How to scrape Facebook user data - a BBC beginners guide.

Thursday, May 1. 2008

How to scrape Facebook user data - a BBC beginners guide.

We've been warning about the dangers of Facebook scraping and privacy till we went blue in the face, but maybe this report from the BBC will serve as a wake up call.

We have discovered a way to steal the personal details of you and all your Facebook friends without you knowing. We made up the fictitious profile of Bob Smith. He keeps most of his details on his profile private from non-friends.

While we could not get all details, what we did get, included his name, hometown, school, interests and photograph, would certainly help us to steal someone's identity.

So how did we do it?

Using a couple of laptops and our resident coder Pete, we created a special application for Facebookers to add.

One of the reasons Facebook has become so popular so quickly is because of the wealth of applications users can add to their profile pages. Little games, quizzes, IQ tests, there are thousands of them available. And once you have added an application, your friends are encouraged to add it too.

Anyone with a basic understanding of web programming can write an application.

We wrote an evil data mining application called Miner, which, if we wanted, could masquerade as a game, a test, or a joke of the day. It took us less than three hours.

But whatever it looks like, in the background, it is collecting personal details, and those of the users' friends, and e-mailing them out of Facebook, to our inbox.

When you add an application, unless you say otherwise, it is given access to most of the information in your profile. That includes information you have on your friends even if they think they have tight security settings.

Did you know that you were responsible for other people's security?

You didn't know that? (Well, if you read this blog you probably did....)

Update - I note Rory Cellan-Jones also chips in:

I've always been pretty relaxed - both because I'm very careful about how much information I give away, and because I think I know my way around privacy settings.

But an investigation by my colleagues at Click has made me think again.

Interesting - I met him at a Web awards do last year that he was compering, and brought this up at the time as he had just set up a Facebook group and profile - but Summer 2007 was not the time to tell UK Meedja people newly in love with Facebook about its dark side

)

Posted by Alan Patrick in Social Networks at 20:59 | Comments (2) | Trackbacks (0)

3933 hits

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

Seriously though T'Internet has always been hackable, FB is not the focus, self-responsibility is:

http://www.chrishambly.com/content/facebook-fear-clouds-our-judgement

#1 Chris Hambly (Homepage) on 2008-05-01 22:00 (Reply)

Chris, I know - but you are hackable on Facebook if one of your "friends" plays the idiot - thats the difference.

Also, Facebook could be better. Speak to any of the teams that develop Facebook apps about what they can take off a profile....

#2 alan p on 2008-05-01 22:12 (Reply)

Add Comment

Name
Email
Homepage
In reply to
Comment	Enclosing asterisks marks text as bold (word), underscore are made via _word_. Standard emoticons like :-) and ;-) are converted to images. E-Mail addresses will not be displayed and will only be used for E-Mail notifications To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly. Enter the string from the spam-prevention image above:
	Remember Information? Subscribe to this entry