A couple of days ago I blogged about a disturbing new way that Facebook was sharing information without notification or authorization. A friend of mine pointed me to an article on ZDNET that described the issue and what was happening. The “feature” is called “Instant Personalization” and the concept is simple. The concept is not comprehensible, but it is simple. I go to Yelp to read reviews about the gym that is closest to my house and Yelp shows me what a friend 1,000 miles away is up to. This somehow is supposed to be fun and relevant to me as I read about how the gym has a history of making it difficult to cancel memberships. Make sense? It does to Facebook and Yelp somehow. I’m sure this isn’t the finest example. I’m sure if you were searching for an Alcoholics Anonymous Chapter near you that Bing would show you what friends are in the bar right now, and Facebook thinks that’s a brilliant application of technology.
After publishing the blog, another friend checked his account settings and found that Instant personalization isn’t available to him at this instant, but that it has already been pre-enabled for deployment and he is not allowed to opt out of it. The check box is grayed out so he cannot deselect it. Paul Laudanski covers this option in his Facebook Privacy: An Easy How-to Guide to Protecting Yourself. What will happen is at some random point in time, Facebook will go to great lengths to avoid letting him know that they have enabled the feature and are automatically authorizing apps without asking him if he wants them. These apps will share varying degrees of his data with third parties and without his knowledge and Facebook plans do to the same thing to you if they haven't already.
Facebook has taken away your ability to approve an app before it is installed and is sharing your data without notification or approval.
The only reasonable option Facebook provides to allow you to prevent them from signing up corporate stalkers is for you to disable ALL platform apps.
You’ve been warned.
Randy Abrams
Director of Technical Education
Cyber Threat Analysis Center
ESET North America
