When I logged into the ‘free‘ airport wifi at Calgary airport a few moths back I was in invited to either give “BOLDstreet Wireless” permission to my Facebook account or otherwise pay a few dollars for an hour’s connection.
At first I thought was a strange choice, until it dawned me on that this WiFi company was essentially putting a marketing $ value on my Facebook account… Hand over access and they’ll monetize my account in some untransparent way in order to cover the cost of the not-so-free-anymore wifi.
It turns out BOLDstreet Wireless has built this out as a product which companies like Calgary Airport Authority can be purchase to track, monetize and analyize public wifi hotspot activity.
In true hacker mentality I logged in with a fake developer account I use for testing purposes – but whatever.
I forgot all about this until today when I was invited to do exactly the same – give permission for an app to access my Facebook account in return for a ‘free’ Häagen-Dazs ice cream.
Now, there is nothing new or usual about companies wanting to get a little information about your for the CRM systems in return for providing a free sample. But there are some stark and concerning differences created with this new approach:
- Unlike a survey which questions you directly, there is no transparency as to what information is being taken
- In addition to my own profile data, limited data about my friends is being handed over too.
- A fresh snapshot of this information can be requested at any time due to the fact permission persists until the user turns it off
- More personal data might be made available in the future as Facebook evolves the data they store about you – eg phone number
Perhaps one of the most concerning aspects of all this is the fact that BOLDStreet and Häagen-Dazs are potentially getting access about me through my friends using their service – data I did not give either company permission to have. In fact, I wouldn’t even know if they had this information.
There’s nothing new per se with the issue of applications having access to this data – this has been the case since day 0 for apps. However, one argument has been that socially orientated apps need this information in order to be able to provide a social experience. But this use case is certainly new and doesn’t warrant these types of companies gaining access about a user’s social graph in addition to the user’s personal details directly.
From my own experience, this is becoming a common trend. Facebook Connect certainly has advantages but it also has disadvantages too. Be careful who you are giving permission to your account to and make sure you regularly review the list of companies and apps with permission to access your profile (ditto for Twitter too).
There’s a strict policy on how apps are allowed to use information about an authorised user’s friends – ie, the friend data can only be used to enhance the experience of the authorised user (eg so they can see their friends high scores in a game). You can’t collect the data for other purposes – and you also can’t access their contact details.
That said, if you’d prefer that your friends weren’t able to authorise applications to view some of your data, you can disable this permission in FB -> Privacy Settings -> Apps and Websites -> Information Accessible Through Your Friends – where you can select which data is and isn’t available to third party apps via your friends.
Admittedly, that setting’s not that easy to find, or widely known about…
Comments are closed.