Posts Tagged 'security'

Should We Trust Facebook Apps?

Last week facebook changed their terms of use and it caused a lot of stir on the Internet. Immediately there were blog posts criticizing facebook’s actions, and some (myself included) were thinking about giving up their facebook account, and disgusted that quitting facebook would not free them from the facebook terms and conditions. At the time I was wondering how much we should trust our personal information to services like facebook, but I had already done a lot of sharing of my inner self, including posting pictures of my family and writing the 25 random things about me (which took a little soul-searching). I gave these things freely to my friends, thinking my privacy settings would protect others from seeing them, but when the terms of facebook changed, it appeared my privacy settings were no protection. Fortunately, facebook changed their terms back to the previous version, but it still left me a little unsettled and got me wondering how trust issues like this affect users in general. 

facebook-trustThen one of my good friends commented on my post 11 things I learned from myFarm–she is reluctant to accept the gifts I’ve sent her on facebook because she doesn’t want to give the application permission to access all her information. That got me wondering:

  • How much access do those facebook applications really have?
  • What are they allowed to do with people’s information?
  • What restrictions are placed on applications to protect users’ privacy? Are there any? Should there be?
  • Why do they need access?
  • And the big question: should we facebook users put our trust in facebook apps?

If you just go from the message that is displayed, facebook apps have access to:

  1. Your facebook profile (gender, birthdate, relationship status, religious views, political views, activities, interests, favorite music/TV/movies, etc., contact information, e-mail address, phone number, IM name, address, web site, education, work)
  2. Your photos (all the photos you’ve posted on facebook)
  3. Your friends’ info (Does that mean my friend list? How much info about my friends do they have access to?)
  4. Other content that it requires to work (What does that include? Haven’t they already given the app every bit of personal information they have about me and all my friends?)

So basically, facebook apps have access to everything you’ve shared on facebook other than perhaps your Notes and Posted items, but it’s not clear that those are off limits either.

Now to give facebook a little credit, they have posted “Guiding Principles” for applications to follow; however, there is nothing that forces application builders to adhere to these principles. Guiding Principle #2 is:

Applications should be Trustworthy. …

  • Secure: Protects user data and honors privacy choices for everyone across the social graph …
  • Respectful: Values user attention and honors their intentions in communications and actions …
  • Transparent: Explains how features will work and how they won’t work, especially in triggering user-to-user communications …

Read the guiding principles here.

But we know not all facebook apps follow these principles. Some facebook apps apparently load adware to your computer.

Last November, facebook launched an application verification program, but when browsing facebook applications, I don’t see any verification information on any of them. Okay, I only spot-checked a few apps, but it makes me wonder: Is this really being implemented? I see no positive comments from the developers, who appear to be afraid of paying an exorbitant fee to get verified.

I was hoping some good news would come out of this investigation, but I really couldn’t find any good reasons for people to trust facebook apps–or to even know which ones to trust and which not to. If you are one of the people who was scared off by the warning message, perhaps you’re one of the smart ones!

The best advice is probably not to share anything on facebook that you don’t want to be shared publicly and to be careful about which applications you choose to trust. Read customer reviews and the application description, and take your best guess at how trustworthy they are.

Advertisements

CVV and Conversion Rates

Yesterday on the Intellivative blog, there were two interesting blog posts:

  1. AVS & CVV: When to use it and why?
  2. Does CVV affect e-commerce conversion rates?

The second one is the most intriguing to me because it presents a quandary for e-commerce businesses.  CVV–that 3-digit code on the back of the credit card–is one of the recommended practices for fighting fraud; yet, if you use it on your e-commerce site, it appears that it might actually reduce the number of orders you may get from your site. The surprising mythbuster comes from the E-commerce Checkout Report from Get Elastic, which found:

Conversion rates were a full 40% higher where Top 100 retailers did not request a CVV (Card Verification Value), yet over 55% of them do.

The other interesting part about it was even though conversion rates were higher when the e-tailers didn’t use the card code, still over 55% of them still use it–which implies that either they didn’t know their conversion rate might be higher without it (did they try an A/B test on CVV code?) or that the fraud reduction benefits of the CVV code outweigh the potential higher conversion rate.

As a consumer, I think I would like it better if the site did ask for my CVV code–it shows they’re doing the due diligence to check for fraud which not only protects them, it helps me, the consumer. After all, if someone is out there trying to use my credit card (who wouldn’t have the CVV number), wouldn’t it be better if they were inhibited in their spending spree by web sites who do check the CVV code?

I always thank people who ask to see my ID with my credit card–they’re protecting me by doing that. Even though it’s a hassle for me to get out my ID and show it to them, I’d much rather they ask for it and make sure that I am the rightful owner of the card.

But apparently I’m an oddity. Either the CVV code is too complicated to find–or too much work to enter for many consumers shopping at the top 100 e-commerce web sites. Or maybe consumers just aren’t aware that the card code actually helps protect their identity and their credit card?

Thanks to Get Elastic for putting the work into this study and challenging our paradigms.