Jefferson's Wheel

The Chronicle of Higher Education has an article about Adrienne Felt’s Facebook privacy study: Study Raises New Privacy Concerns About Facebook, 4 February, 2008.

Another report from WINA 1070 AM:

A UVa student is examining a popular social networking site

A student at the UVa Engineering School is investigating Facebook’s information vulnerabilities. Fourth-year student Adrienne Felt is in charge of a research project dealing with privacy issues having to do with applications on the popular social networking site. Facebook allows independently developed applications to appear in user profiles; when these applications run, the developer is given access to the user’s available information, causing a potential security breach. Felt’s goal is to make users more aware of how their information can be unknowingly accessed.

From ACM TechNews, 1 February 2008: University of Virginia Engineering School Student Probes Facebook’s Vulnerabilities

University of Virginia computer science major Adrienne Felt is leading a research project focusing on privacy issues surrounding the Facebook social networking site, and is investigating the information sharing that takes place when users download a Facebook application. Although the applications add variety to a Facebook user’s profile page, they also increase the user’s vulnerability. Anyone with a Facebook account can create and distribute an application. While the applications appear to be part of Facebook’s platform, they are actually running on the developer’s server. When a user installs an application, the developer is capable of seeing everything the user can see, including names, addresses, friends’ profiles, and photos. “Since all applications receive access to private information,” Felt says, “this means that 90.7 percent of Facebook’s most popular applications unnecessarily have access to private data.” There are currently no restrictions on what applications, and their developers, can do with user information, and while Facebook’s “Terms of Use” warn developers not to abuse the data they have access to, there is no way for Facebook to enforce this rule, Felt says. “An application developer could easily acquire personal information for millions of users,” says U.Va. computer science professor David Evans. Felt’s goal is to close this privacy loophole with a privacy-by-proxy system she developed that will allow Facebook to hide user information while still maintaining the applications’ functionality.

WCAV had a story on Adrienne Felt’s work on Facebook platform privacy risks:
UVa Student Raises Facebook Security Concerns, WCAV TV 19 News, Charlottesville, VA. (Includes a video clip from the newscast)

Many use the social networking site Facebook without ever thinking about security but you could be leaving yourself vulnerable anytime you share music or play a game. Facebook applications are not necessarily from Facebook.