Even if you have restricted who can "Friend" you and look at your pictures, all it takes is one of those friends to give away everything you've ever done and said without even being aware of it.
[Slashdot] "Back in June, the American Civil Liberties Union published an article describing Facebook's complete lack of meaningful security on your and your friends' information. The article went virtually unnoticed.Now, lots of people are OK with this kind of thing. They say, "I don't post anything I don't want other people to see." Others just don't realize what's happening under the hood.
Now, a developer has written a Facebook 'Quiz' based on the original article that graphically illustrates all the information a Facebook app can get its grubby little hands on by recursively sweeping through your friends list, pulling all their info and posts, and showing it to you.
What's more, apps can get at your information even if you never run the app yourself. Facebook apps run with the access privileges of the user running it, so anything your friend can see, the app they're running can see, too.
But it's this part that weirds me out: "recursively sweeping through your friends list, pulling all their info and posts". That is just a little too Orwellian for my taste. Now I've been in the business long enough to know there is no such thing as true privacy on the Net, but does it have to be broadcast by default?
[ACLU] By default, Facebook’s privacy settings let applications access information on your profile even if you have restricted access to a specific network or friend group (as application privacy settings are separate from profile privacy settings). In addition, Facebook’s default settings allow applications run by your friends to pull information from your profile.Is that really a sane default? It took us 20 years to beat Microsoft into submission over shipping their software with security settings enabled. Sun Microsystems finally followed suit. Everybody wants the "just works by default" option because it reduces support costs and allows for easy adoption. The problem is, that's crazy insecure. It's just not necessary to have access to all that data just to make a little widget, poll, or app.
The bottom line is, this policy has the company and developers' best interests at heart, not the users. Anybody with the bling-bling app-of-the-day can recursively get your and all your friends' information with a click of the mouse. (Elf bowling anyone?)
With all the skeevy types out there, I just won't be "friending" you any time soon. Sorry. See you in Meatspace.