Who Has Access to Your Address Book?

I had two friends complain that they received Facebook invitations from me today. I don’t remember sending those people invitations, and I never invite anyone to a social network without talking to them first.

1023122_bookMy friends forwarded the invitations to me. They were dated yesterday, and the headers indicated that the messages were from Facebook servers. There have been recent reports of phishing scams aimed at Facebook users, though, so I changed my Facebook password, even though I don’t have any evidence that my account has been compromised.

But then I started thinking about all of the places that could potentially have access to my address book. My “master” address list is in the Mac Address Book app, but it’s synced to my web-based Google Apps contact list, and to the Thunderbird address book on my PC laptop. It’s also synced to my Palm Treo smartphone.

I’m pretty careful about passwords, and I respect the privacy of the folks in my address book. But I’m always trying new services, and it seems like everyone wants their site to have a social component. So the list of places that might have access to my address book is appallingly long.

  • Adium
  • AirSet
  • AOL/AIM/Netscape
  • Biznik
  • Blogger
  • Chi.mp
  • Delver
  • Digsby
  • Dropbox
  • Dropcard
  • eBuddy
  • eWallet
  • Facebook
  • Flickr
  • FriendFeed
  • Ginx
  • Gist
  • GizaPage
  • Gizmo5
  • Glide
  • Gmail
  • Goodreads
  • Googaby
  • Google Apps
  • identi.ca
  • LastPass
  • LibraryThing
  • LinkedIn
  • Live.com/MSN
  • LiveJournal
  • Mikogo
  • Mozy
  • Mundu
  • MySpace
  • net4mac
  • Ning
  • OperaMail
  • Skype
  • SocialMinder
  • Soocial
  • Sprint
  • ThinkFree
  • Time & Chaos
  • Trillian
  • Twitter
  • TypePad
  • Ulteo
  • ViaTalk
  • VoxOx
  • Xmarks
  • Yahoo
  • Yuuguu
  • Zoho

Now, most of these places have clear privacy policies, and I’m sure none of them would knowingly leak their users’ data. But let’s face it, security breaches are common these days, from national governments to banks to credit card companies. So with a list that long, how can I figure out where the breach might be?

Social networks need to provide tools that let individual users track how our data is being used. Gmail, for example, has an “Activity on this account” page (accessible from the bottom of the main screen) that shows when and how the account was accessed, and from which IP address. Facebook and other social networks need to make similar information available.

In the meantime, some elementary steps will keep your data, and your contacts’ data, more secure.

  • Use anti-virus, anti-malware and firewall software.
  • Make hard-copy and off-site backups.
  • Change your system, network, email and web site passwords frequently, and make them difficult. (Use the “generate password” function included in most password storage programs.)
  • Keep track of social web sites to which you have given access to your address book data. Be extra vigilant about changing passwords for these sites, and if you aren’t using them anymore, delete your accounts.
  • Check which applications have access to your social networking accounts, like Facebook and LinkedIn. Delete any applications that you aren’t using.

Has are you keeping your address book secure?

Image by stock.xchng user xaila.


Comments have been disabled for this post