When we first got an AOL Internet connection back in the mid-90′s, my parents used to always warn me about my online activity and to watch what I put “out there” on the Internet. Standards have relaxed these days, needless to say, partly due to the heavy online presence of today’s current generation of parents and older parents as well.

But one area of privacy that’s really being neglected to the point where it scares me is Facebook. Facebook has become what Myspace was a few years ago (popular), and its newfound popularity has seemingly blinded its massive following of users in the aspect of privacy and just how public everything they post/upload is outside their little circle of friends (and by “little”, I mean 200 on average).

Applications

The main forcus of concern on my part is that of these faceless application writers. Everytime you go to run an application, you have to click through a dialog displaying some terms you must first agree to – even for a stupid little quiz you might take only once.

Like Mark said in another article – ever read these terms? I did, and they basically waive all rights to privacy in regards to Facebook activity, surrendering them so the application writer’s app can utilize said information. This information, according to the agreement, is basically everything Facebook has on you.

But the application writers never have time to read or do anything with that information, right?

WRONG.

Application writers on Facebook are the Spam 2.0 geniuses. They write these “fun quizzes”, where they ask you a variety of personal questions in order to answer the quiz’s topic – but behind the scenes, they distribute said personal information (along with account information) to third party advertisers so they can fine-tune the spam you’ll be getting so you’re more likely to click it.

And it gets better: unless you explicitly delete each and every app, including one-time-taken quizzes, from your profile, they still have access to all of your information under these terms.

Anyone can view your activity

Here’s why accounts get hacked, in addition to Internet Explorer/browser security breaches: ever notice how no page on Facebook uses ‘https’ instead of ‘http’ on the far left of the URL on any page? Yeah, that means nothing is encrypted at all, including your email address and password for your account.

While this may not seem like a big deal, there is a whole online hacker community out there that thrives on intercepting this information while it is in trasit, recording it, then passing it back on seamlessly.

It’s called a man-in-the-middle attack, and is very common these days in information security. Anything unencrypted can be read without you knowing it, and trust me: there are people that want your information bad enough to actually do this.

With your account information, spammers mass-spam via Facebook (and other sites) thanks to viewing the unencrypted login information, and since said login information includes your email address you can expect some extra inbox bulk as well.

And don’t forget that all pictures and web pages that you view on Facebook are also susceptible to this attack. Facebook can easily do something about this, but chooses not to.

Facebook’s Staff

The Facebook terms explicitly state that they view your online information/activity as an “asset” to them. Let me rephrase that: your online activity is “valuable” to Facebook, and they reserve the right to sell/distribute your information to advertisers or any other high bidders.

In addition to outright sellling it, they also use it internally themselves without a doubt.

Define “Delete”

A while back, there was a hubub on Facebook about deleted account still being harvested information-wise. Just because you hit the shiny red “DELETE” button on either a picture, status upsdate or entire account doesn’t mean it’s gone for good.

It usually means “make it visible only to Facebook staff”, and is still considered an asset due to the terms you implicitly agreed to when you input the information to the site in the first place.

Deleting apps, as far the application terms go (if they are enforced) should automatically suspend that developer’s priviledges to your information, but there’s no way of telling otherwise unless a Facebook employee comes out with truth.

Privacy on the web in general is already in bad shape, but websites like Facebook that blatantly sell your information to anyone interested enough (or with enough time to make a convincing quiz) is making it even worse.

Anything you do on Facebook is pretty much visible to anybody out there interested enough in it, and in this economic shape anyone has enough reason to go rouge and start up an “advertising” firm with connections to the deep dark corners of the web, harvesting intercepted Facebook information or simply asking Facebook for it or making a seemingly-alright quiz.

But remember: the biggest violator of your privacy is you, so curve your online habits in the hopes of a better future with more privacy, especially if you’re younger.