Hijacked by an App! Preventing “SchoolFeed” and other apps from abusing your Facebook account.

If you are like most of us, you probably use Facebook, Twitter and other assorted forms of social media to share information and keep up with friends, colleagues and family. Many of these apps are integrated with other apps we use regularly, such as LinkedIn, Photobucket, and countless others. Most of these are legit; we have *asked* for the connection and have authorized it, and we genuinely do want the apps to integrate for promoting what we choose to promote.

But some apps are more insidious, using shady, invasive and virus-like methods to leech our information and do things “on our behalf”, before we have asked them to.

One invasive app I encountered yesterday was “SchoolFeed”, a social network site that is associated with Classmates.com. Now don’t get me wrong, I *do* wish to share things with classmates for purposes of class reunions and catching up with old friends, but SchoolFeed went way too far for me.

I had been getting SchoolFeed “invitations” for a few months as notices in my email. Most of these were from existing Facebook friends. Anyone who uses Facebook knows that we normally get tons of invites and they often go ignored. But when a dear old friend sent me an invitation for SchoolFeed relating to the webpage of a school we had both attended, I finally clicked on it, thinking that if she likes it, it must be good.

Well, I must have accepted or authorized some sort of Facebook connection with SchoolFeed at that moment. I probably presumed that it was fairly harmless, and that I would get notices of  class reunions and whatnot. I wish I could replicate what I did, but I don’t know exactly what I clicked.

My “Huh?” Moments…

Almost immediately, I began to notice some odd things or “red flags”. The first was that my good friend (who had presumably sent me the SchoolFeed invite) had a nude image of a male on her SchoolFeed account profile. It is not like her to post a nude male on her profile! Thinking it was some sort of joke that someone had pulled on her, I posted “Huh?” on the image, so as to alert her to the problem. I then logged out and didn’t think too much of it for a little while longer.

Later I began to get messages from several of my other Facebook friends in my email, responding to requests I had supposedly sent them to like or join various schools’ webpages on SchoolFeed. This was my second “Huh?” moment, because I never attended any of those schools and had never sent the invitation to join those SchoolFeed pages! Some of the school websites I was supposedly asking people to join were even in foreign countries!

I logged into Facebook to see what the hell was going on. To my dismay, I saw in my Facebook “Activity Log” (available on the Facebook Timeline homepage) that I had sent invitations to my several hundred Facebook friends to like or join a particular school’s SchoolFeed page – again from schools I never attended or had even heard of. All done on the same day I had apparently “authorized” a connection with SchoolFeed.

As an instructional technologist, I am fairly computer-savvy. I recall nothing about authorizing SchoolFeed to send any sort of invitations to my Facebook friends. But without my asking, SchoolFeed invited all my friends to join various school pages on their website, and made it look like it the invitation came from me. So…not only did SchoolFeed “use” (i.e. hack) my Facebook friends list, but they also used personal information about each of my Facebook friends, to find out what schools they attended. I am sure that SchoolFeed does this to expand their client base, but it is insidious, unethical and unwarranted to do this without any of our permission.

Feeling mortified that I had unknowingly spammed all my Facebook friends, I posted an immediate apology on Facebook saying that I did not authorize or deliberately send a SchoolFeed invitation and that I am sorry that it happened. I began to get comments from friends “wondering what that was about” or that they were “surprised by it”. I noticed I had even had lost one or two Facebook friends… possibly because of sending them unwanted spam.

I did a little research on Google and began to notice other posts about the many problem with SchoolFeed, including an excellent post by Andrew Couts, here, and another one by  The Bulldog Estate, here.

So what can we do about this “rogue” software?

First you can Block SchoolFeed from Facebook, which is immediately what I did.

1. From your Facebook Timeline home page, go to the little gear icon in the far upper right, and select Privacy Settings.


2. On the Privacy page, select Blocking.

3. Go to the bottom of the Manage Blocking page, where it says Block Apps, and type “SchoolFeed” (no quotes) in the box. It will probably open up a drop down where you can select SchoolFeed before you are even done typing it all. Just select it and you are done. It will now be listed below, as one of your blocked apps. You can take the time to block any other unwanted apps while you are there. You can always “unblock” anything later.


Other Safety Suggestions

First of all, don’t just blindly accept or authorize a connection to an app from Facebook or any other app you currently use, even if a very good friend sent it. S/he may have not even sent you the invitation knowingly!

The other thing you may want to check while you are in Facebook (under that little gear to the far right again) is go to Account SettingsApps, and make sure all the Apps that you authorized are indeed ones that you feel safe about using. Do you really want them posting on your behalf? If you are not sure, Google about them to see if others have experienced or reported problems. Some of these apps are fine and reputable – they don’t post things without asking you, and you may indeed want them to be connected to Facebook. But remember they all take some sort of information from you and could potentially lead to Privacy or other issues, so use with caution. You can always block them or edit any of their settings as desired.



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: