Facebook quiz danger?

Sorry that blogging here has been so quiet. This is largely because I have been busy preparing for my wedding, on 24th October, and of course spending time with my beautiful fiancée.

In recent weeks several of my Facebook friends have invited me to take interesting quizzes on Facebook. These include Wayne Leman and ElShaddai Edwards, who have done so in blog posts, as well as various friends who have invited me with Facebook notifications.

The problem with this is that when I try to take these quizzes I typically get a message something like:

Allowing access will let it access your Profile information, photos, your friends’ info and other content that it requires to work.

I am required to allow this access before I can take the quiz. In other words, I have to give to a piece of software about which I know almost nothing access to personal information not just about myself but also about all my friends. If “your friends’ info” means what is on their profiles, it includes e-mail addresses, sometimes postal addresses and phone numbers (not my own), and all kinds of other details which people are happy to share with their friends, but not to make public.

Of course if the quiz program can access this information, so can its author – who can use it for marketing or sending spam, or sell it to the highest bidder. That may well be a breach of Facebook rules, but how well are these rules enforced?

Presumably each of my Facebook friends who has taken one of these quizzes has given the program permission to access my profile information, which is intended to be for my friends alone to see but not to pass on to unknown third parties. I am not at all happy that any of my friends have done that; I consider that they have acted unethically. But if I chose to de-friend them I would probably hardly have any friends left.

ElShaddai, in a comment in reply to mine, writes:

AFAIK, Peter, the “friends’ info” is applicable to the last step in the quiz where it asks you if you want to invite your friends to take the quiz.

Indeed, as far as he knows. But what I am worried about is what he doesn’t know, what the unknown author of the quiz software is not saying. He may be right, of course, but how do I know that he is right? I’m afraid “AFAIK” is not an acceptable defence on an ethical issue, just as it isn’t in a court of law.

My real concern is that this quiz program is in fact an elaborate trojan horse, installing itself in millions of Facebook users’ computers worldwide, collecting personal information on the side for some kind of nefarious purpose, or at least for a mass marketing campaign. Can anyone reassure me that there is no danger of this? I know Facebook has had to stop rogue applications before. Could this be another one?

23 thoughts on “Facebook quiz danger?

  1. Peter,

    From here:

    Oh and if you thought you could shield yourself from these API’s by making your profile and all the contents private and only visible to your friends, think again. Facebook provides API’s that allow the Facebook apps to retrieve your information through your friend. Once a friend uses a Facebook app, that app can access their info and the info from any friend’s profile that they can view.

  2. Joel, thanks for the link, which confirms most of my worst fears. While there is a claim that

    Facebook Platform does not give Developers access to your e-mail address, personal website, instant messenger ID, telephone number or street address (”Contact Information”).

    this doesn’t seem to apply to any such information which has been put on anyone’s profile. And yes,

    storing this data for more than 24 hours or for any other use is against the Developer Terms of Service.

    – but that is almost unenforceable.

  3. I know that Wayne has been creating Facebook quizzes, but I have not. I only took this one that was already created. If you’ve received a message that I’ve created a quiz, I would be very interested to see that, as it’s patently false.

  4. Pingback: Gentle Wisdom » My C-Factor: they say I am “somewhat of a Calvinist”

  5. Sorry, ElShaddai, I was forgetting the details. I should have realised that you were simply passing on a link to the quiz. So we don’t even know who set this one up. But it is not them who get access to the personal information, probably, but the author of the application software.

  6. Pingback: Threads from Henry’s Web » Somewhat of a Calvinist?

  7. It looks to me that the info the Facebook quiz program gathers is probably about the same as that of any other FB app using the FB API developer’s platform. So, the problem is a bigger one, not just with the quizzes, but with trusting Facebook and its API system at all. I’m been hit twice by worms that gather and message every one of my FB Friends. FB is aware of these breaches of security and keeps tightening up the holes, but I think no system is perfect these days. We see that as hackers gain access to very secure systems @ MI5 or the CIA, wherever. I’m not dismissing concerns about the quizzes. I have posted to the quiz forum clear questions raised by this blog post. I hope to receive clear answers in response. These are important concerns. They raise the entire issue of how safe anyone is even being signed up with Facebook or any other social network.

  8. Thanks, Wayne. I regularly get messaged by applications which message every friend of one of my friends, but they may have given permission for this without intending to.

    There is more information in this article, to which I was sent a link. Note the correction in a comment, that the API gives access to friends’ profiles as well as one’s own. But this may be out of date as hopefully some holes have been plugged since February 2008.

  9. Here is the answer I received from the Know-It-All quiz man in their forum on Facebook:

    “We display the Facebook avatar and name of your friends that you can invite http://apps.facebook.com/know-it-all-trivia/?target=invite and friends that play Know-It-All against you on the Top Players page http://apps.facebook.com/know-it-all-trivia/?target=leaderboard

    It’s not possible to get a virus from Know-It-All Trivia.”

    Thank you, Jaron. So is their name and avatar the only info that Know-It-All gets from anyones Profile who accepts my invitation to play a quiz?

  10. You do know that Facebook allows you to control what information is allowed to be accessed by third-party applications, right? Simply log in to Facebook and click this link. It even gives you the option to not have any information at all shared through the Facebook API.

  11. Thanks, Tyler. That is indeed helpful. Through this page I have now blocked my friends’ applications from reading most information about me. They can now read, in addition to “my name, networks, and list of friends”, only my profile picture and my religious views i.e. that I am unashamed to be a Christian. My friends in person can still read all my information.

    I recommend anyone else concerned about the security of their personal information to do something similar.

  12. I just read the following as a Facebook friend’s status:

    … has just heard that Facebook has agreed to let third party advertisers use posted pictures WITHOUT your permission. Click on SETTINGS up at the top where you see the Logout link. Select PRIVACY. Then select NEWSFEEDS and WALL. Next select the tab FACEBOOK ADS. There is a drop down box, select NO ONE. Then SAVE your changes. (REPOST to let your friends know!)

    I have just done this. I have not verified exactly what the danger is, but I trust my friend, and don’t want others to abuse my pictures.

  13. Pingback: Gentle Wisdom » What is my real Christian tradition?

  14. As Kevin Sam reports, this very issue has now been taken up by Canada’s privacy commissioner, who is threatening to take Facebook to court for violation of privacy laws. The specific issue mentioned is:

    In order to download popular games and quizzes, Facebook users must consent to share all their personal information, except their contact details. These companies, totalling nearly one million, operate in 180 countries.

  15. Pingback: Gentle Wisdom » Facebook makes the changes I asked for!

Leave a Reply

Your email address will not be published. Required fields are marked *

To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Anti-spam image