Michael Zimmer.org

You can file this in the “altogether not that surprising” category: The IT security firm Sophos has conducted a little experiment to see how easily it might be to obtain personal information from Facebook users. They created a fabricated Facebook profile called Freddi Staur (an anagram of ‘ID Fraudster’), a small green plastic frog who divulged minimal personal information about himself. Freddi then sent friend requests to 200 random users to observe how many people would respond, and how much personal information could be gleaned from the respondents. There findings are quite revealing:

• 87 of the 200 Facebook users contacted responded to Freddi, with 82 leaking personal information (41% of those approached)
• 72% of respondents divulged one or more email address
• 84% of respondents listed their full date of birth
• 87% of respondents provided details about their education or workplace
• 78% of respondents listed their current address or location
• 23% of respondents listed their current phone number
• 26% of respondents provided their instant messaging screenname

In the majority of cases, Freddi was able to gain access to respondents’ photos of family and friends, information about likes/dislikes, hobbies, employer details and other personal facts. In addition, many users also disclosed the names of their spouses or partners, several included their complete résumés, while one user even divulged his mother’s maiden name – information often requested by websites in order to retrieve account details. Sophos has a full write-up of the experiment here.

This makes for a nice little cautionary tale about how much information you divulge online, and how one should be careful about making it available to random strangers to view and collect. For its part, Sophos has published a “best practices” for Facebook users, providing their recommendations on how to configure Facebook’s extensive (and, unfortunately, complicated) privacy settings.

[via David Faser]