What Do Facebook Users Gain From Sharing Data?

Graham Cluley, senior technology consultant at IT security firm Sophos, has been ruffling a few feathers over at Facebook, after he posted a blog yesterday warning users of the social network that third party application developers can now access their home address and mobile phone number.

Cluley acknowledges in his post that Facebook users will only have their personal information accessed if they “allow” the application to do so. However, he points out that Facebook is already plagued by rogue applications that post spam links to users’ walls, and that spammers often try to trick users into giving their permission for access to their data.

Facebook has been quick to respond to the issue – which is not surprising considering the site’s history of privacy controversies. The official statement from a Facebook spokesperson says that Facebook gives users absolute control over the information they share, and claims that the update was made “to improve the user experience of applications”.

Improving user experience?

My initial response was to ask how a user’s experience could possibly be improved by developers having access to their personal contact details. Facebook says that the feature will rid users of the need to enter their address every time they buy something online that needs to be shipped, or the need to enter their phone number when they might need to be called or sent an SMS to track an order.

“A frequently used e-commerce application or website is better when it has your address stored for a faster checkout, and an airline can serve you better if it has an always-up-to-date mobile number to reach you for last minute itinerary changes,” said Facebook.

In the first place, when I shop online, I have never found the process of entering my contact details any more inconvenient than, for example, entering my credit card details – something that Facebook will certainly never be getting its hands on. Furthermore, I would usually rather have my purchase delivered to my work address anyway, so my personal address is irrelevant.

Secondly, the idea that any airline would phone me up to tell me of last minute changes to my itinerary is, frankly, laughable. I would be surprised to even get an email – as would most of the people who were stranded in UK airports for days on end before Christmas, due to the snow.

Thirdly, when I weigh up the minor inconvenience of typing in my personal details a few times with the avalanche of spam that is bound to pour through my door, and the irritating marketing and sales calls I am likely to get every few weeks, I know which option I would choose.

Giving developers the benefit of the doubt

In one particularly telling part of its statement, Facebook says: “We encourage developers to think about the information they really need to make their application effective and to keep this to a minimum to encourage more engagement. If you do come across an application that you find suspicious or inappropriate, we actively encourage you to block and report it in the same way as you can individuals, groups and Pages on Facebook.”

In other words, Facebook automatically assumes that the majority of developers are scrupulous enough to ask only for the information required for the application, rather than the details that will allow them to promote their product. Only applications that are reported to be producing spam by the users will be investigated by Facebook.

On its developer blog, Facebook posted an image of the new ‘Request for Permission’ box that will appear when users try to access an application. The widget lumps together access to basic information (such as profile picture, networks and friends) and contact information (address and telephone number).

The only options users are given are to allow access to both sets of data, or to refuse access entirely, which would presumably prevent a user from accessing the application at all. So any user who wants to use that application has no choice but to hand over their contact details – unless of course, they have not entered them in the first place, or deleted them from their Facebook account after reading this article.

Who stands to gain more?

In a sly dig at Sophos, the Facebook representative who contacted eWEEK Europe pointed out that Sophos employees make their livings by selling products that claim to solve the problems they are espousing. “Sophos have expertise in security, but so does Facebook,” she said.

While Sophos is indeed an IT security company, I fail to see how raising a potential security issue with Facebook is of any direct benefit to Sophos. The company does not offer any products to mitigate against SMS spamming or cold-calling. The most Sophos stands to gain out of this is to raise its profile as a security company with a sharp eye on the industry.

Facebook, on the other hand, has a great deal to gain by encouraging its users to do their online shopping within the social network’s walled garden. The more time people spend on the site, the more ad impressions Facebook can deliver, leading to better stats and greater revenues for the company.

As far as I can see, Facebook’s introduction of this new feature is a blatant attempt to cosy up to developers. It delivers very little benefit to users of the site, and Facebook is simply hoping that enough users are careless or clueless enough to roll with it. My advice: delete your contact details now.