Risk
5/14/2012
02:30 PM
Connect Directly
RSS
E-Mail
50%
50%

As Facebook Preps For IPO, Privacy Tweaks

Irish and U.S. privacy audits prompt social network to make changes ahead of its IPO.

6 Social Sites Sitting On The Cutting Edge
6 Social Sites Sitting On The Cutting Edge
(click image for larger view and for slideshow)
As Facebook founder and CEO Mark Zuckerberg prepares to take his company public on Friday, the social network is getting its privacy practices in order by making it easier for users to understand what Facebook knows about them and why.

Facebook chief privacy officer Erin Egan said Friday that the social network has been working hard to make clearer "how we use data when people use Facebook." That comment came via a blog titled "Enhancing Transparency In Our Data Use Policy," which detailed the social network's many recent privacy-related revisions.

Changes include Activity Log, a new privacy tool that lets you see in one place the information you've posted to Facebook as well as adjust who gets to view that information, according to Egan. New tips--flagged by light bulb icons--have been added to help users to understand privacy policy changes, and a new Facebook section details how the site uses cookies and similar tracking technology. "We also provide more information about how we use data to operate Facebook, to advertise, and to promote safety and security for Facebook users," she said.

[ Will you use Facebook's new App Center? Read about it at Facebook App Store: Second Time The Charm? ]

In light of Facebook's upcoming IPO, those advertising changes are especially noteworthy since they give Facebook wiggle room to expand its advertising network beyond the site. Egan said Monday in a live Q&A on Facebook, "We may serve you an ad on Facebook; we may serve you an ad off of Facebook." She said that some of those advertisements might have a social context, while some "might just be for Coke." Egan added, "We have nothing to announce today."

Also during the Q&A, Egan said Facebook has revised its data retention guidelines to be clearer, noting that it will retain advertising-related user data for up to 180 days and other data only as long as it's required. "We've added a broader statement, basically saying that we will retain your data for as long as necessary to provide services," she said. "We're doing it for the minimum necessary to provide that service." For example, if you used Facebook to play Zynga games, Facebook would retain the related data until you deleted your Zynga account.

Many of Facebook's privacy-related changes have come in direct response to user feedback, according to Egan, and in the wake of an audit by the Irish Data Protection Commissioner's Office, which, Egan said, "encouraged us to enhance our data use policy to be even more detailed about how we use information." The Irish recommendations carried substantial weight, since Facebook in September 2010 designated Facebook Ireland to be in charge of all data pertaining to users outside of the United States and Canada.

Facebook last year agreed to have its privacy practices audited every two years by an external firm for the next 20 years. That was one stipulation of its settlement agreement with the Federal Trade Commission over charges that 2009 privacy changes "deceived consumers by telling them they could keep their information on Facebook private and then repeatedly allowing it to be shared and made public."

"I'm the first to admit that we've made a bunch of mistakes," said Facebook founder and CEO Mark Zuckerberg, commenting on the November 2011 settlement.

With Facebook set to go public this Friday, it appears that he may have taken some of those privacy mistakes--and regulators' related demands--to heart, including making it simpler for people to know exactly what Facebook knows about them.

During the Q&A session, for example, and in response to a user's question about how they could see what Facebook knows about them, Egan detailed the "Download a copy of your Facebook data" tool. "On your page, go to your Account Settings, and at the bottom, you can [click a link to] basically download the information that we have," she explained.

Listed information can include photos, posts, messages, lists of friends, chat conversations, and other items, and she said this information would be especially useful for anyone who was attempting to delete specific types of information from their Facebook profile. "If you want to see what we still have, after you've taken those [deletion] steps, you can see what we have."

The page doesn't list every piece of information that Facebook retains about a particular user, but Egan said that new types of information would continue to be added. She noted that it "wasn't easy" to distill all of the user information collected by Facebook in such a clear and easily accessible manner. "I really feel we're leading the industry in this," said Egan.

The Enterprise 2.0 Conference brings together industry thought leaders to explore the latest innovations in enterprise social software, analytics, and big data tools and technologies. Learn how your business can harness these tools to improve internal business processes and create operational efficiencies. It happens in Boston, June 18-21. Register today!

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6306
Published: 2014-08-22
Unspecified vulnerability on IBM Power 7 Systems 740 before 740.70 01Ax740_121, 760 before 760.40 Ax760_078, and 770 before 770.30 01Ax770_062 allows local users to gain Service Processor privileges via unknown vectors.

CVE-2014-0232
Published: 2014-08-22
Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 before 11.04.05 and 12.04.01 before 12.04.04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a (1)...

CVE-2014-3525
Published: 2014-08-22
Unspecified vulnerability in Apache Traffic Server 4.2.1.1 and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks.

CVE-2014-3563
Published: 2014-08-22
Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.

CVE-2014-3587
Published: 2014-08-22
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists bec...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.