It's a simple question, "Who do you trust?".  We could all run off a list of people we trust with a variety of our private information.  Now consider this, "What do you trust?"

It often amazes me just how little thought people give to sharing their personal information.  Let's hypothetically say that I call you up and ask for  a list of email addresses for all your friends.  One would assume you would immediately say no; firstly because you have no idea who I am but even if you did you should at least hesitate and then say No.  It's amazing how much personal information we know about each other, and generally don't share with others.

Now let's have the same scenario, but I am now a web site and I ask you to login to your email or social networking site in order that I offer you some new feature in return.  I think most would have little hesitation as they seem to either trust their computer or don't give it a second thought.  After all, this new website or tool is going to tell you how many new emails you have or help you manage your life by merging social networking systems.

There are people behind all these sites/tools and these people value your personal data and will happily take it from you (and sell it in many cases).

Here's a few example....

A website was recently raving about a new Google+ application; rather than use the web page, use an app.  Sounds great, where do I sign up?   Click here, sign in, and voila, a nice pretty front end.

Let us rewind a little.  Firstly, who wrote the app?  Was it Google, No!  (suspicious already).  Ok, third parties can develop some fantastic apps.  Next, sign in with my username and password.  Actually that is not as bad as it sounds as I am never passing my password to the app as Google+ take care of the authentication.  Next a window pops up with a huge button asking me to authorize the new app to access my account.  You should ALWAYS read the list that accompanies this button, and think about what you are granting permission for.

Another example -- a nice browser toolbar for Facebook which pop-ups the latest activity even when I am not on the site.  Lovely.  Now read the permissions you are granting it.  'ability to modify my profile' and 'ability to access all my data, even when I am not signed in' -- I think not!!  (Why does it need to modify my profile?  Why access my data anytime?)

Another classic is 'access data on my friends'.  Why?  So that the tool can spam them?

What about a great app that allows me to post a message in one system (say Google+) and the app will automatically post it to my Twitter and Facebook account.  Seriously -- you may as well just give them the keys to your house!

(I'm not specifically targeting Google+ here as a weak link -- it's new so there is a lot it can't do yet.  This gives dubious developers a chance to do their magic and potentially gather your data)

There are a few morals to this story but the key one is read what you are agreeing to.  The big players in social networking and email tools have all invested effort in trying to tell you what permissions you are granting to third parties.   They can however not force you to read it -- you alone need to take responsibility for your data (and that of your friends).

How much of your personal data has a friend given away unwittingly?  For example, think before you store your mobile number on your profile.  If your friends can see it and your friend then inadvertently shares their profile with another app, someone else could end up with your mobile number.

We constantly read about reputable sites gathering and storing our data.  We rarely get the real story -- all these back street kids skimming your data from some crazy app you run or once ran.  Check your permissions regularly and remove stuff you don't need.  The big players all have a section in your account settings showing what info you are sharing with third parties.

Safe surfing folks.

site by DAJ