Lesson to be learn here. Between employers checking out your frat parties and your personal info being sent around...DON'T USE SITES LIKE THIS. People are a way bit too liberal in sharing themselves on the internet and not having a more unrecognizable persona.

People don't understand that Facebook is not = to myspace. Facebook potential shares very personal information....information that you input, but still information that CAN be used incorrectly. The name and address aren't a big deal, as this stuff comes on your mail anyway. But detailed information, where you go/went to school, where you/have worked, your phone numbers, this is all information that thieves can use to their advantage.

As a rule of thumb, the people on your friends list on facebook had better REALLY be your friend and know your real name and phone number anyway ie: co-workers/school friends etc. So, don't accept requests from names you don't know first and foremost. Those names you do know, make sure you have some dialogue before you add them or accept requests, and a photo would be good also. Nothing beats the dialogue though, that's how you know the person on the other end is 'really' the person you know since most other stuff can be 'copied'.

This is stupid paranoid B.S. There is nothing wrong with giving out your name, birthday, employer's name and address, photographs of friends and family, and work resumes. If someone asked me in a bar what my birthday was I wouldn't consider it an invasion of privacy. Heck often in restaurants the staffs sings to people on their birthday and maybe gives them a dessert or coupon or something... OOH NO THE RESTAURANT is advertising your birthday to the world!!!!

Don't ask my NAME, that's a VERY personal question... simply refer to me as "He who should not be named"! As for your resume people tend to pass those around to whoever will take them, they typically include your name, and the name and address of your current and former employers.

Now the idiot who gave out their mothers maiden name is the only real risky behavior here. But out of 200 invites if only "at least one" person gave out that information I don't think it's too bad.

Personally I keep my street address and phone numbers hidden (though I tend to give out my city, state, and zip info so you could find my phone number and address in a phone book if you're so inclined... OMFG... THE PHONE BOOK IS A HUGE PRIVACY ISSUE... it has names, addressess and phone numbers in it... it's the END OF THE WORLD.

You people who think this is a big deal are a bunch of paranoid idiots in my book but hey don't worry about it, just crawl back in your vaults and hide from all the millions of big bad identity thieves who are after you. Oh and Sophos who performed the study I'm sure would be happy to sell you stuff to protect you from this HUGE threat. Stupid sheep.

"There is nothing wrong with giving out your name, birthday, employer's name and address photographs of friends and family"
Except maybe the stalker ex!

What makes this scary is companies no longer need to mine for your information, you're giving it to them freely. This problem also extends far beyond facebook as well.

Then again I'm completely plugged in. Apathy is a huge factor in this too I guess.

Actually, we have been giving it to them for years. We should have cried foul long ago. Instead, many of us have been conditioned to just hand it over.

For example, take that little "cents-off" plastic tab on your keyring which is used by grocery stores. As a college professor (marketing), I was screaming about people so freely giving up even that information years ago.

In fact, I could always make a point regarding privacy by having a student simply walk into the grocery store, demonstrate a "sincere" desire to be helpful to some stranger, show a set of keys that were "found," and ask for the information to return them to their owner.

Performing that exercise across many years, only once did a grocery store refuse to give the requesting student the requested and supposedly private information (i.e., owner's address, phone number).

Meanwhile, my dentist got a tad upset just a couple of days ago when I refused to give him my SSN, which he uses to file his patients' records. In other words, there's still a lot of educating the public yet to be done.

In other words, 41% of Facebook users are completely clueless dumb-asses.

Actually, I'd wager that 41% is on the low side...

People like this keep me employed.

So ? What's the big deal ? I don't see the problem... People can get your name / age /sex ? Wahou ! Scares to death........ :-...

And the 00's will be remembered for the so called 'social' networking experiment... so social it makes people stay in the bedrooms and talk to people instead of walking out their front door. :-P

Like the 'e-90s', I suspect come the '10s, social networking will appear nothing like it is now... and have grown up... E-commerce isn't a fad now and much more stable then the fly-by-nighters of the ninties.. lets hope the same happens with social networking.

This is a twist.....Im sure these people didn't directly come out and say, "my past employer was Proctor and Gamble, in New Hampshire"....

But due to the way Facebook's "priviledges" are set up, you can input Addresses, businesses, employer information, etc....and then set security level of WHO can access that information.

This is part of the reason why you gotta be careful on these networks....If you are going to input your real street address into Facebook, and go about adding Bands, comic characters, and bath toys, who knows who may have access to those accounts...

That's part of the reason why I have inputed my address, set the security so only "Friends" can view it, and I only accept invitations who I've met previously.

And this is further proof that there are tens of millions of folks who just shouldn't even have a computer, let alone access to the internet.

Yes, I've become an internet snob since taking on my new position as an IT Security and Compliance guru... Actually, I already was one, I just have an excuse now.

Hmmm to do list.

1.Buy plastic frog/locate picture of plastic frog online....
2.Set up fake facebook account.
3.Steal peoples identities and blame it on plastic frog !!!
4.Profit !!!

Just kidding :)
hmmmm I wonder if a GI Joe action figure would have got more information...
I dont trust Barbie....

I would have used a monkey. Everyone loves monkeys. :p

Or owls. Everyone loves poofy owls.

Oh man I totally thought this was my ex girlfriend. Mybad. yo, please don't give my soc security, member size, or OS of choice to the masses! PLEASE! I BEG YOU!

1 Suckah is born every minute....

Just one?

Quanti?

This begs the question:

Gahh!

*runs away*

If instead of a plastic frog, Sophos had chosen to use a real photograph of a non-celebrity and a non-anagram name, would more people have responded so willingly? Or fewer?

Evidently, it follows that

If instead of a plastic frog, Sophos had chosen to use a real photograph of a non-celebrity and a non-anagram name, would more people have responded so willingly? Or fewer?

Since, afterall

If instead of a plastic frog, Sophos had chosen to use a real photograph of a non-celebrity and a non-anagram name, would more people have responded so willingly? Or fewer?

It requires no thought whatsoever.

Bzzzt.

The "Or Fewer" kills it.

It should have been "raises the question".

*runs away again*

Sorry. Pet peeve. Seem to have a lot of them lately.

Not really a biggie, it's become pretty standard to interchange the two, so I guess language just evolved. Even if it's in a direction I dislike.

/me tilting at windmills.

Mind if I root for the windmills ...? :P

You do realise I was being quite ironic.

I am familiar with what begging the question means. ;)

Wasn't sure. Missed the /sarcasm tag. It was an "interesting" night...

I honestly don't understand why these people give out personal information. My real friends know my information. Those who don't know my information, I don't care about them.

Born 1/31/1988
Mom's maiden name is Dunn
My employers name is Craig Laparde
Born in Grand Rapids, Michigan.
HD-DVD's decryption key is O9-f9-11-02-9d-74-e3-5b-d8-41-56-C5-63-56-88-c0

Oh noes! Now I know everything I need to know about you! (and your HD-DVD's, sir!)

Seriously, what's the big deal? It's a social networking site, you can choose what information can and cannot be seen. I think most people just don't care enough to hide it. Honestly, I couldn't care less if people on Facebook can see my name, dob, phone #, aim s/n, etc. If I felt like Facebook posed any real threat to me I wouldn't put that info up there.

Well the concern is that name, birthday and your mother's maiden name is enough to do some identity theft. That's often the question banks and credit card companies ask when verifying your identity over the phone.

What's even crazier is my bank closes at 5:30, and I just got back from there and running some errands.

Believe it or not, they also ask you for your account number, and your pin number. Weird. I don't think anyone releases too sensitive of material as far as giving thieves too much info.

The only threat I see is underaged girls giving out there phone numbers, which gives away the address.

Hey Scott. Interesting point you make at the end there. When we were setting up the experiment we did actually consider using the picture of an attractive woman (we thought most guys wouldn't be able to resist!), but then thought it would be more interesting to use something utterly inanimate who no-one could claim was really a friend -- and who clearly had a nonsensical name.

My guess is that people will real malicious intentions would set up their fake id to appeal most to their intended target victim.

By the way, one particularly alarming thing about the way Facebook works is how, by default , it will share your profile details with people in the same networks. The London network, for example, has over 800,000 members... which means the majority of them are - perhaps unknowingly - sharing private data with 799,999 others.

I would recommend people read our best practise tips on the Sophos website, and apply more common sense about what information they feel comfortable posting online.

Regards, Graham Cluley, Sophos

Hi, Graham!

Thanks for the comment. I hope you don't mind that I tried to see past the obvious conclusion of your survey and point to what I think is a deeper problem: There appears to be an innate need among the users that Facebook targets to be more open about oneself than one would rationally be. If you'd used a pretty face rather than a plastic frog, I think it might have been too easy for naysayers to jump to the wrong conclusion. The fact is, it's not sex appeal that compels people to reveal their vital data - it's another need entirely.

-SF3