Facebook Quiz is a Privacy Nightmare by Guest Blogger


That “most used words” Facebook quiz is a privacy nightmare

Lately, you’ve probably seen a couple of your Facebook friends post the results of a quiz app that figures out your most-used words in statuses. Or maybe you posted it yourself. It looks something like this:


The “quiz,” created by a company called Vonvon.me, has risen to over 16 million shares in a matter of days. It’s been written about in the Independent, Cosmopolitan, and EliteDaily. Sounds fun, right?

Wrong. That’s over 16 million people who agreed to give up almost every private detail about themselves to a company they likely know nothing about.

The app, like many Facebook quiz apps, is a privacy nightmare. Here’s a list of the info the quiz requests players disclose to Vonvon.me:

  • Name, profile picture, age, sex, birthday, and other public info
  • Entire friend list
  • Everything you’ve ever posted on your timeline
  • All of your photos and photos you’re tagged in
  • Education history
  • Hometown and current city
  • Everything you’ve ever liked
  • IP address
  • Info about the device you’re using including browser and language

Note: In light of this article, Vonvon has reduced the number of permissions required.

The privacy policy

Even if you take the “I have nothing to hide” approach to privacy, the app also collects a fair bit of info about your friends. Vonvon’s privacy policy leaves a lot to be desired. Let’s walk through it to see why you should steer clear of this quiz or any of the dozens more on Vonvon’s site. First off, for those who have already played the quiz, there’s no take backs:

[…] you acknowledge and agree that We may continue to use any non-personally-identifying information in accordance with this Privacy Policy (e.g., for the purpose of analysis, statistics and the like) also after the termination of your membership to this WebSite and\or use of our services, for any reason whatsoever.

Your information could be stored anywhere in the world, including countries without strong privacy laws. A Whois search reveals Vonvon.me was registered in South Korea, but it operates under several languages including English, Vietnamese, Malaysian, and Korean:

Vonvon processes Personal Information on its servers in many countries around the world. Such information may be stored on any of our servers, at any location.

Vonvon is free to sell your data to whomever it pleases for a profit, although they have since confirmed they have no intention of doing this. Vonvon says it will not share personal information with third parties without permission, but just by playing the quiz you’ve technically given it permission because it assumes you’re a responsible person who reads the privacy policy. Of course, most people who play the quiz are not that responsible.

[…] We do not share your Personal Information with third parties unless We have received your permission to do so, or given you notice thereof (such as by telling you about it in this Privacy Policy) […]

Yes, it actually says that. Worst of all, Vonvon skirts responsibility after it has given your data to third parties, who can do whatever the hell they want with it:

[…] this Privacy Policy does not apply to the practices of entities Vonvon does not own or control, or to individuals whom Vonvon does not employ or manage, including any third parties to whom Vonvon may disclose Personal Information […]

Companies who you have never met can now access your entire Facebook profile–friends, photos, statuses and all–and use them in ways you never directly agreed to. By the way, if you edit the permissions before authenticating the app with Facebook, Vonvon won’t allow you to play the quiz. Edit: You can remove all permissions except your public profile and Facebook timeline posts, and still play the quiz. Most people that play probably won’t bother, though.

Abstinence is the best privacy policy

We’ve singled out Vonvon because it recently went viral, but Facebook is full of shady data dealers to masquerade behind viral quiz mills. Facebook is a haven for a large number of such companies and, frankly, hasn’t done enough to educate or warn users about the risks. Social Sweethearts, a similar company based in Germany, creates quiz apps that are so bold as to collect your email address. Hope you like spam, suckers!

So how can you protect yourself? The easiest way is to avoid online quizzes that require Facebook authentication altogether. Go to the apps section of your Facebook profile–where these data miners often reside–and remove anything you don’t 100 percent trust. Many of them can even hijack your Facebook and post on your behalf. Stick to quizzes that just let you share the results without logging in with your Facebook account, such as the ones on Buzzfeed.

If you insist on authenticating a Facebook quiz app, be sure to check the permissions and read the privacy policy or terms of use.




One Comment

Comments are closed.