While Facebook has gone to great lengths to improve privacy controls on its site, it would seem that many Facebook users do not show the same level of commitment to their own privacy. Recently, the Australian branch of the internet security firm Sophos conducted a study in which they created two fake profiles (Daisy Feletin, 21 year old single female and Dinette Stonily, 56 year old married female) and then sent 100 randomly selected friend requests to users matching those age groups.
Despite the fact that these were entirely fictitious profiles, nearly half of the the friend requests for both Daisy and Dinette were accepted, exposing users’ dates of birth, e-mail addresses, places of work, phone numbers, and even home addresses. Even worse, by accepting the fake Sophos-created accounts, these users exposed much of their own friends’ information as well.
Check below for the full results of the experiment.
| Information | Daisy Feletin | Dinette Stonily |
|---|---|---|
| Friends accepting | 46% | 41% |
| Total friends gained | 46 | 49 |
| Full d.o.b. (D/M/Y) | 89% | 57% |
| Partial d.o.b. (D/M) | 9% | 35% |
| Email address | 100% | 88% |
| College or workplace | 74% | 22% |
| Town or suburb | 50% | 43% |
| Full address | 4% | 6% |
| Phone number | 7% | 23% |
| IM screen name | 13% | 18% |
| Family and friend data | 46% | 31% |
| Average no. of friends | 220 | 932 |
As Sophos observes in their recap of the study,
“Ten years ago, getting access to this sort of detail would probably have taken a con-artist or an identify thief several weeks, and have required the on-the-spot services of a private investigator. Sadly, these days, many social networkers are handing over their life story on a plate.”
Because I spend so much time writing about social networking, web privacy, and internet security issues, I sometimes forget that many people simply don’t think about the importance of their online identities. Facebook can make as many modifications to their privacy controls as they want, but as long as there are users unwilling to use common sense about what they should and should not be doing online, there will always be a problem keeping data secure on social networking sites.
3 comments ↓
Facebook was presented to me as a way to build my business via networking. Many whom I’ve befriended are also on facebook to build their business connections. With that concept, one would have to add unknown friends. Also, if someone simply googles your name, it is easy to find their address, etc. There’s lots of personal information on the internet about a person that the person did not place there themselves. So, please explain how building a network of friends on facebook is any worse than just being alive and vulnerable to GOOGLE.
Thank you for your comment Karen. While I understand your position and I compliment you for taking the initiative to use Facebook as a business networking tool, I don’t think that that is the primary reason why people use the site. Compare Facebook to a professional networking website such as LinkedIn for example. On Facebook, most users share considerable levels of personal information, from their favorite movies and TV shows to their phone numbers, home addresses, and more. While this information is valuable to share with friends, it is not necessarily the most appropriate to share with strangers. On LinkedIn, however, the community is geared toward business networking. Though it is not 100%, there is a built-in way of determining a person’s authenticity on LinkedIn based on their work history, mutual acquaintances, etc.
If you limit the information on your Facebook profile to things that are only relevant to your business identity (and you’re comfortable with sharing this information), then it is probably okay to accept the occasional “blind” friend request. However, as I said before, I don’t think most Facebook users (and certainly not the ones in this study) are taking the same precautions that you are.
It’s obviously much easier for someone to find your name/telephone number/address by sending you a friend request on facebook than it is to try and find the information through Google. For one, there may be dozens of people or more that share your name in the world of Google, but conveniently enough on facebook your name comes with a lovely picture. Also, the only way they can find that information through Google is if it exists on a website elsewhere. Reputation Defender has provided plenty of resources for people to make sure they know who has access to their personal information, and not just on facebook.
No matter what your reasons for using facebook- personal or business networking- if you’re going to accept friend requests from strangers at least make sure you’re not giving out your home address and phone number. It’s just common sense.
Leave a Comment