Design could help Facebook members limit security leaks

Dec 05, 2011

A sign-up interface created by Penn State researchers for Facebook apps could help members prevent personal information -- and their friends' information -- from leaking out through third-party games and apps to hackers and identity thieves.

When Facebook members sign up for apps developed by third-party companies, they may not know that these apps are sometimes overriding their global settings on privacy preferences and sharing, said Heng Xu, assistant professor of information sciences and technology.

"One illusion is that people think that they have set global , so it's secure," said Xu. "But the broken element is in the third-party applications that people use to play games and interact in different ways with each other on Facebook."

Members who sign up for an app must agree to new terms of information disclosure that are often different from their main Facebook privacy settings when they sign up for an app, Xu said. The sign-up screen currently is a general agreement that shows information third-party developers are requesting. If the member does not agree, the member cannot use the app.

The screen designed by the researchers allows members to decide what types of information they are comfortable sharing and with whom they want to share it.

Xu, who worked with Na Wang, doctoral candidate, and Jens Grossklags, assistant professor, both of and technology, designed two alternative third-party privacy agreement screens to clearly show members what data and privacy details they agree to share with the developer.

The researchers, who presented their findings today (Dec. 4) at the Association for Computer Machinery Symposium on Computer Human Interaction for Management of Information Technology, Boston, asked a group of Facebook members to try two app sign-up page designs, a single-color scheme and one that used three colors -- green, yellow and red -- to designate critical information. The design also features three boxes to offer members the option to share their app activity history with all the members of their network, just specific people, or keep all of the information private.

Of the 11 participants, all said that improving the security and privacy of the sign-up pages is important. Six of the testers preferred the multiple-colored scheme to the monochromatic version.

Privacy settings allow members to determine how much information the member wants to display or share with their members of their network and Facebook. This data can include birthdate, hometown and current city, as well as pictures the members uploaded to their pages.

Members may not consider data like hometown or birthdates vital information, but Xu said that hackers can use such information to guess social security numbers.

Xu said that people may not even know that they may expose their friends' personal data if they use apps. A calendar app, for example, could allow developers to access the member's birthdate, as well as the birthdate of friends who are part of the member's network.

"Some people may know that they are allowing these companies to access their data," Xu said. "However, they might not know that their info will be leaked through their friends, use of games and other applications on Facebook."

According to Xu, many app developers try to make money from their games and tools by selling or sharing the data with advertisers and other companies.

"The only way to find out how the information is going to be used is to go to each app's website and review the terms of use," Xu said. "And many people won't do that."

Explore further: Twitter rules out Turkey office amid tax row

Related Stories

Facebook tightens privacy on third-party programs

Feb 18, 2010

Facebook has given users more control over who gets to see video, virtual cards and other digital content shared using third-party programs at the leading social networking website.

Facebook adds 'app' passwords to site security

Oct 27, 2011

Facebook is ramping up security by giving people the option of setting passwords for games or other third-party applications added to pages at the leading online social network.

Recommended for you

Twitter rules out Turkey office amid tax row

14 hours ago

Social networking company Twitter on Wednesday rejected demands from the Turkish government to open an office there, following accusations of tax evasion and a two-week ban on the service.

How does false information spread online?

17 hours ago

Last summer the World Economic Forum (WEF) invited its 1,500 council members to identify top trends facing the world, including what should be done about them. The WEF consists of 80 councils covering a wide range of issues including social media. Members come ...

User comments : 0

More news stories

Simplicity is key to co-operative robots

A way of making hundreds—or even thousands—of tiny robots cluster to carry out tasks without using any memory or processing power has been developed by engineers at the University of Sheffield, UK.

Microsoft CEO is driving data-culture mindset

(Phys.org) —Microsoft's future strategy: is all about leveraging data, from different sources, coming together using one cohesive Microsoft architecture. Microsoft CEO Satya Nadella on Tuesday, both in ...

Floating nuclear plants could ride out tsunamis

When an earthquake and tsunami struck the Fukushima Daiichi nuclear plant complex in 2011, neither the quake nor the inundation caused the ensuing contamination. Rather, it was the aftereffects—specifically, ...

Patent talk: Google sharpens contact lens vision

(Phys.org) —A report from Patent Bolt brings us one step closer to what Google may have in mind in developing smart contact lenses. According to the discussion Google is interested in the concept of contact ...