Facebook claims that it has 400 million users. But are they well-protected from prying eyes, scammers, and unwanted marketers?
Not according to Joan Goodchild, senior editor of CSO (Chief Security Officer) Online.
She says your privacy may be at far greater risk of being violated than you know, when you log onto the social-networking site, due to security gaffes or marketing efforts by the company.
Apr 22
Posted by Mike Prawicki in Uncategorized | No Comments
Written by Sarah Perez / April 22, 2010
At Facebook’s f8 conference, founder and CEO Mark Zuckerberg announced that the company was removing restrictions on user data retention within Facebook applications. Previously, the company had a policy where developers couldn’t “store and cache any data for more than 24 hours,” Zuckerberg said while speaking to the audience of Facebook developers crowded into the San Francisco Design Center on Wednesday. “We’re going to go ahead and…get rid of that policy,” he said. The audience cheered.
But should Facebook end users cheer this news, too?
For developers, the removal of this technical limitation is great news. Apps had to constantly connect to Facebook’s servers in order to refresh their data. Application load speeds were also affected as the apps would have to do this server pinging process upon first launch. Now the data the apps need will already be there – a change that may even result in noticeable performance gains for the end users of the applications.
The new policy, however, brings to light something that your average Facebook user may not have ever known at all: Facebook applications access your personal data.
We’ve looked at this issue before (see: “What Facebook Quizzes Know About You“) after the ACLU put together an awareness campaign surrounding the privacy issues of Facebook applications. Using a sample app, the ACLU’s Facebook Quiz, many everyday Facebook users were shocked to find that applications (like quizzes) could access almost everything on a user profile, including hometown, groups you belong to, events attended, favorite books, and more. What’s worse is that your profile information becomes available to developers when your friends take the same quiz.
On its own, the new data retention policy doesn’t change how developers can use the data they store. In fact, for some developers, it won’t change much of anything at all – many simply ignored Facebook’s rules about data retention in the past. Even with the change, it’s just business as usual for those developers and their apps.
That said, the indefinite storage now permitted is concerning for a few reasons. As security engineer Joey Tyson points out on his blog, a site where he has detailed numerous hacks and security holes for Facebook, Google and more, the change makes Facebook apps “far more valuable targets for attackers.”
A popular application’s database could be filled with literally millions of users’ personal details (Facebook now touts 400 million users and Facebook’s most popular app, Farmville, for instance, boasts over 81 million users). If such a database was targeted for attack, the payload for hackers could be incredible.
In addition, Tyson explains, opportunities for behavioral targeting and visitor tracking are increased since developers can now maintain complete archives of profile information.
It’s also worth noting, as tech blog VentureBeat points out, it’s impossible for Facebook to know about how application developers are using the data they collect. If a developer chooses to use that data in ways that are misleading, malicious or that break the company’s terms of agreement, Facebook may not be aware. With 500,000 supported applications, Facebook just doesn’t have the resources to police the apps they house.
To the end user, these changes may sound overwhelming and even scary. But there is something very easy everyone can do to minimize their risk and that’s delete the Facebook applications you no longer use.
The process of doing so is incredibly simple.
After signing into Facebook, do the following:
Repeat this process to remove all the apps you no longer use on a regular basis.
Doing this won’t eliminate risk entirely – nothing can do that – but it’s a good first step in reducing risk. However, as long as you have a Facebook account, your data won’t be private. If true privacy is really a concern for you, it may be time to find that account delete button instead. (Hint: it’s under “Account Settings.”)
?
Tags: developers, facebook, facebook app, facebook data, facebook f8, facebook privacy, facebook quiz, how-to, privacy, quiz, Sarah Perez, security, Zuckerberg
Apr 19
Posted by Mike Prawicki in News, Tech | No Comments
How times have changed.
Today, Facebook removed its users’ ability to control who can see their own interests and personal information. Certain parts of users’ profiles, “including your current city, hometown, education and work, and likes and interests” will now be transformed into “connections,” meaning that they will be shared publicly. If you don’t want these parts of your profile to be made public, your only option is to delete them.
The example Facebook uses in its announcement is a page for “Cooking.” Previously, you could list “cooking” as an activity you liked on your profile, but your name would not be added to any formal “Cooking” page. (Under the old system, you could become a “fan” of cooking if you wanted). But now, the new Cooking page will publicly display all of the millions of people who list cooking as an activity.
Cooking is not very controversial or privacy-sensitive, and thus makes for a good example from Facebook’s perspective. Who would want to conceal their interest in cooking? Of course, the new program will also create public lists for controversial issues, such as an interest in abortion rights, gay marriage, marijuana, tea parties and so on.
But even for an innocuous interest like cooking, itβs not clear how this change is meant to benefit Facebook’s users. An ordinary human is not going to look through the list of Facebook’s millions of cooking fans. It’s far too large. Only data miners and targeted advertisers have the time and inclination to delve that deeply.
There is one loophole β tell Facebook you’re under 18. Under Facebook’s policy for minors, your interests would only be visible for friends and family and verified networks. You would not be publicly listed on these new connection pages.
The new connections features benefit Facebook and its business partners, with little benefit to you. But what are you going to do about it? Facebook has consistently ignored demands from its users to create an easy “exit plan” for migrating their personal data to another social networking website, even as it has continued β one small privacy policy update after another β to reduce its users’ control over their information.
The answer: Let Facebook hear your frustration. Last December, when Facebook announced a new round of privacy degradations, it provoked a potent combination of public outrage, legal threats, and government investigations. In response, Facebook listened to some criticism and walked-back a few of its changes. Now it will allow users to adjust the visibility of information in their profiles, such as hiding your friend list from other friends. If you want Facebook to walk back these new changes too, let them know how you feel.
From EFF Commentary by Kurt Opsahl
Arclite theme by digitalnature | powered by WordPress
