Facebook announced on Friday a change to its developer and privacy policies - one that it temporarily reversed 48-hours later. In its original announcement, Facebook said it would make a user's address and mobile phone number accessible as part of the User Graph object - meaning third party developers of games and apps would have access to this sensitive information. The information would only convey to these companies if the user opted-in as part of a special permission requirement Facebook would create just for this data. Also, it added, access would only be provided to the user's address and mobile phone number - not to friends' addresses or mobile phone numbers.
Privacy and security advocates immediately protested the move - with the worst warnings coming from Sophos security research Graham Cluley. He said that the information would lead to identity theft, especially when it was coupled with other data available on Facebook. The opt-in form would also desensitize Facebook users to tactics that rogue developers use to gain personal data. Privacy advocates had their complaints too: the opt-in form is confusing, said Marc Rotenberg, EPIC executive director (via the E-Commerce Times), and some users might think it was essential to complete if they wanted to access the app. Also, Facebook could easily change the settings later on to opt-out.
It was too much for Facebook. Now the site says it is temporarily disabling the feature until it has something in place that will ensure a user only shares the information when he or she intends to. It will re-enable the feature in the next few weeks.
A Third Way?
It is unclear what further protections Facebook might incorporate, however Cluley’s initial warnings and subsequent suggestions have been widely referenced. Wouldn't it be better, he suggested, if only app developers who had been approved by Facebook were allowed to gather this information? Or the app could request it from users, specifically, rather than automatically grabbing it. For legitimate app developers this wall garden approach - similar to what Apple has in place with its App Store - might be the best route.
Increasingly, privacy advocates and even Congress are becoming aware of the privacy slippages that occur with third party apps and raising calls for regulation. Meanwhile, consumers are learning they should not trust third party apps. Cluley’s advice to users was also widely repeated: "Remove your home address and mobile phone number from your Facebook profile now. While you're at it, go through our step-by-step guide for how to make your Facebook profile more private."