Collaboration SuitesMarketingRegulationSecuritySocialMediaSoftwareSurveillance-ITWorkspace

Critics Bash Facebook For Sharing Phone Numbers

Peter Judge has been involved with tech B2B publishing in the UK for many years, working at Ziff-Davis, ZDNet, IDG and Reed. His main interests are networking security, mobility and cloud

Rogue apps will be able to harvest contact details shared by Facebook, warn experts

Security experts have advised users to remove their mobile phone and home address details from Facebook, as changes to Facebook’s privacy settings will make it dangerously easy for rogue apps to get access to personal details.

Facebook is now sharing users’ phone numbers and home addresses with third party applications. Malicious applications – which already share Facebook identities – will pass phone numbers and address details to spammers and criminals, according to security expert Graham Cluley of Sophos. The warning is just the latest of several recent privacy warnings about the site.

Cluley: remove your details now

“My advice to you is simple: Remove your home address and mobile phone number from your Facebook profile now,” said Cluley in a blog post, commenting on a change made by Facebook on Friday.

“We are now making a user’s address and mobile phone number accessible as part of the User Graph object,” Facebook’s  Jeff Bowen announced on a developer blog on Friday. This means that when a user adds a new application or service in Facebook, the site will offer to share the user’s details unless told not to do so in a dialogue box.

“Because this is sensitive information, we have created the new user_address and user_mobile_phone permissions,” explained Bowen. “These permissions must be explicitly granted to your application by the user via our standard permissions dialogs.”

However, the dialogue is not explicit enough, according to Cluley: “I realise that Facebook users will only have their personal information accessed if they ‘allow’ the app to do so,” he said, “but there are just too many attacks happening on a daily basis which trick users into doing precisely this.”

“It won’t take long for scammers to take advantage of this new facility, to use for their own criminal ends,” Cluley warned. A rogue app could collect phone numbers to be used by SMS spammers and cold callers, or gather street addresses for use in identity theft crimes.

Facebook’s privacy history

Over the last year, while user numbers have climbed beyond 500 million, Facebook has been criticised for its handling of user privacy, beginning in January, when Facebook founder Mark Zuckerberg said that users no longer need privacy and want to share.

Since then, it has revamped its security settings, but  has admitted that  rogue applications already share personal information, with spammers and marketers.

On some measures, Facebook has overtaken Google as the most popular site, and it is seeking ways to capitalise on this popularity. A recent $450 million investment from Goldman Sachs valued the company at $50 billion (£32bn).