Facebook Quizzes_ Sharing Your Private Data

Have you ever taken one of those ridiculous and inane quizzes on Facebook that tell you which color you are (“I’m Orange! Now what do I do?”), which Harry Potter character you are (see above), or which superhero your dog resembles?

If so, all your private info is likely being shared with the quiz developers – whoever they may be. Those seemingly innocuous quizzes are actually apps designed to gain access to all of your personal information on Facebook. This unfettered access has alarmed many groups, including the ACLU.

The data mining doesn’t stop after you’ve finished taking the quiz. Once you’ve connected an app or website to your Facebook account, the developer can maintain that connection for months afterward. They can continue to request information about your profile and posts.

Facebook permissions

Facebook allows third-party developers to request access to personal information through more than 40 different “permissions”. The most basic permission is your “public profile”. Developers can ask for this information without any vetting on the part of Facebook. Your Facebook public profile is what shows up when someone Googles your profile. It includes:

  • Your name, profile picture, and cover photo
  • Gender
  • Schools
  • Workplace
  • Facebook username and ID
  • Age range
  • Language
  • Country

All other permissions are required to go through an “app review” by Facebook staff. You can accept or reject these permissions individually, bearing in mind some apps might actually need this information to function. They include:

  • Email address
  • Phone number
  • Facebook Groups
  • Birth date
  • Facebook Events
  • List of friends who use the same app
  • Hometown
  • Likes
  • Profile URL
  • Current location (city)
  • Photos
  • Posts
  • Tagged locations
  • Videos

Facebook has strict rules about how developers can use all of this information, but it has little means of enforcement. Often no action is taken against an abusive developer until after the damage is done, as we saw with Cambridge Analytica.

What You Can Do

Facebook apps

  • Any time you connect an app or website to Facebook, review the permissions and deselect any that aren’t critical to the app’s required functions.
  • Go into the Apps and websites section of your Facebook settings and remove any apps you don’t use or that require too many permissions
  • Be aware that fraudsters dig through Facebook and other social networking sites looking for information to about you. Creating quizzes – any lame quiz appears to spread rapidly across Facebook – are one of the simplest methods they have to collect data.
  • Adjust your Facebook privacy settings to project yourself. From the Facebook menu bar choose Settings > Privacy Settings > Applications > Settings. You should see a screen similar to the screenshot earlier in the article. Deselect anything you don’t want shared without your permission (I’d suggest deselecting everything).
  • Choose your Friends wisely. Many people are excited at the possibility of gathering hundreds if not thousands of Facebook Friends—many of whom are friends of friends instead of people they actually know. Anyone you accept as a Facebook Friend will be able to view your profile and postings unless you say otherwise.
  • Say ‘no’ to those playful/stupid Facebook quizzes – and any Facebook applications.
  • If you’ve connected an app to Facebook and removed it later, the developer may still have the information accessed from before. To remove it, you’ll have to contact the developer directly.

Facebook privacy improves post-Cambridge Analytica

For what it’s worth, Facebook tightened restrictions on what information app developers can access about Facebook users in light of the Cambridge Analytica leak in early 2018. Prior to that, app developers could request to see information about a Facebook users’ friends, even though those friends never gave consent for their information to be shared. That permission was removed in 2013, but some developers were grandfathered into the old policy and were exempt from the restrictions until 2018.

Today, apps connected to Facebook can only see information about the user who added them to their account. Furthermore, if you don’t use Facebook to log into an app for more than 90 days, the developer can no longer make additional requests for your data.

Still, Facebook’s platform policy leaves a lot to be desired in regards to end user privacy.