On Facebook, privacy is a constant concern for many users. No one wants private information or photos to be visible to the entire Internet world, but what can you do about it? There are settings you can change, to prevent public access, and you can refuse access to any third-party app, but researchers at Penn State have a better solution. By redesigning the privacy authentication dialogue (The part where the app asks if you want to allow access) researchers Heng Xu, Na Wang, and Jens Grossklags have worked to, in the words of Heng Xu, “give Facebook users better privacy control and awareness and help users better manage their personal information flow to third-party apps on Facebook.”
Privacy on Facebook
As we all know, Facebook sometimes changes default privacy settings automatically, so it’s important to keep up with the latest changes, if you don’t want to find that those posts you intended to keep private end up public. Unfortunately, however, keeping your public/private settings in check is not the only problem you may have with privacy. As Facebook users, we’re constantly assailed with applications asking for access, from sharing your birthday and accepting someone as a family member to playing games and taking quizzes.
Each time you allow a new app to access your account, you’re opening the door a little wider – and the app continues to have access to your private information, even after you’ve closed the window. What can they do with that access? The access you’ve granted could be anything from the ability to email you, read your friends’ posts, to even posting as you on Facebook.
It all depends on the individual app’s Terms and Services, which you always read before you click ‘Allow,’ right? No? Don’t worry, you’re not alone. The difficulty in figuring out which apps can see what information, and the general privacy concerns associated with the opaque acceptance policies of Facebook apps is behind the Penn State research team’s interest.
Decoded Science had the opportunity to ask Hen Xu, one member of the team, about their research on December 15, 2011.
Decoded Science: Facebook apps harvest information from users. Does Facebook have an obligation to make that more clear to the people using their website?
Xu: We believe so. As a service provider, we believe that Facebook should make users understand what’s going on regarding their personal information.
Decoded Science: Do you think that Facebook will take steps to integrate your work, to protect users of their site?
Xu: Actually, Facebook upgraded their authentication and authorization system for third-party apps recently since October 14th, 2011, right after we launched another round of experiment. Now the current authentication and authorization dialogue is a two-page authentication and authorization dialogue. Users and friends permissions are listed in the first page of this dialogue, and extended permissions are listed in the second page. In this latest version of the authentication and authorization dialogue, Facebook began to empower users control over removing extended permissions and letting users to decide who can see the posts from the app, which is highly similar to our proposed designs. This is a good improvement of the old version of the authentication dialog, but there still has room for improvement.
Decoded Science: What do you think is the most important implication of your research?
Xu: We aim at helping users: 1) better understand privacy implications of data disclosure and sharing on social networking sites, 2) provide users with an interface that enable them to better manage their personal information transmission on Facebook.
Decoding Science. One article at a time.