We have updated the website’s placeholder with a simple teaser that is available as a Facebook application.
After Dave’s early test to write a simple application that would dump all your data and some from your friends, I started to use the same technique but this time to do something with bits of this information. Namely, get some of your friends’ names and insert that into a partly predetermined chunk of text.
Even though this is all quite trivial, we think it’s a rather nice demonstration on how easy identity spoofing can be achieved by third-party applications. When you allow a Facebook application to have access to your profile, you let an unknown piece of code, written by who knows who, access to a lot of your data, and even though you are always warned about this, it is highly questionable that you actually realize what it implies. Similarly we have been agreeing for more than a decade to all kind of abusive software EULA without reading and understanding their consequences.
In terms of spoofing, based on the information pulled from your profile, it would be relatively easy to write a malicious chatterbot or come up with a design trick that could partly impersonate someone you know, pretend to be in your network of friends or a trustworthy known entity in order to pull more sensitive information from you.