“Most Used Words” Facebook App Is A “Privacy Nightmare”

facebook-privacyYou’ve probably seen the latest viral Facebook app pop up in your news feed: huge word clouds posted by your friends showing the most common words they’ve written in their Facebook content. It seems like a fun way to reflect on our online pasts, but digital security company Comparitech warns that the app is actually a “privacy nightmare.”

The quiz app, called “Most Used Words” and created by a company called Vonvon.me, has already been downloaded by over 17 million users. In order to use the tool, people must disclose the following information: public profile, friend list and Timeline posts.

What’s worse, the Vonvon privacy policy says that the company can store user information on any of its servers anywhere in the world, and that the company can even use “non-personally-identifying information” even after users terminate the service.

“We’ve singled out Vonvon because it recently went viral, but it’s far from the only shady data dealer to masquerade behind a viral quiz mill,” Comparitech wrote. “Facebook is a haven for a large number of these companies and, frankly, hasn’t done enough to educate or warn users about the risks.”

Fortunately, there’s an easy way to avoid forking over your info to mysterious third-party companies: simply don’t use apps that require Facebook authentication in the first place, and if they do and you still want to use them, read the terms of use very carefully.

Update: Vonvon – The application developer reached out to us and provided the following information regarding the “Most Used Words” app.

“1. We access user’s Facebook account with user’s explicit consent, with which we generate personalized quiz results. There is no storing any private information, including user’s email address, user’s contact list, user’s photo albums and such. We never store these in our databases. If the user chooses to share their quiz result, then it gets stored in Facebook’s servers, not in ours. More specifically, in case of “What are your Most Used Words” we do not store any form of original words from user’s past postings. These words are immediately disposed as soon as the user closes the web browser, and there is no way of retrieving these data from a 3rd party.

2. Again, we do not store any pieces of private information, including user’s email addresses. Therefore, we do not have anything to offer a 3rd party.

3. We made no trick to make a hole in privacy policy. There is no sneaky practice. We haven’t and have no intention to sell personal information to 3rd parties. In fact, if you compare our PP with other industry players such as buzzfeed.com or playbuzz.com, or even your own website, I don’t think you’ll find our PP any worse than others. What’s more interesting is that the original source of accusation, namely Comparitech https://www.comparitech.com/privacy-policy/ bluntly tells that they ARE WILLING TO SELL PERSONAL INFORMATIONS. We feel this very uncomfortable being accused by such a company.

4. We used to ask our users for a comprehensive list of access privilege so that they can enjoy our vast library of quizzes as smoothly as possible and without any interruption during using our service. However, we do realize that some of our users are worried about their privacy protection. To accommodate these concerns proactively, we have significantly reduced the scope of access privilege for “What Words Are Most Used” content as of 9pm PST November 23th. Since your article was posted on 25th, you did not deliver the true nature of this incident.

5. Once again, our goal is to provide entertaining & meaningful ways for our users to connect with their friends and loved ones. We are dedicated to create fun, engaging, and innovative contents while respecting our users’ privacy, and we hope our users will trust us in our efforts to creating a fun & safe platform for everyone to use.

At this moment, we are doing all we can to do minimum privacy intrusive practices to directly address users’ concerns. I genuinely wish that this event will not hurt the online quiz/entertainment industry as a whole. There are a lot of good sites than bad ones. The ones the users should be worrying about are the ones that ask user’s email address, billing and credit card information, not ones like ours.