomes. Slowly we will wake up to this" he said.

So the next time you feel the urge to make your life look better by updating your Facebook page, think about the possible professional risks of posting, the security risks to your company, and the algorithms that are used to sell you stuff you didn't even know you needed.

Now that's the heart of consumerism. How do you "like" that?