There is a story on TechCrunch today about an experiment run by researchers at the University of British Columbia Vancouver, who infiltrated Facebook with bots and managed to gather information from thousands of users, totalling over 250GB. At first you’d be expecting everyone to be up in arms about Facebook over sharing, or having another moan about their privacy settings, but this is far from the case.
If you want the technical details of the experiment, you can read the original TechCrunch article, but to summarise, the UBC team created 102 ‘fairly believable accounts’, that would send friend requests to random people. Once they were accepted by someone, they’d then find it much easier to become friends with that person’s friends. As soon as you are Facebook sees you are friends with someone, you are then able to view whatever information they have made available to their friends.
So the bots went about harvesting this data from their ‘friends’. Facebook has no way of telling if you actually know the person you just confirmed as being a friend, so it’s not like this is flaw in the social network’s security. It boils down entirely to human judgement, and the fact that you have accepted that person as a friend without actually knowing them from Adam. For anyone to complain that this is another example of Facebook getting their data privacy agenda wrong would be rather naive.
This experiment by UBC serves to remind us all that when it comes to sharing private information, it won’t remain private for very long if you aren’t particularly stringent about who you grant access to it. I’m glad that the majority of the comments I read beneath the original article recognise this fact, as it’s too easy to blame Facebook for what is a blatant user error. Facebook is a wonderful place to share things with your friends, but as soon as you let someone you don’t actually know into your trusted network, then whatever privacy breaches that befall you are entirely on your own head. For sharing more sensitive information and data, a more private social network would be suitable.