Not according to Joan Goodchild, senior editor of CSO (Chief Security Officer) Online.

She says your privacy may be at far greater risk of being violated than you know, when you log onto the social-networking site, due to security gaffes or marketing efforts by the company.

Facebook came under fire this past week, when 15 privacy and consumer protection organizations filed a complaint with the Federal Trade Commission, charging that the site, among other things, manipulates privacy settings to make users’ personal information available for commercial use. Also, some Facebook users found their private chats accessible to everyone on their contact list–a major security breach that’s left a lot of people wondering just how secure the site is.

In two words, asserts Goodchild: not very.

On “The Early Show on Saturday Morning,” Goodchild spotlighted five dangers she says Facebook users expose themselves to, probably without being aware of them:

1. Your information is being shared with third parties
2. Privacy settings revert to a less safe default mode after each redesign
3. Facebook ads may contain malware
4. Your real friends unknowingly make you vulnerable
5. Scammers are creating fake profiles

Below is an edited transcript of the interview.

Is Facebook a secure platform to communicate with your friends?
Here’s the thing: Facebook is one of the most popular sites in the world. Security holes are being found on a regular basis. It is not as inherently secure as people think it is, when they log on every day.

Certainly, there are growing pains. Facebook is considered a young company, and it has been around a few years now. It is continuing to figure this out. They are so young, they are still trying to figure out how they are going to make money. It is hard to compare this to others; we have never had this phenomenon before in the way [so many] people are communicating with each other–only e-mail comes close.

The potential for crime is real. According to the Internet Crime Complaint Center, victims of Internet-related crimes lost $559 million in 2009. That was up 110 percent from the previous year. If you’re not careful using Facebook, you are looking at the potential for identity theft, or possibly even something like assault, if you share information with a dangerous person you think is actually a “friend.” One British police agency recently reported that the number of crimes it has responded to in the last year involving Facebook climbed 346 percent. These are real threats.

Lately, it seems a week doesn’t go by without some news about a Facebook-related security problem. Earlier this week, TechCrunch discovered a security hole that made it possible for users to read their friends’ private chats. Facebook has since patched it, but who knows how long that flaw existed? Some speculate it may have been that way for years.

Last month, researchers at VeriSign’s iDefense group discovered that a hacker was selling Facebook usernames and passwords in an underground hacker forum. It was estimated that he had about 1.5 million accounts–and was selling them for between $25 and $45.

And the site is constantly under attack from hackers trying to spam these 400 million users, or harvest their data, or run other scams. Certainly, there is a lot of criticism in the security community of Facebook’s handling of security. Perhaps the most frustrating thing is that the company rarely responds to inquiries.

Do people really have privacy on Facebook?
No. There are all kinds of ways third parties can access information about you. For instance, you may not realize that, when you are playing the popular games on Facebook, such as FarmVille, or take those popular quizzes–every time you do that, you authorize an application to be downloaded to your profile that gives information to third parties about you that you have never signed off on.

Does Facebook share info about users with third parties through things such as Open Graph?
Open Graph is a new concept for Facebook, which unveiled it last month at its F8 conference. It actually is basically a way to share the information in your profile with all kinds of third parties, such as advertisers, so they can have a better idea of your interests and what you are discussing, so Facebook can–as portrayed–”make it a more personal experience.”

The theory behind Open Graph–even if it has not implemented it–is its whole business model, isn’t it?
That is the business model–Facebook is trying to get you to share as much information as possible so it can monetize it by sharing it with advertisers.

Isn’t it in Facebook’s best interest to get you to share as much info as possible?
It absolutely is. Facebook’s mission is to get you to share as much information as it can so it can share it with advertisers. As it looks now, the more info you share, the more money it is going to make with advertisers.

Isn’t there also a security problem every time it redesigns the site?
Every time Facebook redesigns the site, which [usually] happens a few times a year, it puts your privacy settings back to a default in which, essentially, all of your information is made public. It is up to you, the user, to check the privacy settings and decide what you want to share and what you don’t want to share.

Facebook does not [necessarily] notify you of the changes, and your privacy settings are set back to a public default. Many times, you may find out through friends. Facebook is not alerting you to these changes; it is just letting you know the site has been redesigned.

Can your real friends on Facebook also can make you vulnerable?
Absolutely. Your security is only as good as your friend’s security. If someone in your network of friends has a weak password, and his or her profile is hacked, he or she can now send you malware, for example.

There is a common scam called a 419 scam, in which someone hacks your profile and sends messages to your friends asking for money – claiming to be you–saying, “Hey, I was in London, I was mugged, please wire me money.” People fall for it. People think their good friend needs help–and end up wiring money to Nigeria.

A lot of Web sites we use display banner ads, but do we have to be wary of them on Facebook?
Absolutely: Facebook has not been able to screen all of its ads. It hasn’t done a great job of vetting which ads are safe and which are not. As a result, you may get an ad in your profile when you are browsing around one day that has malicious code in it. In fact, last month, there was an ad with malware that asked people to download antivirus software that was actually a virus.

Is too big a network of friends dangerous?
You know people with a lot of friends–500, 1,000 friends on Facebook? What is the likelihood they are all real? There was a study in 2008 that concluded that 40 percent of all Facebook profiles are fake. They have been set up by bots or impostors.

If you have 500 friends, it is likely there is a percentage of people you don’t really know, and you are sharing a lot of information with them, such as when you are on vacation, your children’s pictures, their names. Is this information you really want to put out there to people you don’t even know?

This interview, “Five Hidden Dangers of Facebook,” was originally published on CBSNews.com.

At Facebook’s f8 conference, founder and CEO Mark Zuckerberg announced that the company was removing restrictions on user data retention within Facebook applications. Previously, the company had a policy where developers couldn’t “store and cache any data for more than 24 hours,” Zuckerberg said while speaking to the audience of Facebook developers crowded into the San Francisco Design Center on Wednesday. “We’re going to go ahead and…get rid of that policy,” he said. The audience cheered.

But should Facebook end users cheer this news, too?

The Change is for Developers, “No Effect” on End Users?

For developers, the removal of this technical limitation is great news. Apps had to constantly connect to Facebook’s servers in order to refresh their data. Application load speeds were also affected as the apps would have to do this server pinging process upon first launch. Now the data the apps need will already be there – a change that may even result in noticeable performance gains for the end users of the applications.

Yes, Facebook Apps Have Your Data

The new policy, however, brings to light something that your average Facebook user may not have ever known at all: Facebook applications access your personal data.

We’ve looked at this issue before (see: “What Facebook Quizzes Know About You“) after the ACLU put together an awareness campaign surrounding the privacy issues of Facebook applications. Using a sample app, the ACLU’s Facebook Quiz, many everyday Facebook users were shocked to find that applications (like quizzes) could access almost everything on a user profile, including hometown, groups you belong to, events attended, favorite books, and more. What’s worse is that your profile information becomes available to developers when your friends take the same quiz.

Why the Policy Change is Riskier Than It Appears

On its own, the new data retention policy doesn’t change how developers can use the data they store. In fact, for some developers, it won’t change much of anything at all – many simply ignored Facebook’s rules about data retention in the past. Even with the change, it’s just business as usual for those developers and their apps.

That said, the indefinite storage now permitted is concerning for a few reasons. As security engineer Joey Tyson points out on his blog, a site where he has detailed numerous hacks and security holes for Facebook, Google and more, the change makes Facebook apps “far more valuable targets for attackers.”

A popular application’s database could be filled with literally millions of users’ personal details (Facebook now touts 400 million users and Facebook’s most popular app, Farmville, for instance, boasts over 81 million users). If such a database was targeted for attack, the payload for hackers could be incredible.

In addition, Tyson explains, opportunities for behavioral targeting and visitor tracking are increased since developers can now maintain complete archives of profile information.

It’s also worth noting, as tech blog VentureBeat points out, it’s impossible for Facebook to know about how application developers are using the data they collect. If a developer chooses to use that data in ways that are misleading, malicious or that break the company’s terms of agreement, Facebook may not be aware. With 500,000 supported applications, Facebook just doesn’t have the resources to police the apps they house.

How to Remove Facebook Applications

To the end user, these changes may sound overwhelming and even scary. But there is something very easy everyone can do to minimize their risk and that’s delete the Facebook applications you no longer use.

The process of doing so is incredibly simple.

After signing into Facebook, do the following:

1. Click on “Account” at the top-right of the screen.
2. Click “Application Settings”
3. Change the “Show” drop-down box to “Authorized.” This will show all the applications you’ve ever given permission to.
4. In the resulting list, click the “X” button on the far right next to each app you want to remove to delete it.
5. On the pop-up box that appears, click “Remove” then click “Okay” on the next box confirming the app was deleted.

Repeat this process to remove all the apps you no longer use on a regular basis.

Doing this won’t eliminate risk entirely – nothing can do that – but it’s a good first step in reducing risk. However, as long as you have a Facebook account, your data won’t be private. If true privacy is really a concern for you, it may be time to find that account delete button instead. (Hint: it’s under “Account Settings.”)

?

How times have changed.

Today, Facebook removed its users’ ability to control who can see their own interests and personal information. Certain parts of users’ profiles, “including your current city, hometown, education and work, and likes and interests” will now be transformed into “connections,” meaning that they will be shared publicly. If you don’t want these parts of your profile to be made public, your only option is to delete them.

The example Facebook uses in its announcement is a page for “Cooking.” Previously, you could list “cooking” as an activity you liked on your profile, but your name would not be added to any formal “Cooking” page. (Under the old system, you could become a “fan” of cooking if you wanted). But now, the new Cooking page will publicly display all of the millions of people who list cooking as an activity.

Cooking is not very controversial or privacy-sensitive, and thus makes for a good example from Facebook’s perspective. Who would want to conceal their interest in cooking? Of course, the new program will also create public lists for controversial issues, such as an interest in abortion rights, gay marriage, marijuana, tea parties and so on.

But even for an innocuous interest like cooking, it’s not clear how this change is meant to benefit Facebook’s users. An ordinary human is not going to look through the list of Facebook’s millions of cooking fans. It’s far too large. Only data miners and targeted advertisers have the time and inclination to delve that deeply.

There is one loophole — tell Facebook you’re under 18. Under Facebook’s policy for minors, your interests would only be visible for friends and family and verified networks. You would not be publicly listed on these new connection pages.

The new connections features benefit Facebook and its business partners, with little benefit to you. But what are you going to do about it? Facebook has consistently ignored demands from its users to create an easy “exit plan” for migrating their personal data to another social networking website, even as it has continued — one small privacy policy update after another — to reduce its users’ control over their information.

The answer: Let Facebook hear your frustration. Last December, when Facebook announced a new round of privacy degradations, it provoked a potent combination of public outrage, legal threats, and government investigations. In response, Facebook listened to some criticism and walked-back a few of its changes. Now it will allow users to adjust the visibility of information in their profiles, such as hiding your friend list from other friends. If you want Facebook to walk back these new changes too, let them know how you feel.

From EFF Commentary by Kurt Opsahl

By Emma Barnett, Technology and Digital Media Correspondent
Published: 10:57AM BST 19 Apr 2010

A raft of new products are expected to be announced at Facebook’s annual F8 conference in San Francisco later this week. Photo: BLOOMBERG

The social network is launching a new content sharing button this week, which other websites can embed onto their pages, but it will not be used by Facebook as a behavioural advertising targeting tool, as suggested in a report (limited access to non-subscribers) originally printed by The Financial Times.

A Facebook spokesman said: “The Financial Times incorrectly suggested that Facebook is launching a behavioural ad targeting at f8, our upcoming developer conference. Their story has been corrected. As we have said previously, we are moving from ‘Become a Fan’ to ‘Like’ to make the language on the site more consistent but we have no announcements or changes planned to our ad offering or ad policies.”

The new ‘like’ button has been likened to tools sites like Twitter have developed to enable users to share content they like from around the web – with the rest of their social network.

However, Facebook has clarified that it will not use this tool to track its users’ web behaviour in order to deliver highly targeted advertisements when they return to Facebook.com. Currently Facebook serves targeted adverts based only on the information people provide on their profile – such as gender and age.

A raft of new products are expected to be announced at Facebook’s annual F8 conference in San Francisco, which takes place on Wednesday. A company spokesman added: “All the products we are launching at f8 are focused on giving developers and entrepreneurs ways to make the web more social. We have no announcements or changes planned to our ad offering and ad policies.”

The way in which Facebook users become fans of brands, such as Coco-Cola, is also undergoing a minor facelift. The ‘Become a fan’ button is being replaced with an invitation to say “I like” a brand instead. These engagement adverts, which are a huge revenue generator for Facebook, once agreed to, allow the brand to send promotional messages to those consenting users which will appear in their personal news feeds.

The last time Facebook was embroiled in a major privacy dispute regarding targeted advertising was in 2007 when it tried to introduce its controversial ‘Beacon’ system. Beacon was an advertising system implemented to exploit the power of “word of mouth” marketing, which inserted details of purchases made at participating websites into the news feed of Facebook users, making it visible to all their friends.

This weekend, starting Friday at 10:30 a.m. PDT, Hulu will be live-streaming the Austin City Limits music festival. Hulu will be using its Watch Now application on Facebook, which has a live events box integrated so that users can discuss the concert as they watch.

(Credit: Hulu)

You can see the schedule of acts on the Facebook application page for the live-stream. Unfortunately, the stream features only a fraction of the acts that are playing the festival. In fact, some of the biggest acts, including Kings of Leon, Yeah Yeah Yeahs, Dave Matthews Band, and Pearl Jam are missing from the live-stream lineup. Luckily, we still get to check out some great acts like Thievery Corporation, The Decemberists, Ben Harper, and The Dead Weather. There’s no real indication of how the selection was made and I’m certainly grateful that we are getting a stream at all, but I can’t help but wish that the full compliment of acts would be available for streaming. ]]> http://prawicki.com/wordpress/hulu-to-stream-austin-city-limits-live-on-facebook/feed 0