Add social-networking apps, forget privacy

Still, it's an honor system, says Adrienne Felt, a computer science major at the University of Virginia. A Facebook user herself, she decided to research the site's applications and even created her own so she could see how it worked.

Most of the developers Felt polled said they either didn't need or use the information available to them and, if they did, accessed it only for advertising purposes.

But, in the end, Felt says there's really nothing stopping them from matching profile information with public records. It also could be sold or stolen. And all of that could lead to serious matters such as identity theft.

"People seem to have this idea that, when you put something on the Internet, there should be some privacy model out there — that there's somebody out there that's enforcing good manners. But that's not true," Felt says.

Beacon controversy
Last year, Facebook users revolted when the company started using a tool called Beacon, which tracked its users' purchases and actions at dozens of Web sites and then broadcast the data on the pages of the users' friends.

Tips: Privacy, please! By the Associated Press — Provide enough information for your friends to be able to identify you — but not so much that someone could use information to steal your identity. There's no reason to include your entire resume, from education to work history. — Consider making your profile private so people you don't know can't "scrape" information and images from it. — Even if your profile is private, remember that your information and photos also can be accessed by third parties through your friends — and through applications developers on such sites as Facebook and MySpace. — Remove social-networking applications you're not using and check out the creators of those you do install. If something seems suspicious, report it. — Don't use the same password for social network sites that you do for online accounts that have banking and credit card information. — Check for updates on privacy policies on various sites you use. — Never assume that anything you post online is completely private. Trust your instincts. And remember that, ultimately, responsibility for the information, photos and video you post is yours. Source: Pew Internet & American Life Project; Adrienne Felt, University of Virginia; Kroll Inc.

Beacon has since been scaled back.

By comparison, the issue of personal information going to application developers, both on Facebook and now MySpace, has remained relatively quiet.

Jonathan Gaugler, a 26-year-old New Yorker, is one who finds targeted ads on his Facebook page a bit too invasive.

"Getting married? Do your registry here!" read one recent ad that showed up. Another on his fiancee's page was advertising for egg donors for fertility clinics.

"Creepy," Gaugler says.

He keeps his Facebook activity to a minimum as a result — and rarely downloads an application because he doesn't want to be further targeted.

But many others are much less cautious, seeing the risk of social networking "as low and the reward as high," says Patricia Sanchez Abril, an assistant professor at the University of Miami's business school who studies privacy law.

"It is the chosen mode of communication of everyone they know. So if you're not in it, you're just not in the loop," she says. "There's a lot of peer pressure."

What they don't realize, she adds, is that there is little legal backup if their information is used in a way they didn't intend.

"This is an area that's completely unregulated. Yes, there are contracts. But if the receiving end doesn't abide by the contract, you're still out of luck," Abril says.

And applications, she notes, are only one worry when it comes to online threats.

A social networker's friends can, for instance, give access to personal information or photos in a profile. That happened to the call girl involved in the recent sex scandal with former New York Gov. Eliot Spitzer.

Researchers at Indiana University also published a study last year showing how they "scraped" information from students' social network profiles. Posing as people's friends, they then used the information to fool the students into providing their university ID and password on a bogus external Web site.

Whether the profile is private or not, users should limit the information they post, said Tom Jagatic, one of the researchers and now a senior information technology consultant at the Massachusetts Institute of Technology. It's good advice, says Jeremy Miller, a fraud investigator based in Nashville, Tenn., but he wonders how many will heed it. He uses MySpace and sees people who routinely list everything from their income to phone numbers on their profiles — and don't even bother to make their profiles private.

"It's kind of a status symbol, so privacy takes a back seat," says Miller, who works for Kroll Inc., a risk management consulting firm. "It's much like people saying you shouldn't carry your Social Security card around in your wallet.

"But a lot of people still do it."

MORE FROM INTERNET

Internet Section Front

As Internet turns 40, barriers threaten growth Parental software is aid, not answer No music video needed for YouTube success Imdb.com allows free film, TV viewing Best Buy to acquire music-sharer Napster Wall Street Journal launches social network Yahoo's home page to get makeover Virginia court strikes down anti-spam law One in five bosses screens applicants' Web lives Facebook gets another facelift Internet Section Front   Add Internet headlines to your news reader: