Last night, BBC TV in the UK broadcast an investigation into Facebook security on their flagship consumer affairs program, Watchdog. Their findings have been reported in news stories worldwide.
BBC investigators set up a fake Facebook id called “Amba Friend”, contacted 100 people at random with friend requests, and reported how many accepted the invitation from a total stranger. Sure enough, plenty of people accepted the invitation and information such as home addresses and dates of birth were available for a potential identity thief to spirit away.
Sound familiar? Well, it should do because back in August Sophos conducted a remarkably similar experiment (we contacted 200 people, and used a photograph of a small plastic frog called “Freddi Staur” – an anagram of “ID Fraudster”). Unlike the BBC we stopped short of taking out credit cards in innocent people’s names – but did publish a best practice guide and record a podcast about how people can better protect their privacy on the social networking website.
The BBC contacted us a few weeks ago asking how we had run our experiment, and even suggested strongly that they might want Freddi the frog – and members of SophosLabs – to appear on camera in the studio.
We didn’t hear any more until suddenly Watchdog broadcast their startlingly similar investigation last night on BBC One. Alas, there was no sight of plastic amphibian bath toys or mention of Sophos.
It’s a shame the BBC didn’t involve us more, because we could have taken the story further. For instance, earlier this month we revealed how joining a geographic network on Facebook opens up your profile to other people even if you haven’t accepted them as friends and even if you have previously been quite careful with your privacy settings. That’s quite a problem when you realise that, for example, the London Facebook network has over 1.2 million people (and growing). Do you really want over a million strangers knowing your date of birth, cell phone number or that you’re going to the South of France on holiday for two weeks?
I guess we shouldn’t feel too miffed – after all, anything which raises awareness about individuals’ security online has to be a good thing.
But, of course, there is an enormous irony about being ripped off by a BBC consumer affairs show. Oh well, they say imitation is the sincerest form of flattery!