Facebook quizzes are (still) a privacy threat (update)

An online quiz that illustrates the words you use the most on Facebook as a "word cloud" has gone viral -- and it's a great reminder of why you should be wary of connecting ostensibly fun games with your account. UK-based VPN comparison website Comparitech has delved into how it collects not just your name, but also your birthdate, hometown, education details, all your Likes, photos, browser, language, your IP address and even your friends list if you link it with Facebook. Too many details for a simple game, right? If you agree, you may want to think hard before linking any other FB quiz in the future, because most of them require you to give up a similar list of information.

(Vonvon has released a statement noted in the update below the fold.)

You'll typically see what details an FB quiz app requires on the page asking you to authorize its connection with the social network. Some apps allow you to choose which info you're willing to share: If you're lucky, you'll be able to give up as little as possible and still be able to play the game. In this case, the application didn't work properly when I didn't allow it to access most of my details. That said, it's pretty easy to click through and overlook the part where you can choose the info an app can access. And if you've been using Facebook extensively, chances are you've done it at least once or twice in the past.

Now the real problem is, like any other entity that collects data, these apps collect it for a reason. According to Comparitech,, the mysterious company that created the Your Most Used Words on Facebook quiz, notes in its Privacy Policy that if you log in with FB, you're giving it express permission to continue using your info even after you terminate your account. You're also permitting it to store your details in any of its servers around the world, even in places where your privacy isn't protected by the law. Vonvon does note that it wouldn't share your personal info with third parties unless it has notified you first, but in the same sentence, it admitted that the Privacy Policy itself is already one way of notifying you. Tough luck if you haven't read it before clicking OK, because agreeing to the policy is equivalent to allowing the company to sell or share your details.

As we've mentioned earlier, one way to circumvent the issue is to tweak what the app can access. To get rid of older apps you already authorized, click the lock icon on the social network's top right corner and go to "See More Settings." You can see the "Logged in with Facebook" list under the Apps section -- click "x" to remove any application that you don't trust or recognize. As Comparitech said, though, the best way to protect your data is to abstain from connecting third-party quizzes to your profile. After all, even if you don't care about your privacy, the people in your friends list, whose details some applications also collect, might care about theirs.

Update: According to Vonvon CEO Jonghwa Kim, Vonvon is a young Korean startup that's less than a year old. "We only use your information to generate your results, and we never store it for other purposes. For example, in the case of the Word Cloud, the results image is generated in the user's Web browser, and the information gathered from the user's timeline to create personalized results are not even sent to our servers," he told Engadget.

Kim also said that the non-identifying information the quizzes collect is used for analytics, and that its police states that the company "share[s] personal information only in case of compliance with law. There's no clause states that we share personal information to other businesses."

To summarize, he said:

1. We only use personal information to generate personalized results, and we never store it in our databases.

2. We have modified our process of asking for personal information from asking for a comprehensive list to asking for the bare minimum required for each type of content.

3. We do not store personal information. Therefore, we do not sell

4. We made no trick to make a hole in privacy policy. We haven't and have no intention to sell personal information to 3rd parties.