Facebook quiz determines your most-used words… in exchange for your personal info

A viral Facebook quiz that helps determine people's most-used words requires a large number of permissions during the sign-up process.

Created by a company called Vonvon.me, the quiz (which we won't link to here) asks that you sign up to complete it by entering in your Facebook login credentials. According to the company's website, over 17 million people have already agreed and taken the quiz.

Vonvon

Once you log in, you are required to hand over several bits of personal information about yourself. Those include the following:

  • Name
  • Profile picture
  • Sex
  • Birthday
  • Hometown
  • Current city
  • Educational history
  • IP address and other information relating to their device

But that's not all. According to the company's Privacy Policy, Vonvon can continue to use your information even if you decide to terminate your account.

You are also granting the company permission to store your information on servers all over the world, including in locations where your data might not be adequately protected.

Perhaps most alarmingly, although Vonvon says that it will not share personal information with third-party companies unless you give it permission to do so, this clause does come with a caveat:

"We do not share your Personal Information with third parties unless we have received your permission to do so, or given you notice thereof (such as by telling you about it in this Privacy Policy)"

It looks like agreeing to the Privacy Policy substitutes as a form of user consent. It feels sneaky to say the least.

That doesn't appear to be stopping some in the media from promoting the quiz, inviting readers to try it out for themselves.

Screenshot of Facebook post

Since Comparitech first broke the story about this quiz, labeling it a "privacy nightmare", Jonghwa Kim, CEO of Vonvon, has issued a statement in which he explains that his company stores personal information only "to generate your results" and "for entertainment purposes."

As for selling data to third-parties, Kim flat out denies what he calls a "misleading accusation":

"As we do not store any personal information, we have nothing to sell. Period," Kim explains.

As we all know, this is not the first Facebook app that has demanded excessive permissions from its users.

Indeed, as noted in the LA Times by Claire Gartland, who serves as consumer protection counsel at the Electronic Privacy Information Center, "there are countless apps just like this that collect just as much information."

That being said, it might be worth our time to review what we have linked to our social media accounts now and then.

To tweak the bits of information to which your Facebook apps have access, click on the lock icon on Facebook's top right corner. Next go to "See More Settings", followed by the "Logged in with Facebook" list under the Apps section. You can then click "x" to remove apps you don’t trust or recognize.

In the long term, it might be a wise decision to also stop filling out those stupid Facebook quizzes altogether.

If you are on Facebook, and want to be kept updated with news about security and privacy risks, and tips on how to protect yourself online, join the Graham Cluley Security News Facebook page.

Tags: , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, ,

6 Responses

  1. coyote

    November 26, 2015 at 1:48 am #

    'stores personal information only "to generate your results" and "for entertainment purposes." '

    … I'm sure it'll be entertaining to all victims (i.e. those who actually allow this – they are a victim of themselves as well as this organisation) once their details are made public…

    I'm also sure that they need your:

    IP address; city; name; education level; and the other things mentioned

    … in order to generate a list of what your most frequently used words are. That is so completely stupid it is scary to believe that people would fall for it (scary but still unsurprising). Why the hell would you need that information in order to get a word count and generate statistics on them ? Obviously you don't. It is a simple programming exercise and nothing else. It seems pretty clear that their privacy policy does allow [those things] despite what they claim; if they are so sure of it perhaps they should review their privacy policy – or ask their lawyers (and also their programmer [surely they do not need more than one ?]) to speak instead.

    Completely pathetic.

  2. Jim

    November 26, 2015 at 10:14 am #

    As well as the information you list, the app can clearly read all your posts, comments etc, to determine what your most common words are. Why not store those too …

  3. Simon

    November 26, 2015 at 10:40 am #

    It's a great social experiment (pardon the pun).

    Use a famous social media platform, have something to draw attention too, have a disclaimer a mile long that no one will bother to read, have a fun/captivating activity, yay it was fun, like it and pass it on…

    It's somewhat shady from Vonvon, but 'if' they've put out their intentions in writing for people to read/accept, it's the poor sods that used it that have themselves to blame.

    • coyote in reply to Simon.

      November 26, 2015 at 8:29 pm #

      True. But it doesn't mean Vonvon is being responsible or ethical – or even technically (especially in programming) competent (unless they only declare they need that much information in order to abuse it). And it doesn't mean the victims necessarily deserve the consequences of a terrible mistake (lack of awareness is a huge problem but that's all it is – a lack of awareness).

  4. PeteF

    November 27, 2015 at 4:01 am #

    The app also for some unspecified reason requires access to your Friends list. I saw that and walked away, but I know too many people who jumped in with happy cries of But It's Only A Bit Of Fun. I hope they don't regret it later.

  5. Dude

    December 5, 2015 at 9:31 pm #

    It also knows who you are related to, where you were born, where you live etc.

    So if it was to hand that info over to say… a dictorial government, they could find you and your family, and capture you easily, because you gave them all your personal details for free!

    There is nothing-short of avoiding the internet, we can do to stop it happening. Technology is too good, and control by dick heads who want to control and make $. There is nothing that cana be done about it short of living as a hermit!

Leave a Reply