Would you give a complete stranger your email address and date of birth? How about personal information about your friends?

If results of a new study on Facebook user behavior is any indication, around half of us would answer "yes" to those questions, depending on how old we are. The study also shows that Facebook users are becoming more lax with protecting their personal data than they were three years ago. What do these results signify in light of recent concerns about user privacy on the world's largest social network? And now that some user data will be indexed by Google, will users have to adjust what information they share?

In the summer of 2007, Internet security company Sophos conducted a study showing how much (or little) users understood and protected the data the made available on Facebook.

In this study, 200 friend requests were sent from a bogus account featuring a green plastic frog named Freddi Staur. The results were distressing. More than 40 percent of the Facebook users contacted responded to the fake account, and almost all of these users gave "Freddi" access to personal information.

  • 72% of respondents divulged at least one email address
  • 84% of respondents listed their full date of birth
  • 87% of respondents provided details about their education or workplace
  • 78% of respondents listed their current address or location
  • 23% of respondents listed their current phone number
  • 26% of respondents provided their IM screen name

Moreover, the folks at Sophos were able to get access to users' photos of family and friends, information about likes/dislikes, hobbies, employer details and other personal facts. A company rep write at the time of the survey, "In addition, many users also disclosed the names of their spouses or partners, several included their complete résumés, while one user even divulged his mother's maiden name - information often requested by websites in order to retrieve account details."

So, are users at the end of 2009 any less gullible than their 2007 counterparts? Have we learned to be less vulnerable to phishing schemes?

This year, Sophos created two fake accounts - one for a cat and one for a plastic duck - and went after another 200 Facebook users, this time distinguishing between 20-somethings and middle-ages users. Here's a snapshot of the information each group revealed:

Eight users friended the cat-themed fake account of their own accord, without having been contacted as part of the study; in so many words, these users pretty much volunteered to have their data phished.

As Sophos noted, "Ten years ago, getting access to this sort of detail would probably have taken a con-artist or an identify thief several weeks, and have required the on-the-spot services of a private investigator." Apparently, in the 2.0 era, all you have to do is click to send a friend request, and the desire for online popularity and more "friends" makes a phisher's job easier than giving free candy to kids.