02:30 PM

As Facebook Preps For IPO, Privacy Tweaks

Irish and U.S. privacy audits prompt social network to make changes ahead of its IPO.

6 Social Sites Sitting On The Cutting Edge
6 Social Sites Sitting On The Cutting Edge
(click image for larger view and for slideshow)
As Facebook founder and CEO Mark Zuckerberg prepares to take his company public on Friday, the social network is getting its privacy practices in order by making it easier for users to understand what Facebook knows about them and why.

Facebook chief privacy officer Erin Egan said Friday that the social network has been working hard to make clearer "how we use data when people use Facebook." That comment came via a blog titled "Enhancing Transparency In Our Data Use Policy," which detailed the social network's many recent privacy-related revisions.

Changes include Activity Log, a new privacy tool that lets you see in one place the information you've posted to Facebook as well as adjust who gets to view that information, according to Egan. New tips--flagged by light bulb icons--have been added to help users to understand privacy policy changes, and a new Facebook section details how the site uses cookies and similar tracking technology. "We also provide more information about how we use data to operate Facebook, to advertise, and to promote safety and security for Facebook users," she said.

[ Will you use Facebook's new App Center? Read about it at Facebook App Store: Second Time The Charm? ]

In light of Facebook's upcoming IPO, those advertising changes are especially noteworthy since they give Facebook wiggle room to expand its advertising network beyond the site. Egan said Monday in a live Q&A on Facebook, "We may serve you an ad on Facebook; we may serve you an ad off of Facebook." She said that some of those advertisements might have a social context, while some "might just be for Coke." Egan added, "We have nothing to announce today."

Also during the Q&A, Egan said Facebook has revised its data retention guidelines to be clearer, noting that it will retain advertising-related user data for up to 180 days and other data only as long as it's required. "We've added a broader statement, basically saying that we will retain your data for as long as necessary to provide services," she said. "We're doing it for the minimum necessary to provide that service." For example, if you used Facebook to play Zynga games, Facebook would retain the related data until you deleted your Zynga account.

Many of Facebook's privacy-related changes have come in direct response to user feedback, according to Egan, and in the wake of an audit by the Irish Data Protection Commissioner's Office, which, Egan said, "encouraged us to enhance our data use policy to be even more detailed about how we use information." The Irish recommendations carried substantial weight, since Facebook in September 2010 designated Facebook Ireland to be in charge of all data pertaining to users outside of the United States and Canada.

Facebook last year agreed to have its privacy practices audited every two years by an external firm for the next 20 years. That was one stipulation of its settlement agreement with the Federal Trade Commission over charges that 2009 privacy changes "deceived consumers by telling them they could keep their information on Facebook private and then repeatedly allowing it to be shared and made public."

"I'm the first to admit that we've made a bunch of mistakes," said Facebook founder and CEO Mark Zuckerberg, commenting on the November 2011 settlement.

With Facebook set to go public this Friday, it appears that he may have taken some of those privacy mistakes--and regulators' related demands--to heart, including making it simpler for people to know exactly what Facebook knows about them.

During the Q&A session, for example, and in response to a user's question about how they could see what Facebook knows about them, Egan detailed the "Download a copy of your Facebook data" tool. "On your page, go to your Account Settings, and at the bottom, you can [click a link to] basically download the information that we have," she explained.

Listed information can include photos, posts, messages, lists of friends, chat conversations, and other items, and she said this information would be especially useful for anyone who was attempting to delete specific types of information from their Facebook profile. "If you want to see what we still have, after you've taken those [deletion] steps, you can see what we have."

The page doesn't list every piece of information that Facebook retains about a particular user, but Egan said that new types of information would continue to be added. She noted that it "wasn't easy" to distill all of the user information collected by Facebook in such a clear and easily accessible manner. "I really feel we're leading the industry in this," said Egan.

The Enterprise 2.0 Conference brings together industry thought leaders to explore the latest innovations in enterprise social software, analytics, and big data tools and technologies. Learn how your business can harness these tools to improve internal business processes and create operational efficiencies. It happens in Boston, June 18-21. Register today!

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
8 Ways Hackers Monetize Stolen Data
Steve Zurier, Freelance Writer,  4/17/2018
Securing Social Media: National Safety, Privacy Concerns
Kelly Sheridan, Staff Editor, Dark Reading,  4/19/2018
Firms More Likely to Tempt Security Pros With Big Salaries than Invest in Training
Sara Peters, Senior Editor at Dark Reading,  4/19/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.