Excellent resource to remove rogue applications from your Facebook account from @sophos

Rogue application spreads virally

Once again, a rogue application is spreading virally between Facebook users pretending to offer you a way of seeing who has viewed your profile.

As we've described a couple of times before, plenty of Facebook users would *love* to know who has been checking them out online.. but unfortunately scammers are aware of this, and use the lure of such functionality as a way to trick you into making bad decisions.

Messages spreading rapidly across the Facebook social network right now say:

OMG OMG OMG... I cant believe this actually works! Now you really can see who viewed your profile! on [LINK]

OMG OMG OMG... I cant believe this actually works! Now you really can see who viewed your profile!

If you're tempted to click on the link you're taken to a webpage which encourages you to go a little deeper and permit an application to have access to your Facebook profile.

See who viewed your profile!

Rogue application requests access rights

But do you really want complete strangers to be able to email you, access your personal data and even post messages to any Facebook pages you may administer?

If you've got this far then you really shouldn't go any further. Scams like this have been used to earn commission for the mischief makers behind them, who have no qualms about using your Facebook profile to spread their spammy links even further.

Because if you do continue, you'll find that your profile will be yet another victim of the viral scam - spreading the message to all of your online Facebook friends and family. And no, you don't ever find out who has been viewing your profile.

OMG OMG OMG... I cant believe this actually works! Now you really can see who viewed your profile!

Ever wondered how many people fall for a scam like this? Well, the figures can be shocking. This current campaign is using a variety of different links - but via bit.ly we can see that at least one of them has already tricked nearly 60,000 people into clicking.

Stats for bit.ly link

I've informed the security teams at both bit.ly and Facebook about these links, and requested that they be shut down as soon as possible.

Always think before you add an unknown application on Facebook, and ask yourself if you're really comfortable with ceding such power to complete strangers. Rogue application attacks like this, spreading virally, are becoming increasingly common - and do no good for anyone apart from the scammers behind them.

If you've been hit by a scam like this, remove references to it from your newsfeed, and revoke the right of rogue applications to access your profile via Account/ Privacy Settings/ Applications and Websites.

Here's a YouTube video where I show you how to clean-up your Facebook account:

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

And don't forget to warn your friends about scams like this and teach them not to trust every link that is placed in front of them. You can learn more about security threats by joining the thriving community on the Sophos Facebook page.

Facebook Privacy Resources

Recently a friend sent me a note asking about Facebook and expressing concerns for her family and online privacy in general.  I am asked about this a lot and it is something to be concerned about.  Two years ago I did a seminar providing an overview of the (then) emerging social media world and suggesting some basic privacy steps.  Most of the information was focused on keeping kids safe online.  Surprisingly, way back in 2009, most of my friends were not even on Facebook!  You should see them now :)

I followed the session with a blog post that included some additional resources:

NBC Today Show - "OMG My Mom's on Facebook!" Handouts: Social Networking Summary Students Rules for Online Safety Family Contract for Online Safety USA Today article ' "Kids Reveal a lot about themselves online" Resources: Social Networking: A Parents Guide (FTC) MySpaceMyKidsNetSmartz.org WiredSafety.org The Child Safety Network GetNetWise.org SafeTeens.com Books: MySpace Unraveled MySpaceMyKids Facebook for Dummies Monitoring Software: CyberPatrol CyberSitter NetNanny

I thought I would take the opportunity to provide some updated information and resources around Facebook, social media and online privacy.  In general, Facebook has done a much better job of providing tools to manage privacy.  The problem is that these settings rarely default to a reasonable level and they can be very confusing to get set correctly.  

On Facebook, start by being selective with your "friends".  I may be the only person in America but I can assure you, I know every one of my 190 Facebook friends!  I blogged about this a few years ago and generally follow this filter for social media:


The first resource I wanted to share is an app that I like from ReclaimPrivacy.org (article):

ReclaimPrivacy.org is an app is a that runs while you're logged in to Facebook and looks over your privacy and profile settings to make sure your settings are configured to protect your data from prying eyes, advertisers, or partners who use apps and games to collect information about you. The scanner comes in the form of a bookmarklet that you click once you're logged in, and a frame will open at the top of your Facebook screen that shows you which settings are configured securely and which areas have information about you available to the public.  It works fairly well and is a good starting point.

Another excellent resource comes from Nick O'Neil (Twitter, Facebook).  Nick has written a book (article and link below) that provides great insight into basic Facebook privacy settings.  

In addition to Facebook privacy you also need to be concerned with your personal information being spread around the web by sites like Spokeo, WhitePages.com and MyLife.  These sites are information aggregators.  Spokeo recently caused a privacy stir and Fox News (and many others) covered the story:

Spokeo a Growing Threat to Internet Privacy, Cyber Security Experts Warn 

Websites such as Spokeo aggregate information from multiple database to create scarily complete profiles, not just of public figures like Al Gore, but private citizens too.

Unfortunately while you can easily opt out of these sites individually (Spokeo instructions and Google privacy) they share and sell data to each other.  This is not illegal (at least not yet).  They are using information from tax appraisal districts, state information, public records and open social sites like MySpace, Facebook and Twitter.

Kim Komando offers her advice on Spokeo (sorry for the commercials!):

... and on Facebook privacy, pretty basic stuff but useful.

If you're still not scared take a look at the "State of Cybercrime" report.  It details the explosive growth of malware and spyware.  Even if you take every reasonable protection online, if your computer becomes infected your information can be stolen via malware.  Sorry to be "Debbie downer" :)

It is a difficult task to stay on top of your personal privacy.  The internet has enabled quick sharing, mining and aggregation of your data.  Start with Facebook and check search for your information online often.  The reality is that if you don't want someone to know something about you (ie phone number, address, pictures of kids, location...) don't put it online.  I suggest staying away from Facebook location services.  Other services including Foursquare and Gowalla are still early and can be dangerous.

I would, however, say that you CAN protect yourself on Facebook.  We should not be locking ourselves in a closet. I enjoy social media and love being on Facebook, Twitter, TripIt, LinkedIn and Yelp.  But I am conscious of my settings and what I am sharing.  You should be too.


Tom Cuthbert

10 Privacy Settings Every Facebook User Should Know

1. Use Your Friend Lists

-Friend Lists Icon-I can’t tell you how many people are not aware of their friend lists. For those not aware of what friend lists are, Facebook describes them as a feature which allows “you to create private groupings of friends based on your personal preferences. For example, you can create a Friend List for your friends that meet for weekly book club meetings. You can create Friend Lists for all of your organizational needs, allowing you to quickly view friends by type and send messages to your lists.”

There are a few very important things to remember about friend lists:

  • You can add each friend to more than one friend group
  • Friend groups should be used like “tags” as used elsewhere around the web
  • Friend Lists can have specific privacy policies applied to them

I’ll touch on each of the things listed above in more detail later. A typical setup for groups would be “Friends”, “Family”, and “Professional”. These three groups can then be used to apply different privacy policies. For example, you may want your friends to see photos from the party you were at last night, but you don’t want your family or professional contacts to see those photos.

Using friend lists is also extremely useful for organizing your friends if you have a lot of them. For instance I have about 20 friend lists and I categorize people by city (New York, San Francisco, D.C., Tel Aviv, etc), where I met them (conferences, past co-workers, through this blog), and my relationship with them (professional, family, social, etc).

You can configure your friend lists by visiting the friends area of your Facebook.

2. Remove Yourself From Facebook Search Results

-Facebook Search Listing Screenshot-

My mom is a teacher and one of the first things she asked me when she joined Facebook is how she could make sure her students couldn’t see that she was on the site. Understandably my mom doesn’t want her middle school students to know what she’s up to in her personal life. There are numerous reasons that individuals don’t want their information to show up in search results on Facebook, and it’s simple to turn off your public visibility.

How to Remove Yourself From Facebook Search Results
Now that you’ve decided that you would like to remove yourself from Facebook’s search results, here’s how to do it:

  1. Visit your search privacy settings page
  2. Under “Search Visibility” select “Only Friends” (Remember, doing so will remove you from Facebook search results, so make sure you want to be removed totally. Otherwise, you can select another group, such as “My Networks and Friends” which I believe is the default.)
  3. Click “Save Changes”

By default, Facebook makes your presence visible to the network you are in. Frequently, people aren’t aware of their visibility, so this is one of the first settings that users wish to modify. By selecting “Customize” from the search visibility drop down you can make your settings even more granular.

3. Remove Yourself From Google

-Public Search Listing Screenshot-

Facebook gets A TON of traffic from displaying user profiles in search engines. Not all of your profile is displayed though. Currently the information displayed in the search profile is limited to: your profile picture, a list of your friends, a link to add you as a friend, a link to send you a message, and a list of up to approximately 20 fan pages that you are a member of.

For some people, being displayed in the search engines is a great way to let people get in contact with you, especially if you don’t have an existing website. Facebook also tends to rank high in the search results, so if you want to be easy to find, making your search profile can be a great idea. Many people don’t want any of their information to be public though.

By visiting the same search privacy settings page listed in the previous step, you can control the visibility of your public search listing which is visible to Google and other search engines. You can turn off your public search listing by simply unchecking the box next to the phrase “Create a public search listing for me and submit it for search engine indexing” as pictured in the image below.

-Facebook Public Search Disable Screenshot-

4. Avoid the Infamous Photo/Video Tag Mistake

-Drunk Tagged Facebook Photo-

This is the classic Facebook problem. You let loose for a few hours one night (or day) and photos (or videos) of the moment are suddenly posted for all to view, not just your close friends who shared the moment with you. The result can be devastating. Some have been fired from work after incriminating photos/videos were posted for the boss to see. For others, randomly tagged photos/videos have ended relationships.

At the least, a tagged photo/video can result in personal embarrassment. So how do you prevent the infamous tagged photo or video from showing up in all of your friends news feeds? It’s pretty simple. First visit your profile privacy page and modify the setting next to “Photos Tagged of You”. Select the option which says “Customize…” and a box like the one pictured below will pop up.

Select the option “Only Me” and then “None of My Networks” if you would like to keep all tagged photos private. If you’d like to make tagged photos visible to certain users you can choose to add them in the box under the “Some Friends” option. In the box that displays after you select “Some Friends” you can type either individual friends or friend lists.


5. Protect Your Albums

-Facebook Photos Profile Screenshot-Just because you’ve uploaded photos doesn’t mean that you’ve accurately tagged every photo correctly. This setting is more of a reminder than anything else. Frequently people will turn of their tagged photo visibility to certain friend lists yet keep their photo albums public to the world. If you are trying to make all your photos invisible you must do so on an album by album basis.

There is a specific Photos Privacy page from which you can manually configure the visibility of each album (as pictured below). This is an extremely useful configuration option and I highly recommend that you take advantage of it. This way you can store your photos indefinitely on Facebook yet ensure that the only people that can view your photos are the ones who you really want to see them.

-Facebook Photos Privacy Screenshot-


6. Prevent Stories From Showing Up in Your Friends’ News Feeds

-Relationship Status Notification Change Option Screenshot-

Oh, did you really just break up with your girlfriend? I’m sorry to hear that. I’m sure all of your friends and business contacts are also sorry to hear that. I can’t tell you how many awkward relationship status changes I’ve seen. The most regular one I’ve seen recently is when an attractive female ends their relationship and numerous guys hop on the opportunity to console her.

I’ve also seen the end of marriages, as well as weekly relationship status changes as individuals try to determine where their relationship stands with their significant other. My personal policy is to not display a relationship status, but many like to make a public statement out of their relationship. For those individuals, it can be a smart move to hedge against future disasters.

There are a number of ways to control how your relationship status is displayed. The first thing that most people should do is uncheck the box next to “Remove Relationship Status” in the News Feed and Wall Privacy page. In the rare instance that a relationship does uncomfortably end, you can avoid making things more uncomfortable by avoiding a friend notification about it.

Second, your relationship status falls within your “Basic Information” section of your profile. You can control who can see your basic information next to the “Basic Information” setting on the Profile Privacy page. Keep in mind that other relevant profile information like your gender, birth date, networks, and other settings are visible within your basic information section.

Making your basic information completely invisible to friends probably isn’t a good idea, but removing the news feed stories about relationship changes most likely is.

7. Protect Against Published Application Stories

-Have Sex! Notification Screenshot-

This one is a little more tricky to manage but I’ll explain the issue at hand. Frequently when you add an application, a news feed item is immediately published to your profile. One way to get instantly embarrassed is to visit the “Have Sex!” application (found here). This application has no purpose besides telling your friends that you are interested in having sex with them. Without taking any action, the application will post a news feed story to your profile which says the equivalent of “Nick just published to the world that he is having sex!”

This is surely something that none of your professional contacts if any of your contacts are interested in seeing (honestly I’m a bit confused about that application, but that’s a different story). That’s why it’s important to monitor what takes place after you install an application on Facebook. Once you install an application you should visit your profile to ensure that no embarrassing notification has been posted to your profile.

More often then not, nothing will be posted but there are many applications on the platform unfortunately that publish stories without you knowing it. There are two ways to avoid having this happen: don’t visit applications or scan your profile every time that you do. Ultimately you shouldn’t be concerned about applications that you’ve built a trusted relationship with but any new applications could potentially post embarrassing notifications.

8. Make Your Contact Information Private

I personally use Facebook for professional and personal use and it can frequently become overwhelming. That’s why I’ve taken the time to outline these ten privacy protection steps. One of the first things I did when I started approving friend requests from people that I hadn’t built a strong relationship with, was make my contact information visible only to close contacts.

The contact information is my personal email and phone number. It’s a simple thing to set but many people forget to do it. Frequently people we don’t know end up contacting us and we have no idea how they got our contact information. Your contact privacy can be edited right from your profile. If you have chosen to enter this information, you should see a “Contact Information” area under the “Info” tab in your profile.

If it displays, you simply click “Edit” and then a screen like the one pictured below will show up.

-Profile Contact Edit Form Screenshot-

For each contact item that you have in your profile you should set custom privacy settings (as pictured below) so that contacts that you aren’t close to don’t have access to your phone number and/or email. It’s a small change but it can save you the hassle of being pestered by people you don’t know well. Also, protecting your privacy is generally a good practice to get in the habit of doing.

As a side note, this is a great area to take advantage of friend lists. By getting in the habit of grouping your friends, you can ensure that you are navigating Facebook safely through privacy settings that are attached to your friend lists.

9. Avoid Embarrassing Wall Posts

Just because you use Facebook for business doesn’t mean your friends do. That’s why once in a while a friend of yours will come post something embarrassing or not necessarily “work friendly” and it can end up having adverse effects. That’s why Facebook has provided you with the ability to customize your wall postings visibility. You can also control which friends can post on your wall. There are two places you can control these things.

Adjust Wall Posting Visibility

-Facebook Wall Story Settings Screenshot-

Within your profile page you can control who can view wall postings made by your friends. To do so, click on the “Settings” icon on the wall in your profile page. Next, find the box pictured in the image above and adjust the setting which says “Who can see posts made by friends?” I’d suggest using a strategy similar to the one outlined in the previous step regarding contact information.

Control Who Can Post to Your Wall
In addition to controlling who can view wall postings published by your friends, you also want to control which friends can post on your wall. Not everybody needs to do this, but occasionally you simply want to prevent some people from posting on your page. If you visit the Profile Privacy settings page, there is a section labeled “Wall Posts”.

From this area you can completely disable your friends’ ability to post on your wall. You can also select specific friend lists that can post on your wall. Personally, I don’t really care who can post on my wall but I can understand the need to control who can see those wall postings. If you want to limit who can post wall posts on your profile, this is where you can do it.

10. Keep Your Friendships Private

While it’s fun to show off that you have hundreds or thousands of friends on Facebook, some of your friends don’t want to live public lives. That’s why it’s often a good policy to turn off your friends’ visibility to others. I’ve had a number of individuals visit my profile and then selectively pick off friends that are relevant to them for marketing purposes, or other reasons.

Whatever the reason they are doing it, just know that they are … it’s part of what makes Facebook so addictive: the voyeuristic nature. Also, your friends are frequently visible to the public through search engines and exposing this information can ultimately present a security risk. To modify the visibility of your friends, visit the Profile Privacy page.

Navigate down to the setting which says “Friends” and then modify the setting to whatever is right for you.

-Custom Friend Visibility Settings Screenshot-


These are just ten ways that you can protect your privacy on Facebook. While there are a few other small things to keep in mind, these ten settings are most important. Keep in mind that while you may have turned off the visibility of many profile sections, there is no way to prevent all photos or videos from being visible if friends of yours make the images visible.

The best way to prevent embarrassing items from showing up on Facebook in the future is to not make bad judgements in your personal life. We’re all human though and being completely paranoid about every choice you make is probably not the best way to live your life. Be aware of what privacy settings are available and be conscious of what your friends may be publishing about you.

While you may not want to configure all of the privacy settings outlined, simply knowing how to do so is a great step in the right direction. By following the 10 settings listed above you are well on your way to an embarrassment free future on Facebook!

Holy Grail of Facebook Privacy



The Dawn of the Social Consumer

One more article worth reading if you (like me) are following the evolution of social shopping.


What may sound like buzz words or mere hype, is actually the beginning of the end of business as usual. Welcome to the rise of the social consumer and a new era of social commerce. Look at the picture above and think about how physical and online stores can integrate the social graph into the shopping experience right now. The possibilities are limitless and we can introduce everything today.  Read the complete article here >>

The Future of Local Commerce = Facebook + Foursquare + Yelp + Groupon

I tend to believe that local advertising will follow the description outlined in this article.  The combination of these socially empowered, locally focused, geo-targeted and cost efficient mediums to connect consumers with advertisers is unique.  More than that, it could be game changing.  I've been following this trend closely and it is worth watching... the future is closer than you might think.

There’s been much hype, crazy valuations, and overall market excitement about businesses that promise to unleash the power of the social graph, location, recommendations and group buying. Facebook’s latest valuation according to SecondMarket is now about 
$30 billion, Foursquare raised$20 million at a post-money valuation of $115 million while still at a pre-revenue stage, Yelp, short of selling for $550 million to Google, raised over $25 million at an undisclosed but very high valuation, and finally Groupon raised $135 million at a whopping $1.35 billion valuation. So besides their huge success with the investment community, and their users, what do these companies have in common, and what does all this have to do with disrupting Local Commerce?

In an August TechCrunch guest post, Alex Rampell, describes how Online2Offline commerce is a potential trillion dollar opportunity. The gist of it is that we spend most of our disposable income offline, in local stores, restaurants, and shopping malls. But companies like Groupon, Gilt, and other group buying and private sale startups are changing the money flow. People buy online, and redeem offline. But this is just the beginning of a perfect storm brewing that will change the way we discover, shop, and pay for things. Let’s focus on the main function each of these different startups provide to understand how bringing them together will ultimately disrupt multiple trillion dollar industries:

  • Facebook: provides the Social Graph, which is fast becoming a utility. Through its open platform, and APIs, we share more about our lives and our interactions online and on mobile every day.
  • Foursquare and Gowalla: provide location services and check-ins, along with game mechanics that motivate users to unlock badges, earn mayorships, and get discounts at local stores in the process.
  • Yelp: provides crowdsourced reviews of local businesses. Now also provides check-ins, and offers.
  • Groupon: provides discounted offers against a promise to increase sales and bring in brand new customers to local businesses.

The interesting thing here is that there’s a lot of overlap between the features offered by these companies. Recently, Facebook launched Places, a mobile geo-location service that mimics Foursquare local check-ins. Yelp also added check-ins, and recently rolled out Yelp Deals, a Groupon clone.

Considering that Local Commerce will be mostly mobile, one of these companies still must bring all of these features together, along with one-click payments (IMHO), to truly tap into the potential of all these disruptive technologies. In my mind, the ultimate product combines all these features in a mobile app. A user would launche the app, see what special deals are in her area (location + group buying), whom of her friends already bought the coupon/item (social graph), local reviews from friends (social graph + reviews), and then she could then buy the desired coupon in one click on her handset. She could walk into the local business with a discount code, barcode, or maybe at some point in the future, an enabled RFID tag, and redeem what she just bought.

All of these companies, with the exception of Yelp, are at an early stage of their product development in this space. Facebook Places is lacking the gaming mechanics of Foursquare, the reviews of Yelp, and the local deals of Groupon. Foursquare is missing scale in its discounted offers. Yelp is missing the reach of the social graph, and the embedded payments. Groupon is lacking core social graph features that would give it better relevance through social shopping.

So which one of these companies will succeed in unleashing the power of Local Commerce by combining the right set of features with the appropriate on-the-ground salesforce? My bet is on Facebook to be first. They have a large advertising sales organization that could reach out to local businesses, already are supposedly testing offers on Places, they have de-facto more distribution and social graph access than any of the other companies, and finally they are building a true payments platform.

Groupon and Yelp also have a decent shot at it, but it will be tough to compete with Facebook’s distribution capabilities and ubiquity. In order to remain relevant, they will have to innovate and come up with original features. Foursquare’s future is probably going to be more challenging with more players entering their space, but it it could end up being bought (once again for founder Dennis Crowley) by Google, which is preparing to aggressively go after the local commerce opportunity.

Techcrunch Editor’s note: The preceding guest post is by David Marcus, founder and CEO of Zong, a mobile payment provider for Facebook Credits, AT&T and hundreds of leading destination websites and mobile applications