I have read about people doing such things as 'proof of concept' type attacks indeed. However it requires that you have your privacy settings to public.
No information on my profile is public. You must set your friends to public, mine are set to 'me only', so even my friends can not see them (always wondered why anyone would set it to anything else!). Were you to friend me I would not accept as I don't know you. So this attack would not work.
It highlights the point about 'public' facebook data though, which many users are very lax with, but provided you take the steps to contain your data is not a concern. This is more about social engineering than facebook doing any scary with your data on a 3rd party / government level. The same 'job interview' situation can arrise from a blog, a forum or any service with public URLs.
Keeping your friend list private even from your friends is indeed the first necessary step to reduce the risks Facebook poses. On any other setting, whatever other data you keep "private" on Facebook is pretty much public.
Note, however, that this information may leak if you let other services access this information to build their own friend lists.
No information on my profile is public. You must set your friends to public, mine are set to 'me only', so even my friends can not see them (always wondered why anyone would set it to anything else!). Were you to friend me I would not accept as I don't know you. So this attack would not work.
It highlights the point about 'public' facebook data though, which many users are very lax with, but provided you take the steps to contain your data is not a concern. This is more about social engineering than facebook doing any scary with your data on a 3rd party / government level. The same 'job interview' situation can arrise from a blog, a forum or any service with public URLs.