Dilshan Kathriarachchi
So you’ve been on Facebook for what seems like forever, and it seems like all your friends and family have gone through the same great migration, too. The social networking service has grown on you so much that you can’t remember the last time you used email to send out a quick note to someone.
With years worth of private conversations, thousands of trigger-happy photos and practically a complete account of your recent social existence residing scattered across Facebook’s extensive data farms, do you really know how well sensitive material is locked away from prying eyes? Do you really know who has access to your personal data?
The rise of Facebook was predominantly based on its primary competitors not providing adequate security and privacy controls to users. For this very reason, the service has allocated a significant portion of its resources towards maintaining its image as the most secure repository of social data.
Facebook allows two distinct ways for third parties to gain access to your personal information: Facebook Connect and Facebook Applications. Both options provide plenty of control that allows you, the user, to decide who gets access to your information and in which capacity. For instance, you could revoke the permissions for updating your Facebook Status with that status-spamming zombie role-playing application, which somehow managed to recruit all your friends. This is made possible through Facebook when users grant third-party applications access to some aspects of your account, while imposing restrictions on others.
However, there has been a growing trend of spammers and identity thieves abusing this trust-based system of dealing with personal data. It usually comes in the form of a shabbily put together application, but is occasionally cleverly piggy-backed on a seemingly professional and useful service. Once the unsuspecting user grants access the service illegally scrubs the user’s account for profile data, photos, videos and even possibly attempts to propagate itself to the user’s friends through Facebook invites.
To counter this particular privacy and security breach, Facebook introduced a voluntary application verification process last year, which eventually came out of beta last month. For a fee of $375, Facebook analyzes the functionality, scope and security of a given application. The findings from this review process determine if Facebook verifies the given application or not on it’s Applications Directory. Verified applications are distinguished from the rest by a green check mark under the application’s listing and looking out for this sign is a great way to avoid sketchy apps from third-party developers. Furthermore, only verified applications find their way onto the featured list within the Applications Directory, providing a great incentive for developers to undergo the verification process.
While the new verification process seems largely restricted to Facebook Applications, there are definite signs of it being extended in the future to the now popular Facebook Connect service that allows interaction between the service and external sites.
With Facebook branching out into new and exciting functionality such as payment processing for services and virtual goods, along with sharing your information and activities with other external sites via Facebook Connect, understanding how to protect your identity on the service becomes increasingly more important.
