I was surprised recently to get a message from a friend thanking me for a birthday card I'd sent her on Facebook. I did want my friend to have a happy birthday, but I hadn't sent that card. Turns out I'd somehow given a greeting-card app permission to send cards to Facebook friends on their birthdays.
I was annoyed because that app did something I didn't intend. Facebook's apps page is like a toy store for adults, but unfortunately, it can lead you into some privacy minefields.
Here's how you can have fun using apps and still keep your privacy intact.
Be aware when you share.
A few weeks ago, I received a message from a friend: "You're actually listening to the Andrews Sisters?" When you use an app called Spotify on Facebook, as I was, it can post updates with the songs you're listening to. You can turn this feature off on Spotify's Preferences menu or simply hide the occasional guilty pleasure.
Other apps let friends know what you're reading. For example, when you add the Huffington Post's app to Facebook, you can share articles or choose not to share anything. You'll find the controls for all those settings at the top of each article you read and by clicking on the gear symbol. You can also remove apps completely by going to Facebook's Privacy Settings, clicking on "Ads, Apps, and Websites," and selecting the ones you no longer want.
Know what you agree to.
When you sign up to use a Facebook app, it must ask for your permission before it can take actions such as posting on your behalf or accessing your data when you're not using it. The popular Words with Friends, like every app, accesses your name, profile picture, gender, and friends list, as well as any info you choose to make public. It asks for other permissions but requires access only to your e-mail address. But some apps can't be used at all unless you grant all the permissions they request.
See how private an app really is.
Check apps you want to use at privacyscore.com, which scores websites and apps on how well they protect privacy and tells you which companies collect personal data about what you do on websites or apps, usually for the purpose of targeting ads. Words with Friends, for example, scored 78 out of a possible 100: According to the site, at least one of the 54 parties tracking the app's users retains the info it collects for more than four years! In contrast, the Sims Social app scored 94, in part because just five companies track its users, and they generally keep user data private.
Stop "Instant Personalization."
Facebook has a service called Instant Personalization that can let partner websites use your public info to personalize your experience. For example, when I visited Internet TV guide Clicker while logged into my Facebook account, I found I was automatically logged into Clicker as well. I was able to turn this service off with one click. If Instant Personalization isn't for you, you can turn it off entirely using Facebook's Privacy Settings.
For more on protecting your privacy on Facebook, along with our video on how to use Facebook's Privacy Settings, see our story, "Facebook & your privacy."
A version of this story originally appeared in the July 2012 issue of Consumer Reports ShopSmart Magazine.—Ed.