Facebook’s new sign-up page to limit security breaches
US researchers have designed a sign-up interface for Facebook applications to help members prevent personal information and their friends’ information from leaking out through third party games and apps to hackers and identity thieves.Updated: Dec 05, 2011 19:10 IST
US researchers have designed a sign-up interface for Facebook applications to help members prevent personal information and their friends’ information from leaking out through third party games and apps to hackers and identity thieves.
According to Penn State University researchers, when Facebook members sign up for apps developed by third-party companies, they may not know that these apps are sometimes overriding their global settings on privacy preferences and information sharing.
“One illusion is that people think that they have set global privacy settings, so it’s secure,” Heng Xu, assistant professor of information sciences and technology, said.
“But the broken element is in the third-party applications that people use to play games and interact in different ways with each other on Facebook,” she said.
Xu said that members who sign up for an app must agree to new terms of information disclosure that are often different from their main Facebook privacy settings when they sign up for an app.
The sign-up screen currently is a general agreement that shows information third-party developers are requesting. If the member does not agree, the member cannot use the app.
The screen designed by the researchers allows members to decide what types of information they are comfortable sharing and with whom they want to share it.
Xu, who worked with Na Wang, doctoral candidate, and Jens Grossklags, assistant professor, both of information sciences and technology, designed two alternative third-party privacy agreement screens to clearly show members what data and privacy details they agree to share with the developer.
The researchers asked a group of Facebook members to try two app sign-up page designs, a single-colour scheme and one that used three colours -- green, yellow and red, to designate critical information. The design also features three boxes to offer members the option to share their app activity history with all the members of their network, just specific people, or keep all of the information private.
Of the 11 participants, all said that improving the security and privacy of the sign-up pages is important. Six of the testers preferred the multiple-coloured scheme to the monochromatic version.
Privacy settings allow members to determine how much information the member wants to display or share with their members of their network and Facebook. This data can include birthdate, hometown and current city, as well as pictures the members uploaded to their pages.
Members may not consider data like hometown or birthdates vital information, but Xu said that hackers could use such information to guess social security numbers.
The study has been presented at the Association for Computer Machinery Symposium on Computer Human Interaction for Management of Information Technology, Boston.
First Published: Dec 05, 2011 17:58 IST