Facebook has had and still has a very serious problem with malware running on its own developer platform. These so called "rogue apps" use the loopholes in Facebook privacy policies to take Facebook users private data from users and users Facebook "friends".
It's bad enough -- really, its worse than bad enough -- that the more or less legitimate Facebook apps have a free hand with users' private data, but, for some reason Facebook management has, untill now, pretty much turned a blind eye to the rogue apps that are just there to spam and/or steal private data.
Now Facebook declares that, as of June 2, 2010, "[they] are requiring every developer to verify his or her Facebook account to create new applications. This is the same quick process that users go through when they want to do things like upload large videos"
There are a few odd things showing in that Facebook statement.
First: it clearly implies that Facebook wasn't requiring developers to validate their accounts before. In other words, anybody could make up an identity and then, with no checking whatsoever by Facebook, have unrestricted use of all the app developer inner workings that gives them access to users' private data.
Second: developers must validate before they create "new applications". So, in other words, all of the existing rogue apps still have a free hand to roam the fertle fields of Facebook.
Third: they are telling us that common legitimate Facebook users have, until now, had to submit to a more rigorous validation than application developers. Is it even necessary to say that this is outrageous?
Fourth: That's all? Are you kidding us Facebook?
No; they are not. Here's what they say;
We're taking this step to preserve the integrity of Facebook Platform, ensuring that every application is associated with a valid and real Facebook account.
You can verify your account by either confirming your mobile phone or adding a credit card to your account.
OK; so now the bad guys, some of whom do what they do just so that they can steal credit card numbers, just have to enter one of those stolen numbers to "validate" their account? Or; if you really hit them hard, they can use a $20 burner cell phone number?
Come on Facebook people. Maybe it's time to have some Congressional investigations into why Facebook keeps making its privacy procedures and policies worse for consumer users while it continues to leave steamship sized loopholes for "developers" to come and take private data.
How about a large fee or bond for Facebook developers? Or, if that's too steep, how about an app review process? Something like what you have to go through to get an app in the iTunes store? It really isn't that hard to figure out.
Leave a comment