• 
• 

 1 of 2

Gallery

Poking into Facebook security

Posted on 4 Feb 2010 at 11:32

Davey Winder wonders if it's time Facebook adopted Apple's approval process for apps

Google “site:www.facebook.com/” and it will return around 745 million Facebook profiles containing personal information. If that comes as a surprise to you then it’s probably best to sit down before reading on.

These profiles that show up in Google searches are there by accident, almost certainly because individual users and organisations have posted badges and links to them from other sites. Worse, Facebook profiles are now officially available via Google, and with the default assumption that your discovery is open to “everyone” rather than only friends or friends of friends.

Facebook also informs me that those members under the age of 18 will not have their profiles displayed by Google until they are “no longer minors”, which should be interesting considering so many kids lie about their age on Facebook. If you wish to prevent your Facebook details, including name and profile photo, appearing in Google searches then you’ll have to change your privacy settings which can be accomplished by heading for Settings | Privacy | Search | Public Search Listing, and making sure that the “Create a public search listing” box isn’t checked.

If you don’t mind your Facebook profile being visible to Google in this way, then you might want to at least take a look at the Search Result Content options on the same page, where you can choose what information about you will become visible within that Google search listing (so you could remove your profile picture visibility, for example).

Are you still sitting comfortably? Good, then I’ll continue with another bit of news that’s pretty sure to upset many Facebook fanboys. I appreciate that for many of its users the biggest draw of Facebook is less the fact that you can collect a virtual social circle of friends, and more that you can play incredibly stupid and annoying games with them.

It was the endless proliferation of these puerile applications that was largely responsible for driving me away from Facebook – the never-ending stream of invites to join someone in a game of virtual Scrabble, or discovering that if online friendship were measured in dollars I’d be worth $12.50 to one friend and $100 to another.

There has certainly been some of this “dumbass game creep” on Twitter too, most notably that Mafia Family nonsense with Direct Message invites to join the pretend crime family of some loser with too much time on his or her hands and not enough real-world friends. But at least Twitter remains application-free for now.

Annoyingness isn’t the only reason that I’m so hostile to Facebook applications: there’s also the security angle. Was it really a whole two years ago now that I was warning readers about the malicious Facebook application Secret Crush, which back in January 2008 had been added by more than a million users? Yes, indeed it was, and this case turned out to be typical of social networking viral notification methodology.

Someone would add the app and then their network of friends received a notification that one of their friends had the hots for them: the only way to find out who was to add the app yourself, and to invite another five of your friends to also add it. What was actually being offered was for you to download a crush calculating application, which then led you straight into an infamous adware system called Zango.

A year later, Trend Micro was reporting that Facebook had been hit by four rogue applications and was warning that it expected such “proof of concept” malware apps to be replaced by more sophisticated schemes before very long. I think that time has now arrived.

Download a year of Davey Winder's Online Security columns by heading to our Free Downloads site