A viral alert proliferating on Facebook since February 2018 warns users to avoid clicking on links that promote entertainment apps or web sites offering them a glimpse of what they might look like as a bald person or as a member of the opposite sex.
This is the full text of the alert, according to which these apps are controlled by “extreme hackers” out to invade your privacy:
There is a website link traveling around Facebook at an extraordinary rate which allows you “to see what you would look like as the opposite sex” and also one that lets you see what you look like “as a bald person”.
DO NOT enter these links, they are controlled by extreme hackers who are now gaining control of people’s personal information and selling it on the black market. As soon as you have clicked share to Facebook it gives these hackers instant access to your own personal details and puts your family and friends personal details at risk.
PLEASE SHARE TO MAKE YOUR FRIENDS AWARE
As is typical of such alerts, certain features of actual Facebook apps that access personal information in users’ profiles have been misconstrued as illegal and the security threat they pose is exaggerated.
A number of apps of this kind are constantly promoted on Facebook. This example poses the question, “What would you look like as a bald person?”:
Clicking on the link opens an external web page that instructs the user to log in with Facebook to see the results:
This disclaimer appears in fine print at the bottom of the page:
This app uses data and contents only if they are publicly available or with the consent of the users. We kindly ask you to use the app only, if other users will not be affected adversely.
*Only users who have reached the age of 16 may use this free function. You agree that your picture will be transmitted to the provider FaceApp (St. Petersburg, RU) for the sole purpose of its editing and will be deleted afterwards (data protection and objection notice).
Users who log in are then presented with a dialogue box informing them that certain information (typically their Facebook profile data, photos, and e-mail address) will automatically be shared with the web site if they continue (although this particular one doesn’t, some apps also request permission to post on the user’s Facebook page). If they choose to continue, users are then presented with a selection of photos from their Facebook page and invited to choose one for the demonstration. The app displays the chosen photo side-by-side with an altered version depicting the subject without hair, and invites the user to like the app.
It is all relatively harmless, but Facebook users should take seriously all notifications to the effect that they by using the app they are granting the company that provided it access to some of their personal data.
We also advise reading the Terms of Service and Privacy notifications provided by such apps (usually via links somewhere on the associated web page) for a detailed description of what you’re agreeing to. By granting access to your e-mail address, for example, you’re agreeing to receive marketing e-mails and/or newsletters from that company. These pages are also where you would be notified if the company plans on sharing your data with third parties.
Facebook provides this general overview of what types of information games and apps are allowed to collect when you install them:
Keep in mind when you install an app, you give it permission to access your public profile, which includes your name, profile pictures, username, user ID (account number), networks and any info you choose to make publicly available. You also give the app other info to personalize your experience, including your friends list, gender, age range and locale.
In short, the companies that offer apps like these aren’t typically “hackers” (much less “extreme hackers,” which sounds exciting, but we’re not sure how one goes from being a mere hacker to an extreme one), nor do they sell your private data on the “black market.” However, when you use such apps you do grant them access to personal information in your Facebook profile, which may also be shared with third parties.
The moral of the story is: Use Facebook apps cautiously, but don’t buy into fear-mongering warnings about them.