02:30 PM

As Facebook Preps For IPO, Privacy Tweaks

Irish and U.S. privacy audits prompt social network to make changes ahead of its IPO.

6 Social Sites Sitting On The Cutting Edge
6 Social Sites Sitting On The Cutting Edge
(click image for larger view and for slideshow)
As Facebook founder and CEO Mark Zuckerberg prepares to take his company public on Friday, the social network is getting its privacy practices in order by making it easier for users to understand what Facebook knows about them and why.

Facebook chief privacy officer Erin Egan said Friday that the social network has been working hard to make clearer "how we use data when people use Facebook." That comment came via a blog titled "Enhancing Transparency In Our Data Use Policy," which detailed the social network's many recent privacy-related revisions.

Changes include Activity Log, a new privacy tool that lets you see in one place the information you've posted to Facebook as well as adjust who gets to view that information, according to Egan. New tips--flagged by light bulb icons--have been added to help users to understand privacy policy changes, and a new Facebook section details how the site uses cookies and similar tracking technology. "We also provide more information about how we use data to operate Facebook, to advertise, and to promote safety and security for Facebook users," she said.

[ Will you use Facebook's new App Center? Read about it at Facebook App Store: Second Time The Charm? ]

In light of Facebook's upcoming IPO, those advertising changes are especially noteworthy since they give Facebook wiggle room to expand its advertising network beyond the site. Egan said Monday in a live Q&A on Facebook, "We may serve you an ad on Facebook; we may serve you an ad off of Facebook." She said that some of those advertisements might have a social context, while some "might just be for Coke." Egan added, "We have nothing to announce today."

Also during the Q&A, Egan said Facebook has revised its data retention guidelines to be clearer, noting that it will retain advertising-related user data for up to 180 days and other data only as long as it's required. "We've added a broader statement, basically saying that we will retain your data for as long as necessary to provide services," she said. "We're doing it for the minimum necessary to provide that service." For example, if you used Facebook to play Zynga games, Facebook would retain the related data until you deleted your Zynga account.

Many of Facebook's privacy-related changes have come in direct response to user feedback, according to Egan, and in the wake of an audit by the Irish Data Protection Commissioner's Office, which, Egan said, "encouraged us to enhance our data use policy to be even more detailed about how we use information." The Irish recommendations carried substantial weight, since Facebook in September 2010 designated Facebook Ireland to be in charge of all data pertaining to users outside of the United States and Canada.

Facebook last year agreed to have its privacy practices audited every two years by an external firm for the next 20 years. That was one stipulation of its settlement agreement with the Federal Trade Commission over charges that 2009 privacy changes "deceived consumers by telling them they could keep their information on Facebook private and then repeatedly allowing it to be shared and made public."

"I'm the first to admit that we've made a bunch of mistakes," said Facebook founder and CEO Mark Zuckerberg, commenting on the November 2011 settlement.

With Facebook set to go public this Friday, it appears that he may have taken some of those privacy mistakes--and regulators' related demands--to heart, including making it simpler for people to know exactly what Facebook knows about them.

During the Q&A session, for example, and in response to a user's question about how they could see what Facebook knows about them, Egan detailed the "Download a copy of your Facebook data" tool. "On your page, go to your Account Settings, and at the bottom, you can [click a link to] basically download the information that we have," she explained.

Listed information can include photos, posts, messages, lists of friends, chat conversations, and other items, and she said this information would be especially useful for anyone who was attempting to delete specific types of information from their Facebook profile. "If you want to see what we still have, after you've taken those [deletion] steps, you can see what we have."

The page doesn't list every piece of information that Facebook retains about a particular user, but Egan said that new types of information would continue to be added. She noted that it "wasn't easy" to distill all of the user information collected by Facebook in such a clear and easily accessible manner. "I really feel we're leading the industry in this," said Egan.

The Enterprise 2.0 Conference brings together industry thought leaders to explore the latest innovations in enterprise social software, analytics, and big data tools and technologies. Learn how your business can harness these tools to improve internal business processes and create operational efficiencies. It happens in Boston, June 18-21. Register today!

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2014-12-26
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-2062. Reason: This candidate is a reservation duplicate of CVE-2010-2062. Notes: All CVE users should reference CVE-2010-2062 instead of this candidate. All references and descriptions in this candidate have been removed to pre...

Published: 2014-12-26
Multiple heap-based buffer overflows in VideoLAN VLC media player before 1.0.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) A/52, (2) DTS, or (3) MPEG Audio decoder.

Published: 2014-12-26
VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) AVI, (2) ASF, or (3) Matroska (aka MKV) demuxer.

Published: 2014-12-26
The parse_track_node function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty location element in an XML Shareable Playlist Format...

Published: 2014-12-26
The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted archive.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.