Adventure Rocket Ship

I beleive that your friends running apps can also get access to your information as well, which makes the whole thing a lot less secure.

From:

naturalbornkaos.livejournal.com

I don't really understand about half of that website but I'm guessing apps = bad. :(

Ah well. I do enjoy LivingSocial...

From:

Well, sort of. Apps = fine, so long as you trust that the app-writer has secured their code.

FB does go 'You are allowing this application access to yr personal info' when you fire one up for the first time, so it's not as if you're not warned. Although that's more or less meaningless because most people click away on dialog boxes like rats in Skinner boxes while shouting 'Stupid computer!'

Me, I'm a professional paranoid unix curmugeon and generally don't trust app-developers.

From:

nalsa.livejournal.com

Apps = fine, so long as you trust that the app-writer has secured their code

Or, you trust that the app-writer isn't evil.

Hence, ditto the PPUC.

(It doesn't matter how many times you tell people, they still install "what fart are you?" on FarceCock.)

From:

I block all apps from access, i.e. I believe the API is blocked from my info altogether. Do you know if that also blocks apps run by my friends from accessing my info?

From:

hsb.livejournal.com

There's something about clickjacking in there, which he suggests means that even people who've opted out of the platform (whatever that means, I don't FB) may be vulnerable. Scroll down to earlier posts for the details, which I hope you can translate.

H

From:

It's interesting really. I wonder how much damage can be done with facebook apps. Given the ability for them to post to other people could you get one going "viral"? They have a central "stop" point though so Facebook themselves have reasonable control.

In the end, running an app on facebook is much safer than running an app on, say, your computer surely?

From:

Probably, but then most sensible people don't random strange applications on thier PC either (or rather they shouldn't). Plus at least on your PC you might have anti-virus and/or anti-malware type things to help keep you safe.

Me, I just block all FB apps. It meant I had to give up the 'where I've been' map thingy, but I think I'll live. As for the rest, I'm positively happy that I can't have snowballs and other crap sent at me.

From:

most sensible people don't random strange applications on thier PC either (or rather they shouldn't)

Hmm... I think the second not the first is my experience. Then again, I'm pretty cavalier about the whole thing too -- what's the worst that could happen -- it'll email my bank account passwords to random Nigerians, insult everyone in my address book and then delete my data. Life's too short to worry about this so what the hell, install "dodgylooking.exe" and hope.

Me, I just block all FB apps.

I went that step further by not signing up for facebook. Like Windows Vista I'm thinking "i'll skip this one and wait for the next 'must have' social network".

From:

Note the use of the word 'sensible' in my original statement. I of course probably should have acknowledged that this is a pretty small minority (especially on FB I suspect). :o)

I use FB a bit, mostly for the photo sharing, but its not a lot of use for much else.

From:

Heh... it depends on your definition of sensible -- for me "life's too short to worry that much about your data or online privacy"... would cut it. For others, not running apps except "trusted" ones (where "trusted" is never ever defined) is "sensible". :-)

From:

moral-vacuum.livejournal.com

That's because you have a) no shame and b) nothing worth stealing...

From:

I prefer to think of myself as unmaterialistic.

From:

IIRC, at least one FB app has already 'gone viral'. There was a Myspac exploit ditto, and the LJ 'crush' thing which turned out to be a data-collection exercise.

I think it's conceptually different. A FB thingy is on a far-away computer and hey, look, it's just a pretty thing that sends my friends presents. What harm could that do?

On yr home box, you can be offered nudie-prod films that you can look at if you just download this new codec-pack. In theory you'll have AV or anti-spyware code running to stop it all going Horribly Wrong, or a firewall to warn you about code making outbound connections. However, we're back to 'Nevermind that dialog box thing, show me the nudie-prod pics!'

From:

There was the LJ link poster thing that when clicked on caused you to post that same link to your LJ -- that's the nearest I've seen to an LJ virus.

I didn't hear about the FB "virus" -- I guess it was the same sort of idea.

From:

liz-lowlife.livejournal.com

I blocked Farmville because I am scared of cows...

From:

quercus.livejournal.com

The annoying bit is that the farcebook API actually seems well thought out(*), so you have to be a total careless muppet to build a dodgy app on top of it.

(*) as in, "better thought out than most Enterprise stuff in the same slot (see "LDAP lookups for authentication")

From:

LDAP...

Oh God.

From:

quercus.livejournal.com

SSO: Serious Snake Oil

From:

[FX: Boggle]

I've taken to answering those sorts of question with 'No. Kerberos.' and then providing worked examples for java/perl/apache/radius/weenix/solaris.

From:

r-is-for-rachel.livejournal.com

Kerberos isn't the answer either. Role-based access control through Kerberos ends up horribly perverse.

From:

Kerberos is a useful answer to the first iteration of that question. Authz is the other half of the problem. 'Your institution is fucked' is a good answer too.

From: