More than 5 million online U.S. households experienced some type of abuse on Facebook in the past year, including virus infections, identity theft, and for a million children, bullying, a Consumer Reports survey shows.
And consumers are at risk in myriad other ways, according to our national State of the Net survey of 2,089 online households conducted earlier this year by the Consumer Reports National Research Center. Here are the details:
If you're like some 150 million Americans, you share the details of your life on Facebook, assuming that you and other users are its main customers and that it's accountable to you. But Bruce Schneier, chief security technology officer at security firm BT Global Service, says you're not Facebook's customer. "You are Facebook's product that they sell to their customers," he says, referring to the network's advertisers.
With "Find us on Facebook" tags popping up in malls, on popular TV shows, and elsewhere, Facebook has a lot of product to sell. And with no comparable alternative service, consumers are left as fodder for Facebook's advertisers and app developers. "You are on Facebook because everybody else is," Schneier says. "You can say 'I don't like Facebook, I'm going to Live Journal,' and suddenly you're alone."
Its position as the king of social networks has made Facebook the custodian of arguably the nation's largest collection of details about consumers' personal lives. "Any time you have a party with such a large amount of data, there's reason for concern," says Justin Brookman, director of consumer privacy for the nonprofit Center for Democracy and Technology.
Already, use of that data by outsiders is widespread. It might not be news that people have been fired because they posted ill-considered status updates or photos. But job recruiters might check Facebook to find out who people are connected to.
One recruiter told us that headhunters have used social-network data to make sure job candidates are a fit with their clients. So if you lost out on a job because of Facebook, it might not have been because of just one indiscretion. You might have been rejected because an employer or recruiter found telling details in your postings, even though such a rejection might constitute discrimination.
Facebook posts are also widely used as evidence in divorce and family-law cases. Randall Kessler of Kessler, Schwarz & Solomiany, chair-elect of the American Bar Association's family-law section, says he advises new clients to "consider a cyber-vacation."
"Facebook makes our lives so much easier as divorce lawyers," he adds. "Some people give it to us on a silver platter. There are spouses who list themselves as single while they are still married."
Lawyers and recruiters aren't alone in tapping into Facebook's vast database. Despite the uproar last year over Facebook's sharing of user data with some websites, the service recently proposed allowing developers of its more than 550,000 apps to request and obtain users' home addresses and phone numbers. The proposal prompted howls from several members of Congress.
"This information is extremely sensitive, and the policy Facebook proposed would force users to give up this info if they want an app," says Sen. Al Franken (D-Minn.), who heads the new Senate Subcommittee on Privacy, Technology, and the Law. "The potential for fraud is just too great." Franken and three other senators noted in a letter to Facebook that a phone number and a home address, coupled with a small fee paid to a "people search" website, could yield enough information to complete a credit-card application in someone else's name.
Franken told us that he's particularly concerned about the potential violation of children's privacy if Facebook implements that policy. "Kids should not be able to give that information away to strangers even if they wanted to."
Facebook recently began testing a program to use status updates and other information to deliver highly targeted ads. So if you post that you're looking for a car, you might find ads from auto dealers peppering the screen. Some might welcome such customization, but others might consider it an invasion of privacy. Regardless, such plans raise questions about what else the service hopes to do with the immense database of personal information it controls. Consumers' concerns might be allayed if they had more of a say in what Facebook does with their personal information.
Facebook publishes privacy policies like other companies do, but as a private corporation it needn't file the annual reports and other disclosures required of publicly held firms such as Microsoft and Google, which can provide even more information about a company.
Whatever the company's obligations, Franken told us, "Facebook needs to make its users' privacy a top priority."