Facebook Adds Pages Without Confirmation
Facebook has again decided that you don't need to be consulted before things are added to your profile. Last time, they decided that applications were OK to be added without your permission. Now, they're allowing web site owners to add pages to the list of pages you like without confirming that you want that page added. Have you recently checked your list of Likes and Interests to make sure you actually know what's on there?
The problem, in my opinion, comes from the combination of a series of flawed assumptions:
- People know exactly what they're doing,
- Web site owners will always display the standard graphics that allow easily distinguishing the Facebook Like button from other web site elements,
- Web site owners will never attempt to trigger a "Like" action without a user clicking on the "Like" button, and
- People will only ever click Like on things they actually like.
Of course, the reality is substantially different. The average user doesn't know how to distinguish a well-made fraudulent web site from a legitimate corporate site, or even a typical fraudulent site from the average personal web site. Web site owners may be using only the approved graphics in general, but since Facebook is a disturbingly effective marketing vehicle there are also plenty of web site owners who will set their site up such that a person will add something to their Facebook profile without realizing it.
The simplest way to fix this is to require people to approve, from their Facebook profile, every request to change any part of their profile that didn't come directly from their personal Facebook settings page or an approved application. Yes that would mean more work for people on Facebook, but it's better than allowing what is essentially social engineering. There is always a trade-off between security and ease of use, but sometimes a decision against usability is actually the right choice.
Just think about this for a minute. If you see a recommendation for an article or product through an ad, are you more or less likely to look at it as compared to if you see a recommendation from a friend you trust? Advertisers already know the answer to that question, and Facebook is (whether knowingly or not is open for debate for now) assisting what could be a significant social engineering problem.
