Design could help Facebook members limit security leaks

Dec 05, 2011

A sign-up interface created by Penn State researchers for Facebook apps could help members prevent personal information -- and their friends' information -- from leaking out through third-party games and apps to hackers and identity thieves.

When Facebook members sign up for apps developed by third-party companies, they may not know that these apps are sometimes overriding their global settings on privacy preferences and sharing, said Heng Xu, assistant professor of information sciences and technology.

"One illusion is that people think that they have set global , so it's secure," said Xu. "But the broken element is in the third-party applications that people use to play games and interact in different ways with each other on Facebook."

Members who sign up for an app must agree to new terms of information disclosure that are often different from their main Facebook privacy settings when they sign up for an app, Xu said. The sign-up screen currently is a general agreement that shows information third-party developers are requesting. If the member does not agree, the member cannot use the app.

The screen designed by the researchers allows members to decide what types of information they are comfortable sharing and with whom they want to share it.

Xu, who worked with Na Wang, doctoral candidate, and Jens Grossklags, assistant professor, both of and technology, designed two alternative third-party privacy agreement screens to clearly show members what data and privacy details they agree to share with the developer.

The researchers, who presented their findings today (Dec. 4) at the Association for Computer Machinery Symposium on Computer Human Interaction for Management of Information Technology, Boston, asked a group of Facebook members to try two app sign-up page designs, a single-color scheme and one that used three colors -- green, yellow and red -- to designate critical information. The design also features three boxes to offer members the option to share their app activity history with all the members of their network, just specific people, or keep all of the information private.

Of the 11 participants, all said that improving the security and privacy of the sign-up pages is important. Six of the testers preferred the multiple-colored scheme to the monochromatic version.

Privacy settings allow members to determine how much information the member wants to display or share with their members of their network and Facebook. This data can include birthdate, hometown and current city, as well as pictures the members uploaded to their pages.

Members may not consider data like hometown or birthdates vital information, but Xu said that hackers can use such information to guess social security numbers.

Xu said that people may not even know that they may expose their friends' personal data if they use apps. A calendar app, for example, could allow developers to access the member's birthdate, as well as the birthdate of friends who are part of the member's network.

"Some people may know that they are allowing these companies to access their data," Xu said. "However, they might not know that their info will be leaked through their friends, use of games and other applications on Facebook."

According to Xu, many app developers try to make money from their games and tools by selling or sharing the data with advertisers and other companies.

"The only way to find out how the information is going to be used is to go to each app's website and review the terms of use," Xu said. "And many people won't do that."

Explore further: Britain's UKIP issues online rules after gaffes

Related Stories

Facebook tightens privacy on third-party programs

Feb 18, 2010

Facebook has given users more control over who gets to see video, virtual cards and other digital content shared using third-party programs at the leading social networking website.

Facebook adds 'app' passwords to site security

Oct 27, 2011

Facebook is ramping up security by giving people the option of setting passwords for games or other third-party applications added to pages at the leading online social network.

Recommended for you

Britain's UKIP issues online rules after gaffes

20 hours ago

UK Independence Party (UKIP), the British anti-European Union party, has ordered a crackdown on the use of social media by supporters and members following a series of controversies.

Sony saga blends foreign intrigue, star wattage

21 hours ago

The hackers who hit Sony Pictures Entertainment days before Thanksgiving crippled the network, stole gigabytes of data and spilled into public view unreleased films and reams of private and sometimes embarrassing ...

Digital dilemma: How will US respond to Sony hack?

Dec 18, 2014

The detective work blaming North Korea for the Sony hacker break-in appears so far to be largely circumstantial, The Associated Press has learned. The dramatic conclusion of a Korean role is based on subtle ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.