Facebook to allow 3rd parties to access home address, phone number

Facebook:

We are now making a user’s address and mobile phone number accessible as part of the User Graph object. Because this is sensitive information, we have created the new user_address and user_mobile_phone permissions. These permissions must be explicitly granted to your application by the user via our standard permissions dialogs.

For All Facebook, normally more of a fan-site, to wax careful, says quite a lot....

The timing of the post couldn’t have been more questionable — just as most people were leaving work on the west coast and Facebook employees were beginning their weekly happy hour at Cafe 6. Granted, the company’s job is to make this post appear as though it’s just another day at the social network, in an effort to play down the significance of this new functionality. Over the weekend a number of publications began discussing the issue, the most sensational of which comes from Sophos, which writes “Rogue Facebook apps can now access your home address and mobile phone number.”

It’s true. Facebook’s new permissions gives those developers with bad intentions access to a greater amount of personal information. The flip side is that this isn’t exactly credit card information. However, as developers gain access to more information, the question arises: Is the company doing enough to protect our personal data?

There are a number of issues, best commentary I have seen is on Hacker News comments - they are over here, but here are the excerpts that really help in my view - Analysis:

What they are infact doing is now allowing third-parties to request extra, and very very personal, information about you using the same dialog that people have effectively now been trained to basically click-through.

I really think this dialog needs two things:

1) Something that highlights the fact you are allowing third-parties access beyond your basic profile. All personal information is not equal.

2) A way for the user to opt out of sharing this extra information. As a result, the app may have to deny you access if it really really does need your address (why it would is hard to imagine), but this "all or nothing" approach seems wrong to me.

And...

...what I really don't like about this is not that they are doing it, but they won't share it with their users unless the tech world makes a big deal out of it, which they will. So they announce it on the dev blog, but not the public blog, which I think is poor form at a minimum.

I looked through my profile info and I didn't see a way to hide my phone or address from applications, which means that I have to choose to not post them on Facebook, or provide access any time I want to use an app that requests them.

Obviously, this is much more useful to developers than it is users.

And....

I have been wondering that for a while; why isn't there a conditional permissions system that you can choose what gets shared or not. It wouldn't be that hard for app developers to sanity check for what is available or not, and tell the user if it is an issue.

The all of nothing mentality is flawed, much like most of Facebook's decisions it seems. (imo)

[which elicited the reply]

It is not flawed by any means - from Facebook POV.

More to the point, it is probably time to go back to some Old Fashioned Internet advice:

I seem to remember that not so long ago it was standard advice not to give out your address or phone number to people you don't know on the internet.

......

Most people also didn't use their real name online. Facebook played a huge role in changing that.

Sensible advice would now be, in order to protect your privacy, that it's probably time to start using false names, no or false address, and never give out your 'phone number - simply because although no doubt the belief is that the apps using the data are benign, the reality is that some won't be (or at the very least, its worth being careful while watching and waiting) - especially as this is now a high stake game - last word to Hacker News:

With a multi-billion dollar valuation, I'm sure that the majority of Facebook's value is in all information it gathers about you. Is this any surprise to anyone? One way or another Facebook is trying to monetize your info. Maybe it's just me but there always seem to be some kind of news fading away about Facebook privacy. I'm my theory that's why they are worth so much. Don't think they are going to stop doing this anytime soon.

Caveat Emptor, as they say...........