For the record, Facebook has some of the most flexible and robust privacy controls I’ve seen in any online social networking service. I never want to take for granted that Facebook engineers have built remarkable privacy controls into their product, and for that they should be rightly commended.
But unfortunately, since launching the Facebook Platform, the company has unwittingly introduced several privacy problems inherent in the platform’s structure. These issues are not without solutions, yet so far Facebook’s management does not appear to view them as serious or worth the time to fix. In this article, I intend to summarize four specific problems that I believe deserve a second look.
Problem #1: One Access Level
If an application retrieves user data, a user must give it full access. A review of the top 150 Facebook applications in October 2007 found that nearly 91% had access to unnecessary private data. Given the recreational nature of many top applications today, this statistic has probably not changed drastically. Users have become accustomed to authorizing even simple applications and do not know what data will be used prior to authorizing an application. Rogue applications can thus harness a wealth of user data, and even legitimate applications can misuse data or allow potential misuse. Solutions include privacy-by-proxy for FBML applications and offering tiers of data access. With the latter, users could be prompted more specifically for authorizing data beyond basic information.
Problem #2: Single-Click Authorization
Not only do users allow applications access to a wealth of data on authorization, this action only requires one click on a button when an application page is first accessed. This opens the door to clickjacking attacks, similar to attacks launched against Twitter users earlier this year. A user could click a seemingly innocent link that authorizes a rogue application. Solutions include code for detecting possible clickjacking, such as framebusting, and requiring additional interaction, such as a prompt.
Problem #3: External Script Access
Problem #4: Secondary Code Vulnerabilities
Since every application has full access to user data, any code vulnerability in an application becomes a security problem for Facebook itself. For instance, a recently uncovered cross-site scripting vulnerability in an application allows a malicious hacker to access a user’s profile data if they simply access a specially crafted URI. By giving applications access to user data, Facebook and its users trust third-party developers to build applications secure enough for handling personal information. Unfortunately, many developers overlook basic security measures. Once again, this issue can be thorny, but solving it starts with educating developers. Also, offering tiers of data access for an application could limit the impact of vulnerabilities in applications that only require basic information.
I personally have not witnessed any major concern or forthcoming solutions to these problems from Facebook, despite security researchers noting them for some time. I have already seen these flaws used in previous attacks on Facebook, and I can foresee them being used in future attacks of significant severity.
Addressing these issues, however, begins with awareness. Users need to better understand the ramifications of platform use and need to learn better habits for using applications. Developers need to better understand proper coding practices and help protect user data. Advertisers need to avoid using personally identifiable information and clarify how they target users.
Most importantly, though, I believe that Facebook needs to adjust their platform to continue their track record of respecting user privacy. But it appears this will only happen if Facebook users realize the severity of the situation and ask for a change.