Finding My Trail of Logins With Facebook Was a Security Wake-Up Call

Disorganization runs in my family. My dad once lost his car keys by mysteriously leaving them in the fridge, and I misplaced 12 (!) student IDs over four years at college. 

For someone like me, using Facebook to log in to apps and websites has been a no-brainer for the past few years. I can barely remember where I put my phone five minutes ago, let alone a password I created last month.

But as more and more people around me delete Facebook over privacy worries, it got me wondering what, exactly, I’ve shared–and with whom–over the years on Facebook. I decided to look under the hood at my account to see. 

Facebook says it monitors what third parties have access to your information frequently. The site’s Apps and Websites section, located in Settings, allows you to look at everything you’ve used Facebook to log in to since 2015, divided into three groups.

  1. Active – the apps and websites I’ve used recently
  2. Expired – logins I haven’t used in more than 90 days
  3. Removed – apps and websites that I’ve specifically told to stop sharing information

Deleting an app from your phone doesn’t always mean deactivating permissions. A beer rating app I’d played around with but didn’t keep when I got a new phone is still listed as Active. Oops. 

It makes sense to link apps I use often, like Spotify and my dating apps, with my social network. But other choices I’d made in the past were baffling. I’m not sure why I logged in to TrustedHousesitters.com. And apparently I was so into the fast fashion website Tobi in 2017 that I logged in with Facebook, despite the fact that I have never bought something from the site. Was mindlessly browsing for deals on crop tops really worth exposing some of my personal information to a possible breach?

Giving Facebook access

A Lifehacker article described using a social media site login like showing the third party a “gate” to a house. “They don’t get the keys to the house, they just know where the door is,” the article says.

But things are always evolving on the internet. Reports surfaced in 2018 that Cambridge Analytica scraped the data of 87 million people from 200,000 users who took a personality quiz. Some recent research showed that Facebook’s login mechanism may be vulnerable to third-party tracking scripts.

It worried me to see that even when I’d elected to remove privileges to some third parties, Facebook tells me that they can still access data I’d chosen to share in the past. In a lot of cases, that includes things like my friends list, my birthday, a profile picture—things I wouldn’t normally upload or include with a separate account on a website. Seems like once I’ve let someone in a gate, they can come and go as they please–even after the party’s over.

In the end, I removed permissions for most of my 40+ apps and websites, keeping only the ones I use weekly. Facebook makes you confirm the removal of each third party individually. It’s slightly time-consuming, but worth the sense of closure I got when I shut the gate behind me.

    Dashlane

    Dashlane gives everyone who uses the internet a simple way to live savvier online. Generate strong, randomized passwords for every account, and autofill logins, personal info, and payment details instantly—without compromising your data security. Dashlane works across devices on every major operating system and browser, making the internet safer and easier to navigate at home, at work, and on the go.

    Read More