Do you know what words you use most on Facebook?
No? Well, there’s a game for that: one that will make a word cloud that shows your verbiage leanings, with your most-used words rendered front and center, nice and big.
That was one of the biggest/most frequent “words” used by a friend of mine, as I saw in her word cloud.
And thanks to a post about the game – which is called Most Used Words on Facebook – from UK-based VPN comparison website Comparitech that recently called it a “privacy nightmare,” I was initially ready to urge friends like her to please not touch the game with a 12-foot pole.
The game maker has vehemently denied the accusations. More of that in a moment, but here’s what the initial dustup was about:
Over the course of just a few days, Most Used Words on Facebook has been shared millions of times, including, like I said, by my friends, and possibly yours.
As of Sunday, when Comparitech published its piece, the game had reportedly been shared over 16 million times, by people who agreed to sign over “almost every private detail about themselves to a company they likely know nothing about.”
Since that post, there have been multiple stories about how the viral app is hoovering up people’s personal information and is able to sell it to whoever it wants.
According to Comparitech, that includes:
- Name, profile picture, age, sex, birthday, and other public info
- Entire friend list
- Everything you’ve ever posted on your timeline
- All of your photos and photos you’re tagged in
- Education history
- Hometown and current city
- Everything you’ve ever liked
- IP address
- Information about the device you’re using, including browser and language
But it’s not just your info, it’s also your friends’ info, Comparitech said.
After you click on a Most Used Words post, a page will pop up, offering the option to grant access to your profile so the app can see what you’ve posted.
The post goes on, noting that the game or quiz or app or whatever you want to call it wants access to everything you’ve ever liked, will gather information on your computer, such as IP address and browser used, information about your entire friends list, including people who’ve never used the app, and all the photos in which you’re tagged.
But as many commenters on Comparitech’s post have pointed out, the list of what Words Most Used pulls out of Facebook is basically just a description of what Facebook knows about us.
If your Facebook setting is set to “public,” that information list is about as private as your underwear drying on the clothes line.
Besides that, your IP address and all sorts of information about your computer (enough to produce a unique browser fingerprint) are handed over to every website you visit as a matter of course.
Fast forward to early afternoon on Tuesday, and you’d find that Vonvon was, as we say in the States, having kittens over the coverage.
In fact, the company never stores personally identifying information (PII) on its servers, he said, and only uses PII to produce engaging content:
We only use your information to generate your results, and we never store it for other purposes. For example, in the case of the Word Cloud, the results image is generated in the user's web browser, and the information gathered from the user's timeline to create personalized results are not even sent to our servers.
Also, in the case of our quiz "What do people talk behind my back?" we use user's school and hometown so that we may pull up close friends rather than pairing random person among your 500 fb friends in the results. We use this information only to process familiarity of friends, and again, the information is never stored in our databases.
The company doesn’t sell user data, he emphasized, since there’s nothing to sell:
As we do not store any personal information, we have nothing to sell. Period.
“Non-personally-identifying” information is not the same with “personal” information. Are we the only company in this planet use analytics tools to better understand our users with cumulative behavioral data?
Nope, Mr. Kim, you certainly are not.
His letter goes on. Comparitech has appended it to the bottom of its original post.
Regardless of whose side you come down on, the fracas is a good example of the kind of access we routinely offer up in return for a mildly diverting 30 seconds of entertainment. It’s also a reminder of why we should read privacy policies before we sign up for Facebook apps.
Most Used Words on Facebook is far from the first or only app wanting to access our data.
You can always tweak what the app can access by getting rid of apps you’ve already authorized by clicking the lock icon on Facebook’s top right corner, going to “See More Settings,” and checking out the “Logged in with Facebook” list under the Apps section.
Click “x” to remove apps you don’t trust or recognize.
Of course, as Comparitech said, the best way to protect your data is to abstain from connecting third-party quizzes to your profile in the first place.
After all, even if Most Used Words on Facebook is as privacy-respecting as Mr. Kim insists, there are plenty of scam quizzes out there. Remember the Super Bowl survey scam of 2013?
None of those who clicked on the offer for a “fan pass giveaway” got a free pass. No, all they got was their personal details sold off to the highest crook bidder.
You can protect yourself, and your friends, by just staying away.
As much fun as it is to see what cat you’re most suited to or which Disney Princess is your soulmate; if you have to hand over the keys to your privacy to find out, repeat after me: it’s not worth it.
Image of Facebook logo courtesy of 1000 Words / Shutterstock.com
6 comments on “Facebook ‘Most Used Words’ game accused of stealing and selling user data”
Good article. I had to share this with my friends. As an Information Security professional, I try to keep my friends apprised of the risks they open themselves to while participating in Social Media. I know Facebook and Social Media is all about being “social” but folks still need to understand what they are giving away about themselves….and me!
My feeling is that companies such as Vonvon claim they don’t collect personally identifiable information because they have never tried to identify one of their users with the information collected. I suspect that their legal team reviews each item of information by itself and doesn’t put them together to see if a fingerprint emerges. While this seems legal at the same time it seems dishonest.
On another question: I haven’t used the app and I don’t know how it works so the statement “the information gathered from the user’s timeline to create personalized results are not even sent to our servers.” makes me think that every time a user logs into Facebook this app reads the entire timeline. I would think that would be slow. Does anyone know how it works?
Question – I followed the advice and possibly overdid it – removed the four apps that I found on the Logged In With FaceBook page. Now Facebook seems to have developed a display problem, mainly with messenger. Could this have resulted from the app removal? Anyone have any ideas? Insight welcome…
Do not share this article. The app takes your public information, ie. the information you are already sharing. So don’t take part in making people scared for nothing.
I think the article makes that clear, don’t you? The article is really about the accusations and counter-accusations in the story, with the ultimate goal of reminding you to look before you leap…
But disappointed in Sophos here. Seems you could have verified if the company was telling the truth about calculating the word cloud locally by looking at the network traffic. If they are, it doesn’t mean that they aren’t still slurping up data in parallel, but if they aren’t, then it would be a big red flag.