In the comment section at the bottom of the Songza page, each comment has a photo and a name attached. This is how it looks:
As you can see, we get a bit of information from each commenter, always a photo and a name. Why is that? Because you cannot keep your Facebook name and profile photo private, they have to be shared as part of your agreement with Facebook. Just about everything else can be hidden. Just about, those are the key words.
Yesterday, we decided to play with the settings. First, we commented, then we checked the site from another browser, just to see what we could find out from the link to the Facebook profile. Turns out the comment had the name of the poster AND his location.
We headed back to our Facebook profile and hid where the poster was from, simply by setting Location (under Privacy, then About, then Location and Edit) to ‘Only Me’. Back to Songza to refresh the page and see what the comment looked like after the change. We were shocked to see that instead of the commenter’s location, we were now able to see the commenter’s age! Knowing full well that this person had hidden their age, we headed back to Facebook in another browser to check. Sure enough, the year of birth was set to ‘Only Me’. Yes, the day and month were there for friends to see but the person’s actual year of birth was set to ‘Only Me’.
Unfortunately, we cannot duplicate this error today. The point of this post is to show you that, while you think your privacy settings work the way Facebook tells you they do, sometimes they don’t. If you have any piece of information on Facebook that you think is completely private, there are times when it isn’t. In our next post, we’ll offer a solution, one that we’ve suggested before. Stay tuned!
Just when you think that you’ve got your Facebook privacy settings perfectly tuned, a snag pops up. No matter how private you think your Facebook profile is, something always comes up to prove you wrong. This post is about an incident that occurred yesterday so it’s current and, to be frank, it’s troubling. See what you think.
TIP: This post might seem a bit convoluted, maybe confusing, but the point of it is this: Don’t assume that your privacy settings are locked and secure. Facebook treats its users as commodities, not individuals. You’re simply a means for them to make money. Don’t expect fair or even honest treatment.
Yesterday, May 23, 2103, one of our staffers was listening to music on Songza.com. Here’s the site: Songza – Listen to Music
To save time, he signed in with Facebook. That was a mistake, as it turns out. After choosing his playlist, this user noticed that Songza made use of Facebook facepiles. Here is what a facepile looks like:
You’ve seen these everywhere around the Internet, right? A box of faces from people who use or like the site. This particular facepile is a bit different from most. When you click on one of the faces, you get the user’s Songza profile, not their Facebook profile. Seems safe enough, right? We clicked on one user. This is what we found:
So far, this seems pretty straightforward, fairly innocuous. It’s not. This person’s profile name is cheryl.hatten.3 as you can see at the top. Is this that person’s Songza name or is it her Facebook name? We typed that name into the Facebook search slot and came up with this:
What do we know about Cheryl? We know her maiden name is Colley, that she probably lives in Lethbridge and that she most likely works for the Alberta Child Care Association. We also have a picture of someone who may be her daughter. Most likely Cheryl knows nothing about this. All she did was sign up for Songza by linking her Facebook account to a fairly popular and, supposedly, reputable website. Songza, in their defence, may not be fully aware of how this particular part of Facebook is being used. These websites are designed and run by professional webmasters who simply follow instructions and, as we all do, fight for their share of visitors.
Not to get too technical here, these facepiles are all part of what is called ‘Social Plugins’. If you want to know more about all of this, here is a link to the Facebook developer’s site: Social Plugins Songza seems to have found a loophole here since their facepile is linked initially to their Songza account, not to the user’s Facebook profile. The only way you can track down the user is to do what we did, search for the user’s name on Facebook. But wait, there’s more to this than meets the eye.
Farther down the playlist page, there is a comment section. Every comment shown on the page is from a Facebook user. Here is one:
Let’s click on one of the photos or names to see where we are lead:
Here we go again. You can see for yourself what information we can glean from this profile. If you actually go to Songza and click on any photo in the comment section then click on various parts of the profile that comes up, you’ll most likely discover all kinds of things about the person, things that they didn’t feel were worth keeping private. In several cases we found maps which indicated where they lived, what groups they were members of, what networks they were in, who they were following and so on. Honestly, you would be surprised and probably shocked at what bits and pieces of personal information you could glean from all of this. You’d be even more surprised to find that information that you have essentially hidden by making it available to ‘Only Me’, is wide open to the world.
Stay tuned for the next post which examines one particular flaw in the system. This flaw reveals information about you even when you have your privacy settings set to ‘Only Me’. Believe it or not, it’s true.
Thanks for reading!
a little bit of hi-tech, a little bit of common sense and a lot of fun