Facebook and your data
A few days ago, I wrote this post about the amount of data that people give to Facebook, and asked whether those that do so had really thought about the implications of what they are doing. The post was prompted by the story about Robert Scoble being banned for scraping data from the site.
In the comments for that post, brightfeather asked:
(1) When you say “trimmed” I take that to mean that you removed some information. What did you remove? (2) And what would you recommend as the bare minimum amount of information to post on Facebook?
I was going to reply in the comments for that post, but thought that this was worth a post by itself.
To answer the first part, I removed photos, school history, employment history (but not current employer), all of the “About Me” type information like interests, favourite movies, etc as well as hometown, country, political views, religious views, groups and all my contact details other than websites that I’m associated with.
I also took the opportunity to remove all those annoying applications that Facebook is infested with these days, even though I didn’t have that many on my profile.
The information that I left is already in the public domain; my employer, for example, is known to anyone that reads any of my blogs. I also left my profile picture, as it’s the same picture I use everywhere.
I didn’t delete the account entirely because I use Facebook to stay in easy contact with people; if you lose their email address you can still send them a message via Facebook. And it’s also a good way to get back in touch with people that you’ve not heard from for a long time. However, my account remains restricted so even though there’s no longer much information up there, only my friends can see it all; everyone else just gets a potted version.
The rest of Facebook (all those stupid applications and how many varieties of ‘Wall’ that just get filled with the same four or five allegedly funny items) just doesn’t appeal to me – but then, it’s not really aimed at my demographic.
To answer the second part is harder and will, I imagine, be different for each individual because it comes down to how comfortable you are with disclosing personal information. The first problem is that Facebook don’t seem to have users interests at heart when it comes to spreading data around (see the recent press about Beacon) because data is valuable – they can sell it to advertisers for big bucks. The second problem is that, as Robert Scoble demonstrated, Facebook can be scraped. What this means is that you’ve got a repository of information about in excess of 50 million people (at least that’s the most recent user figure I’ve heard) which is not too hard for someone with the right software to access. And data is valuable to them too; for opening bank accounts in your name, getting credit cards or scamming you directly.
So you have to ask yourself what you’re happy about people knowing, but remember that identity theft does not require much information (see this story about Jeremy Clarkson if you’re in any doubt), so the more information you put up the more at risk you could be.
For instance, let’s say that you’re a young married man with a family. So your profile shows who you’re married, and your friends list may include your brothers and sisters, and your Mum and Dad. You put up where you went to school, where you work, pictures of your darling children (and their names and ages), pictures of your car and your house. You tell people your hometown and when you’re going away on holiday. You make status updates about how you hate your Bank – and you tell people which Bank it is so they can avoid it. All in one session at the computer.
Now you can call me paranoid if you want, but with all of the data losses that have been going on in the UK recently do you really want to give any more away? Do you really want to take the risk?
Do you tell Facebook everything?
You may have heard today that ‘noted’ blogger Robert Scoble has had his Facebook account suspended because he was – in their eyes – scraping data from the site. The fact that he was using a tool to take data that he already had on his profile and port it to other social network environments is beside the point, they say. He was violating the terms of service and his account is forfeit.
I could care less about whether Scoble gets to have his Facebook account back (I imagine he will, because Facebook can’t afford to lose any more credibility with their audience), but what all the various arguments back and forth have highlighted to me is the vast amount of data that is sitting on Facebook; Scoble may have only been harvesting data he already had access to, but what about the less scrupulous user? And if you voluntarily put all that information online, is it still yours?
When you think about the millions of users that Facebook has – what is it? 50 million now? – and the think about the information that each of them puts up, the possibilities for identity theft are frightening. Think about your own Facebook account – how much data do you display? And just how safe do you think it is?
I’ve used Facebook for quite a few months and I’ve looked at I don’t know how many profiles – a large number are public, so you can browse at your leisure. People put up their names (obviously), age, gender, where they work, where they went to school, the music, films and books they like, their partner and all their friends. They put their contact details – email, phone, IM, you name it. I’m surprised they’re not putting up their Social Security number and their credit card details. They put up photos of themselves, their families, their children. They make announcements like when they’re going on holiday, when they’re moving house. Basically, they put up almost their entire lives.
All nicely packaged for someone to come along and steal.
How much information do you think it really takes for someone to commit identity theft? How about your name, your date of birth and the town you live in. That could be enough – they can wing the rest – but Facebook users give them so much more without a thought.
But you’re probably thinking “Ah, but all of my data is set just for my friends to view, and my profile is restricted not public”. Which is where tools like the Scoble was using come in; how much effort do you think it really takes for a determined enough person to write a tool that will (or can, there are probably ones out there already) breach Facebook’s security. And with 50 million users up for grabs, they will be determined. After all, if they got 50c per name, that’s a lot of zero’s…
And even if Facebook is 100% secure and people can only scrape data that is made public, what about Facebook themselves? They got into hot water recently because of their Beacon program – which would have allowed “specially chosen” partners to access some of your data, so they could “tailor” your online shopping experience accordingly. A system that was going to be opt-out became opt-in and now seems to have been dropped because of the public outcry.
But think about it; Facebook is a company. Companies exist to make money. Companies make money from exploitation of their assets. What is Facebook’s biggest asset? Your data. If hackers and scrapers can’t come in and steal it, Facebook themselves have shown they are perfectly happy to sell it; are you OK with that? Because by putting your data on their service, that’s what you’re saying. Think about it a bit, and then go check out your Facebook account.
For myself, I’ve had a bit of a spring-clean of my Facebook account. I haven’t deleted it completely, but it’s a lot trimmer than it was – not that it was fat with information to begin with and I won’t be updating it anywhere near as much as I used to.
Wolfs Helpers
