The 'Most Used Words' Facebook app is a privacy nightmare

Shutterstock

More than 17 million people have used a Facebook app ('Most Used Words') to find out the terms they say most often on the social network -- and have given up access to virtually all of their Facebook data to advertisers in order to do it.

A backlash is developing against the 'Most Used Words' app, after it was shown that as well as scanning the data of all Facebook posts made in 2015, it is also harvesting a tranche of other personal information.

Comparitech, a tech comparison and review website, dug into the specifics of the app and showed that users must declare they are willing to "give up almost every private detail" about themselves to use Vonvon.me's service.

According to the site, the application collects each of its users' names, their profile picture, everything that has been posted to the timeline, photos, home town, entire friend list, IP address, education history, and information about the device used to access Facebook.

It is by no means the only time that a Facebook app has been criticised for the personal data it is collecting about its users; even WhatsApp, for instance, has recently left unanswered questions over why it needed to access a reporter's contacts more than 23,000 times over seven days.

'Most Used Words' is far from the only app to have such extensive policies regarding your data, but its recent viral success could mean many more users are at risk than might otherwise be the case. And while it is possible on Facebook and other apps to limit what an app can access, that option it typically overlooked by users, who click through without checking the app's privacy settings.

As Comparitech highlight, the 'Most Used Words' app's privacy policy says information it gathers can be stored on Vonvon's servers "at any location" in the world. If a user's personal data is stored in a different country on one of the company's servers it may not have the same privacy protections as it did in the country where it was created. The European Court of Justice's recent ruling that Safe Harbour, which saw a data sharing agreement between the UK and US, is invalid was made because there were not adequate privacy protections for user data in the US.

The privacy policy also says that Vonvon is able to "use any non-personally-identifying information" you provide it with, even after the "termination" of membership with the company or use of its services.

Vonvon also states in its policy that it won't pass on a person's information to third party companies -- unless it has informed the user of its plans to do so,including telling you about it in the privacy policy: "We do not share your Personal Information with third parties unless We have received your permission to do so, or given you notice thereof (such as by telling you about it in this Privacy Policy), or removed your name and any other personally identifying information from it."

The policy says the company uses the personal data to provide "age-appropriate and gender-related" adverts, paid for by external companies.

The privacy policy also states that it does not cover what third parties might do with your data: "This Privacy Policy does not apply to the practices of entities Vonvon does not own or control, or to individuals whom Vonvon does not employ or manage, including any third parties to whom Vonvon may disclose Personal Information".

It is unclear if any users' data has been sold, or what Vonvon.me plans to do with it. But as ever, your best course of action is probably not just to use it. And in case you're curious, your most used word on Facebook was probably this emoji.

This article was originally published by WIRED UK