Posted August 14, 2007 10:10 am by with 16 comments

Tweet about this on TwitterShare on LinkedInShare on Google+Share on FacebookBuffer this page

200708141009Just a few days ago, I cautioned that social networking is not a popularity contest. Just because someone asks to be your “friend” doesn’t mean that you should automatically agree. Apparently we need to share that message again as a new study by IT security firm Sophos reveals 41% if Facebook users gave up full access to their personal information to a fake user.

Sophos created a fake Facebook profile, under the name ‘Freddi Staur’ (‘ID Fraudster’ with the letters rearranged), and randomly requested 200 members to be friends with ‘Freddi.’ Out of those 200, 87 accepted the friend request and 82 of those gave ‘Freddi’ access to “personal information” such as e-mail addresses, dates of birth, addresses and phone numbers, and school or work data. Presumably, the other five had restricted ‘Freddi’ to limited profile access, which many users select for bosses, parents, or people they don’t know in real life.

OK, so giving a stranger access to your full Facebook profile may not result in your bank account being emptied, but there are real life dangers here. These are just some of the dangers…

  • A local criminal makes friends with those in his area. He’ll be very happy to learn that you’ll be on vacation for a week and your house empty.
  • Your daughter unknowlingly adds a pervert to her list of friends. Now he has photos, the school she attends, and knows she’ll be at a party Saturday night.
  • You add a hacker to your list of friends and reveal you love anything connected with the Simpsons. You then get an email from your new “friend” with a great Bart Simpson “game” you should download.

If you do decide to add people you don’t know, make sure you’ve correctly configured your “limited” profile, and share only that information until you feel comfortable you know the person well enough.

  • Great tips! It’s sad that this is the type of world we live in now. You can’t be safe with any information that you give to anyone.

  • Nice blog entry, and I’m glad you found our investigation interesting. What a lot of the media reports haven’t mentioned is that we have published a set of suggested privacy settings for better securing your profile on Facebook. Anyone is welcome to check it out via the link at

    Graham Cluley, senior technology consultant, Sophos

  • Thanks for the input Graham!

  • Andy, thank you for the caution you’ve reinforced within me. I personally don’t give access of any kind to anyone I don’t know, but how very helpful to be reminded of the dangers that others have been putting themselves in. I especially care about our young people, as I’m sure you do, and hope that they all read and act upon your post and stay safe. Keep up the great work!

  • Excellent points! Some of Sopho’s responders also might be people who’ve never done any online socializing and who’ve heard all the news that Facebook is a gated, safe community. and I’m not talking kids–I’m talking adults. There’s a fair number of adults who are unfamiliar with life online and, like anyone new, are suceptable to the whole “popularity contest” of it all, for many different reasons. Thanks for the cautions.

  • I don’t mind giving full access to anyone. I already have a personal blog and my phone # and email address on the web. Personally, I think it’s odd when people are very open on their personal or business blogs, but less so in Facebook. It’s inconsistent.

  • @Ed – when you make the decision to be totally transparent, then I agree. Unfortunately, not everyone is aware of the risks.

  • What a huge mistake, I never accept a friend invitation from a nobody. Nor do I publish any personal details on my profiles. People are becoming very irresponsible nowadays.

  • Pingback: Do You Know Who Your Online ‘Friends’ Are? |

  • Pingback: This Week In SEO - 8/17/07 - TheVanBlog()

  • It’s enough to know your birthday date to compromise your privacy in some cases.

  • Hey, greetings from Beijing, China.
    It’s really very useful 🙂 Thanks 🙂

  • Pingback: 使用实名SNS网站(校内、Facebook)请注意安全()

  • Pingback: Facebook facing a profile privacy settings fiasco. | the sirius cybernetics corporation()

  • mooplestick

    heres a better idea. Dont make a facebook account

  • Pingback: 6 Facebook Privacy & Security Tips you Should Never Ignore » Trisat Blog()