Sunday, February 10, 2008

Sandboxing Facebook

My colleague Jonathan Zittrain asks whether Facebook should protect its users from rogue third-party applications, not least given the sensitive personal data it holds.

We talked about the missed opportunity for Facebook to control applications' access to users' data in a presentation last summer at GikII: Stalking 2.0: privacy protection in a leading Social Networking Site. In a nutshell, FB gives applications almost unrestricted access to users' data, even though in most cases it is not needed — and certainly not to turn friends into zombies or werewolves or play Scrabulous. FB holds almost every category of personal data categorised as "sensitive" by the European data protection directive. The best way to stop "rogue" applications from abusing this information is to stop them getting access in the first place.

JZ also compares the privacy impact of Web apps to traditional applications. In practice, while many operating systems (even Windows) allow users to sandbox their applications' access to user data, few applications use this functionality. Why, for example, does a document viewer launched by a mail client need access to anything other than its own application files and the relevant attachment? Restricting access in this way would make it harder for malware to spread through e-mail, but it seems that application writers are not yet putting the basic security principle of "least privilege" into practice.


Dave said...

I might not be understanding this right. I use Facebook (very rarely) and when I emailed them about other people getting info on me via things like applications or me getting sent info by a third party because of what I have put on my profile, I was told that I can control it. They implied that if I say I dont want others getting ino, I can stop them and the only people that would have access to my info are facebook (who would not pass it to others) and my friends.

Ian Brown said...

When you add an application to your profile in Facebook, you have no choice but to give it access to all of your personal information (except your e-mail address).