MUST READ: Congress demands answers from Google over Glass privacy concerns

Topic: Browser

Yahoo! is a Facebook API molester

Summary: Keep your purple tentacles off my Facebook profile, Yahoo!

Jason Perlow

By for Tech Broiler |

Update: Yahoo! has published an Op-Ed response to this article here.

So last night, I was cruisin' the socmeds. I came upon the new viral video, "Happy Birthday David" for Ridley Scott's "Prometheus" Science Fiction movie which is coming out in in June. If you're a fan of the "Alien" series and "Blade Runner" this is a flick you definitely are going to want to see.

I was intrigued about certain plot elements, so I started doing some Google searches. One of the entries that came up was on one of the Yahoo properties. I clicked on the link in the search results.

It was late, I was in my office, the lights were out, and I was squinting at my monitor. What came up was a dialog like the one above. (Note: Do NOT click on "Okay, Read Article")

I must have glazed right over the verbiage. As first glance, it looks rather innocuous. Instead of the usual "Authorize" on the upper right you get for most Facebook-connected apps, you get a "Okay, Read Article" prompt.

That's pretty scummy social engineering, because if the verbiage was "Authorize Yahoo" I might not have done it.

However, It's the verbiage on what's on the lower right that is completely insidious.

As I explained in an earlier piece, I have really crappy vision. On a 27" monitor, the verbiage on the lower right essentially is invisible unless I blow it up pretty big. I suspect plenty of people with good eyesight would probably glaze over it as well.

Should you click "Okay, Read Article" the following appears on your Facebook Timeline activity profile:

Once you've authorized Yahoo that first time, all future reads of articles on their web sites are also posted to your profile, whether you like it or not. The only way to stop it is to remove the app authorization in your Facebook privacy settings. Which I promptly did after one of my friends alerted me as to what was going on.

Also Read:

Now, broadcasting to all my friends that I read about an upcoming SF blockbuster film is really not a big deal. Status updates, likes and app activity on my Facebook profile is limited only to my friends, and nobody in the outside world can see any of it or share it.

However, I really do not want my friends seeing everything I'm reading on the Yahoo properties, regardless of subject matter. The story could have been about, I dunno, much more controversial stuff. It may have been about political candidates, human sexuality, terrorism, or any number of things I don't wan't people inferring I think about one way or another.

If I want to share a story or a link, I'll do it on my own terms.

Keep your damn purple tentacles off my Facebook profile, Yahoo!

Now, it just so happens that I caught and understood exactly what Yahoo did because it was exploiting the Facebook Open Graph API to its own advantage. Your average user might not have caught this, though.

In some degree of fairness to Yahoo, they aren't the only company which is exploiting Open Graph in this way, and it is really Facebook that is providing the tools to these partners for "Molesting" your timeline. The company has been doing this at least since fall of last year, when the Open Graph API partnerships with 17 initial partners was launched.

Other content partners are doing the same type of "Oversharing" apps, and this has come under a great deal of criticism in the past months.

The Open Graph API itself is something that I have always been leery of, and many people aren't even aware that many personal details can be gleaned by not locking their profiles down.

Had I not locked my profile down to be visible only to my friends, that activity of reading an article would have been broadcasted to everyone.

Anyone who clicked on an unsecured profile could have seen that article reading activity -- a potential employer, a stalker, anybody.

Beware of Yahoo and its purple Open Graph tentacles. And review your app permissions and read the fine print on all app requests, with extreme vigilance.

Has Yahoo or another one of Facebook's Open Graph partners molested your Facebook profile lately? Talk Back and Let Me Know.

Topics: Browser, Social Enterprise

About

Jason Perlow, Sr. Technology Editor at ZDNet, is a technologist with over two decades of experience integrating large heterogeneous multi-vendor computing environments in Fortune 500 companies. Jason is currently a Technology Solution Professional with Microsoft Corp. His expressed views do not necessarily represent those of his employer.

Google+ Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

89 comments
Log in or register to join the discussion

  • One thing you could do...

    is to click on the dropdown that says "Friends" and select only yourself. That means nobody sees it. I agree that this stuff is a bit of dirty pool and most users (the vast majority i'd guess) don't mind, but being vigilant is a very good idea.
    maclifer
    Reply Vote

    • Good call..

      I was going to say the same thing - select Only Me. I think people are so stupid that nowadays they just click agree to everything regardless of whether they read it or not because they want to get to the story.
      lukeasandoval
      Reply Vote

      • Spotify also works in the same way too, automatically posting songs

        Spotify also works in the same way and as it posts to your feed for "every" song (not album) you listen to, it quickly gets very cluttered.

        The Spotify desktop app tends to moan these days if you're not connected to Facebook some how, that's how I got around it with Spotify. I set it to "Only Me".
        bradavon
        Reply Vote

      • Wealthybar.com for rich singles

        Life is so lonely .I am a rich and single man at present .I need a woman who can love me back .I also uploaded my hot photos on Wealthybar.C om under the name of jeff1098..It???s the largest and best club for seeking CEOs, pro athletes, doctors, lawyers, investors, entrepreneurs, beauty queens, fitness models, and Hollywood celebrities.Please Check it out!I???m serious.
        jeff192
        Reply Vote

    • Ditto!

      What maclifer said!
      USAVet1
      Reply Vote

  • Exploitation? You're already being exploited by Facebook!

    Facebook created this API for their "frictionless sharing" and Yahoo is just one of their partners. If anything, blame Facebook for allowing their partners to do this. Yahoo was invited to take part.

    And in any case, if you're so worried about privacy you should not even be using Facebook anyway. What are you really complaining about? Yahoo is a scape goat, I get it.
    jahara
    Reply Vote

    • Hard Up

      Yahoo is in trouble and is willing to do anything to salvage their business.
      dawhip
      Reply Vote

    • What I'm worried about

      "And in any case, if you're so worried about privacy you should not even be using Facebook anyway. What are you really complaining about?"
      I'm not worried about privacy. I just don't want to spam my friends. I don't want anything going out there that's going to make for an unpleasant experience for people who have friended me.
      Badge3832
      Reply Vote

  • Another good reason why I don't use Facebook

    'nuff said
    WindowWasher
    Reply Vote

    • Agreed

      I keep hearing stories about how employers, police and other nosy folks want to see someone's Facebook home page. To miss out on a job because you have some private pictures or comments that get misinterpreted or getting fired for not friending your boss all point to an abusive, intrusive system that does not seem to have any respect for privacy.
      sboverie
      Reply Vote

      • How long will it be before we have the social equivalent of credit rating?

        And a good business to set up to counter this would be a social rating agency, that monitors facebook for you and lets you know if there is anything you would not want an employer to see. Or, better, that sets up an expurgated copy of your facebook for you to give out to employers.
        meski.oz@...
        Reply Vote

      • The solution is simple

        either don't use Facebook, or don't do anything stupid with Facebook. I think the former is a lot easier, since it would be almost impossible to avoid you or someone else connected to you being stupid on facebook.
        12312332123
        Reply Vote

  • This has been happening for months, it's not new.

    This isn't new. The Guardian Newspaper Facebook app does exactly the same thing. I find it annoying it says "Has read" even if all I actually did was click on the link and then immediately closed the tab.

    I assume it only does this if you look at a news article through the Yahoo Facebook app and not Yahoo.com etc...? If so I don't really see the big deal, you've agreed for content you read to be published to your Facebook feed.

    It can work the other way, I've come across articles my friends have read (often with similar interests) this way.

    I do agree the name of the button is misleading though.

    p.s - You're asking for what's coming to you if you've got your profile set to Public. I have no sympathy for those who are to lazy to not change it to Friends or similar.
    bradavon
    Reply Vote

    • Privacy...

      your last comment (the p.s.) is actually how I weed out my friends or those that ask befriending me. If I can see all their stuff without being their friend yet it means you have no respect for my privacy...so you're out.
      Mr. Byte
      Reply Vote

  • Not just Yahoo, pretty much everything, and it's ANNOYING.

    Not just Yahoo, pretty much everything, and it's ANNOYING.

    Regardless of what you want to do, all Facebook apps want to do things above and beyond what they really should be doing. Like, as you mentioned, posting to your profile.

    Frankly, I'd like to get rid of this all-or-nothing approach and allow for users to have more fine grained control over what they allow apps to do and what they don't.

    Seriously, look at what you have for Yahoo:

    -It will receive your basic info (what info?)
    -It will receive your email address (why? To spam you??)
    -It will receive your birthday (WHAT? Makes no sense whatsoever)
    -It will receive your likes (Again, why?)

    And of course "This app may post on your behalf . . ." WHY??

    Pretty much [b]none[/b] of those are needed, and frankly it's tiring and another reason why I avoid Facebook apps and games.

    "Now, broadcasting to all my friends that I read about an upcoming SF blockbuster film is really not a big deal. "

    It would be to me. Acting on my behalf is a pretty big deal, and I really want NO Facebook app to do such a thing unless it's central to the app design. But often it's just a side feature, some nonsense that frankly I don't want.

    "If I want to share a story or a link, I???ll do it on my own terms. "

    Agreed. Totally agreed. I almost never want apps posting on my behalf, and when they do it should be on my terms with my permission.
    CobraA1
    Reply Vote

    • Agreed 100 percent.

      Because of that I have disabled all my apps but my friends just don't get it.
      Every time I use FB my page is full of crap posted by others apps.
      Yes it is annoying to have to scroll through all that just to get to a post.
      Rick Sos
      Reply Vote

  • Golden rule of the Internet

    Golden rule of the Internet, never ever divulge your personal information.
    magallanes
    Reply Vote

  • wtf is that title?

    calling yahoo! rapist is really great journalism.
    Jean-Pierre-
    Reply Vote

    • wtf

      Molestation was the word. Different connotations.
      wokeap
      Reply Vote

  • Others do this, too

    There are several other large media companies who have these "social reader" apps for posting articles. If you want to read the story, you have to agree to hand over all your information and your firstborn child to get to it. I'd rather go to the Web site and find the article myself rather than hand over that information.

    But pretty much all the apps on Facebook ask for this much information, and it's unnecessary. Last year I found a list of 10 great apps to use to create a landing page for Facebook ads for a client. I rejected the first five because they asked for all this information -- and more! Finally, I found one that just asked for my name and email, and used that one.

    People have no idea what information they're giving out when they sign up for these apps. I wish they would read!
    Catena Creations
    Reply Vote
CNET Join | Log In | Privacy | Cookies Close