Social networking juggernaut Facebook has again plunged itself into privacy controversy by announcing to developers that users’ names and mobile phone numbers will now be accessible programmatically.

Paul Ducklin, Head of Tehcnology, Asia Pacific at Sophos, explains: “This change isn’t as drastic as it might first appear, because users will need to give permission for third-party Facebook applications to access this data. But it still sounds like a recipe for disaster, given the prevalence of rogue applications on Facebook – all of which benefit from apparently being blessed by the Facebook name and brand.”

Ducklin thinks that Facebook should be making a more publicly visible effort to eliminate rogue application providers first, before opening up such valuable and easily abused personal information to its developer community.

“Facebook’s blog announcement of this change concentrates on explaining to its alleged 1,000,000 Facebook developers how to ask users for permission to access this newly liberated data,” says Ducklin. “I don’t see anything explaining to its more than 500 million users why this can be considered a valuable new Facebook feature. And I don’t see any announcement that Facebook will become more safety-conscious about how it chooses applications and developers now that it’s taking this controversial step.”

Suggestions are flying around Twitter that users should change their mobile number to that of Facebook’s US customer service line, thus ensuring that any misuse of this new feature ends up paining Facebook.

This, of course, is strictly forbidden under Facebook’s Terms of Service, which explicitly require that “you will not provide any false personal information on Facebook.” Most Facebook users are also probably ignorant that Facebook also requires that “you will keep your contact information accurate and up-to-date.”

With this in mind, Sophos advises that all Facebook users do the following:

* Remove your address and phone number from Facebook immediately. If Facebook doesn’t have this information, it can’t let it fall into the wrong hands. And you can’t be accused of deliberately giving false information.

* Review all your Facebook privacy settings. You can find a guide on how to do this at www.sophos.com.

* Join facebook.com/SophosSecurity for ongoing information about security risks and how to avoid them.

Read more about this issue here:

http://nakedsecurity.sophos.com/2011/01/16/rogue-facebook-apps-access-your-home-address-mobile-phone-number/