Risk
5/14/2012
02:30 PM
50%
50%

As Facebook Preps For IPO, Privacy Tweaks

Irish and U.S. privacy audits prompt social network to make changes ahead of its IPO.

6 Social Sites Sitting On The Cutting Edge
6 Social Sites Sitting On The Cutting Edge
(click image for larger view and for slideshow)
As Facebook founder and CEO Mark Zuckerberg prepares to take his company public on Friday, the social network is getting its privacy practices in order by making it easier for users to understand what Facebook knows about them and why.

Facebook chief privacy officer Erin Egan said Friday that the social network has been working hard to make clearer "how we use data when people use Facebook." That comment came via a blog titled "Enhancing Transparency In Our Data Use Policy," which detailed the social network's many recent privacy-related revisions.

Changes include Activity Log, a new privacy tool that lets you see in one place the information you've posted to Facebook as well as adjust who gets to view that information, according to Egan. New tips--flagged by light bulb icons--have been added to help users to understand privacy policy changes, and a new Facebook section details how the site uses cookies and similar tracking technology. "We also provide more information about how we use data to operate Facebook, to advertise, and to promote safety and security for Facebook users," she said.

[ Will you use Facebook's new App Center? Read about it at Facebook App Store: Second Time The Charm? ]

In light of Facebook's upcoming IPO, those advertising changes are especially noteworthy since they give Facebook wiggle room to expand its advertising network beyond the site. Egan said Monday in a live Q&A on Facebook, "We may serve you an ad on Facebook; we may serve you an ad off of Facebook." She said that some of those advertisements might have a social context, while some "might just be for Coke." Egan added, "We have nothing to announce today."

Also during the Q&A, Egan said Facebook has revised its data retention guidelines to be clearer, noting that it will retain advertising-related user data for up to 180 days and other data only as long as it's required. "We've added a broader statement, basically saying that we will retain your data for as long as necessary to provide services," she said. "We're doing it for the minimum necessary to provide that service." For example, if you used Facebook to play Zynga games, Facebook would retain the related data until you deleted your Zynga account.

Many of Facebook's privacy-related changes have come in direct response to user feedback, according to Egan, and in the wake of an audit by the Irish Data Protection Commissioner's Office, which, Egan said, "encouraged us to enhance our data use policy to be even more detailed about how we use information." The Irish recommendations carried substantial weight, since Facebook in September 2010 designated Facebook Ireland to be in charge of all data pertaining to users outside of the United States and Canada.

Facebook last year agreed to have its privacy practices audited every two years by an external firm for the next 20 years. That was one stipulation of its settlement agreement with the Federal Trade Commission over charges that 2009 privacy changes "deceived consumers by telling them they could keep their information on Facebook private and then repeatedly allowing it to be shared and made public."

"I'm the first to admit that we've made a bunch of mistakes," said Facebook founder and CEO Mark Zuckerberg, commenting on the November 2011 settlement.

With Facebook set to go public this Friday, it appears that he may have taken some of those privacy mistakes--and regulators' related demands--to heart, including making it simpler for people to know exactly what Facebook knows about them.

During the Q&A session, for example, and in response to a user's question about how they could see what Facebook knows about them, Egan detailed the "Download a copy of your Facebook data" tool. "On your page, go to your Account Settings, and at the bottom, you can [click a link to] basically download the information that we have," she explained.

Listed information can include photos, posts, messages, lists of friends, chat conversations, and other items, and she said this information would be especially useful for anyone who was attempting to delete specific types of information from their Facebook profile. "If you want to see what we still have, after you've taken those [deletion] steps, you can see what we have."

The page doesn't list every piece of information that Facebook retains about a particular user, but Egan said that new types of information would continue to be added. She noted that it "wasn't easy" to distill all of the user information collected by Facebook in such a clear and easily accessible manner. "I really feel we're leading the industry in this," said Egan.

The Enterprise 2.0 Conference brings together industry thought leaders to explore the latest innovations in enterprise social software, analytics, and big data tools and technologies. Learn how your business can harness these tools to improve internal business processes and create operational efficiencies. It happens in Boston, June 18-21. Register today!

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: nice one good
Current Issue
E-Commerce Security: What Every Enterprise Needs to Know
The mainstream use of EMV smartcards in the US has experts predicting an increase in online fraud. Organizations will need to look at new tools and processes for building better breach detection and response capabilities.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Join Dark Reading community editor Marilyn Cohodas in a thought-provoking discussion about the evolving role of the CISO.