Those of you reading this who have Facebook accounts must be feeling some of my pain with regard to game invities. Day in, day out, they stream in. "Joe has invited you to join his clan in Vampire, Mafia, Mob, Farm, Street, Pet, Lemonade, Wizard, or Donkey Wars, click here to play" (OK I made the donkey one up, but it wouldn't surprise me).
Now I consider myself to have reasonably sensible friends, but one by one they're all succumbing to all night Mafia Wars sessions. Relatively harmless in itself of course, but here's the thing, in order to do well in any of these games you need a veritable army of people in your clan. Once you've gone through your carefully chosen friends list, and realised that you can only convince 6 of them to play along, what do you do? You either get your rear kicked in-game, or you join one of the thousands of groups dedicated to your preferred game and harvest as many new, equally addicted friends as you can. Most games will let you utilise up to 500 active clan members, but there's no actual limit (as far as I'm aware) of players you can add to your team.
Once you've added these gamers to your friends list, unless you're pretty quick editing your 'Limited Profile' list, you're giving complete strangers access to a fair amount of personal data. Assuming the average Facebook user has their full name, City of residence and marital status listed, along with a beaming personal photo and a handful of holiday snaps, is that really the kind of information you want to pass along to complete randoms? Surely this leaves you uncomfortably open to the possibily of identity theft? Working at Sophos of course we're paid to be paranoid, but you're undoubtably leaving your profile data at risk of abuse. How great that risk is, is debatable, but for most of us any risk is risk enough.
For younger users, or parents with stacks of photos of their children on there, there's the ever present threat of paedophilia, and for people who happily list their email address and mobile number they're leaving an open invite for spammers who play Donkey Wars in-between shifts.
With people thankfully becoming ever more aware of the risks of disclosing too much personal information online, it just struck me as odd that so many seemingly smart and sensible users are succumbing to this potential trap. We're generally so careful about who we do and don't add as friends, but then when we need help getting to level 117 all common sense seems to fly out the window (bat-like, for all you Vampire Wars fans).
I see more and more people now opening specific gaming accounts on Facebook, listing their name as "Vampire Killer" or somesuch and having no personal info whatsoever on their account. This is nice and safe of course, but I don't know how it fits with regard to the rules of the site. And of course when you add accounts like this as your friend, you're giving them everything in terms of personal data, and they're making sure they leave you nothing in return.
If you're a FaceBook fan, and you can't resist the social gaming craze, please at least be aware of the risk you're exposing yourself too, and ask yourself, is it really worth it?