That “most used words” Facebook Quiz is a Privacy Nightmare

That “most used words” Facebook Quiz is a Privacy Nightmare
By Paul Bischoff

Over 16 million people have agreed to give up almost every private detail about themselves to a company they likely know nothing about just to play a quiz.

imag1

Lately, you’ve probably seen a couple of your Facebook friends post the results of a quiz app that figures out your most used words in statuses. Or maybe you posted it yourself. It looks something like this:

image2

The “quiz,” created by a company called Vonvon.me, has risen to over 16 million shares in a matter of days. It’s been written about in the Independent, Cosmopolitan, and EliteDaily. Sounds fun, right?

Wrong. That’s over 16 million people who agreed to give up almost every private detail about themselves to a company they likely know nothing about.

“Oh! If i click here and auth in with facebook it’ll scan my entire year of posts, store the data and tell my most used words. sign me up!”

— Saved You A Click (@SavedYouAClick) November 19, 2015

The app, like many Facebook quiz apps, is a privacy nightmare. Here’s a list of the information quiz players have to disclose to Vonvon.me:

  • -Name, profile picture, age, sex, birthday, and other public info
  • -Entire friend list
  • -Everything you’ve ever posted on your timeline
  • -All of your photos and photos you’re tagged in
  • -Education history
  • -Hometown and current city
  • -Everything you’ve ever liked
  • -IP address
  • -Info about the device you’re using including browser and language

The Oxymoronic Privacy Policy

Even if you take the “I have nothing to hide” approach to privacy, the app also collects a fair bit of information about your friends. Vonvon’s privacy policy leaves a lot to be desired. Let’s walk through it to see why you should steer clear of this quiz or any of the dozens more on Vonvon’s site. First off, for those who have already played the quiz, there’s no take backs:

[…] you acknowledge and agree that We may continue to use any non-personally-identifying information in accordance with this Privacy Policy (e.g., for the purpose of analysis, statistics and the like) also after the termination of your membership to this WebSite and\or use of our services, for any reason whatsoever.

Your information could be stored anywhere in the world, including countries without strong privacy laws. A Whois search reveals Vonvon.me was registered in Korea, but it operates under several languages including English, Vietnamese, Malaysian, and Korean:

Vonvon processes Personal Information on its servers in many countries around the world. Such information may be stored on any of our servers, at any location.

Vonvon is free to sell your data to whomever it pleases, for a profit. Vonvon says it will not share personal information with third parties without permission, but just by playing the quiz you’ve technically given it permission because it assumes you’re a responsible person who reads the privacy policy. Of course, most people who play the quiz are not that responsible.

[…] We do not share your Personal Information with third parties unless We have received your permission to do so, or given you notice thereof (such as by telling you about it in this Privacy Policy) […]

Yes, it actually says that. Worst of all, Vonvon skirts responsibility after it has sold your data to third parties, who can do whatever the hell they want with it:

[…] this Privacy Policy does not apply to the practices of entities Vonvon does not own or control, or to individuals whom Vonvon does not employ or manage, including any third parties to whom Vonvon may disclose Personal Information […]

Companies who you have never met can now access your entire Facebook profile, friends, photos, statuses and all, and use them in ways you never directly agreed to. By the way, if you edit the permissions before authenticating the app with Facebook, Vonvon won’t allow you to play the quiz.

Abstinence Is The Best Privacy Policy

We’ve singled out Vonvon because it recently went viral, but it’s far from the only shady data dealer to masquerade behind a viral quiz mill. Facebook is a haven for a large number of these companies and, frankly, hasn’t done enough to educate or warn users about the risks. Social Sweethearts, a similar company based in Germany, creates quiz apps that are so bold as to collect your email address. Hope you like spam.

So how can you protect yourself? The easiest way is to avoid online quizzes that require Facebook authentication altogether. Go to the apps section of your Facebook profile, where these data miners often reside, and remove anything you don’t 100 percent trust. Many of them can even hijack your Facebook and post on your behalf. Stick to quizzes that just let you share the results without logging in with your Facebook account, such as the ones on Buzzfeed.

If you insist on authenticating a Facebook quiz app, be sure to check the permissions and read the privacy policy or terms of use.

Paul Bischoff is a freelance writer and journalist.