Facebook’s uphill battle against rogue apps

November 29, 2010

OMG! I can’t believe the see-who’s-viewing-your-Facebook-profile scam is back again! And that so many people are falling for it!

A Facebook app called ProfileSpy is purporting to offer Facebook members one of the most demanded services Facebook won’t allow: data on who is looking at your profile. Facebook knows, of course, since it collects that data. If you had a web site or a blog, you could track it easily for free. But Facebook won’t share it.

Neither will ProfileSpy, and other rogue apps like it. Instead, according to security software company Sophos, which alerted Facebook and others to the scam, the app will request permission to access private data, such as your picture, demographic data, lists of friends and any data you’ve shared with everyone. It will also ask that you let the app send you emails, post to your wall and log in as one of your pages. Then it will post an update to your friends that reads: “OMG OMG OMG… I cant believe this actually works! Now you really can see who viewed your profile!”

What it won’t do is let you know who is accessing your Facebook profile—but you won’t find that out until after you’ve let it scrape your private data onto its servers. It’s not the first time that rogue apps have tried this. Facebook has gotten better at fighting such scamming apps, but this one snuck through.

So did another scam that claims to provide revolving images on your Facebook page after you cut and paste a snippet of javascript code and put it in your browser. A recent report from another security software company, BitDefender, said a fifth of Facebook users are exposed to posts containing malware, largely through rogue apps. Most of those threats aren’t as damaging as computer viruses. But many are after personal data and, as the revolving-images scam shows, are experimenting with new ways of collecting it.

Scams and malware are an inevitable side effect of the web’s evolution, especially with a company growing and innovating as quickly as Facebook is. But in Facebook’s case, its insistence on collecting and sharing personal data with advertisers has created a platform that is all to easy for scammers to harvest this data for themselves. How Facebook handles that threat will affect its sustained popularity in the long term.

No comments so far

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/