Risk
5/14/2012
02:30 PM
50%
50%

As Facebook Preps For IPO, Privacy Tweaks

Irish and U.S. privacy audits prompt social network to make changes ahead of its IPO.

6 Social Sites Sitting On The Cutting Edge
6 Social Sites Sitting On The Cutting Edge
(click image for larger view and for slideshow)
As Facebook founder and CEO Mark Zuckerberg prepares to take his company public on Friday, the social network is getting its privacy practices in order by making it easier for users to understand what Facebook knows about them and why.

Facebook chief privacy officer Erin Egan said Friday that the social network has been working hard to make clearer "how we use data when people use Facebook." That comment came via a blog titled "Enhancing Transparency In Our Data Use Policy," which detailed the social network's many recent privacy-related revisions.

Changes include Activity Log, a new privacy tool that lets you see in one place the information you've posted to Facebook as well as adjust who gets to view that information, according to Egan. New tips--flagged by light bulb icons--have been added to help users to understand privacy policy changes, and a new Facebook section details how the site uses cookies and similar tracking technology. "We also provide more information about how we use data to operate Facebook, to advertise, and to promote safety and security for Facebook users," she said.

[ Will you use Facebook's new App Center? Read about it at Facebook App Store: Second Time The Charm? ]

In light of Facebook's upcoming IPO, those advertising changes are especially noteworthy since they give Facebook wiggle room to expand its advertising network beyond the site. Egan said Monday in a live Q&A on Facebook, "We may serve you an ad on Facebook; we may serve you an ad off of Facebook." She said that some of those advertisements might have a social context, while some "might just be for Coke." Egan added, "We have nothing to announce today."

Also during the Q&A, Egan said Facebook has revised its data retention guidelines to be clearer, noting that it will retain advertising-related user data for up to 180 days and other data only as long as it's required. "We've added a broader statement, basically saying that we will retain your data for as long as necessary to provide services," she said. "We're doing it for the minimum necessary to provide that service." For example, if you used Facebook to play Zynga games, Facebook would retain the related data until you deleted your Zynga account.

Many of Facebook's privacy-related changes have come in direct response to user feedback, according to Egan, and in the wake of an audit by the Irish Data Protection Commissioner's Office, which, Egan said, "encouraged us to enhance our data use policy to be even more detailed about how we use information." The Irish recommendations carried substantial weight, since Facebook in September 2010 designated Facebook Ireland to be in charge of all data pertaining to users outside of the United States and Canada.

Facebook last year agreed to have its privacy practices audited every two years by an external firm for the next 20 years. That was one stipulation of its settlement agreement with the Federal Trade Commission over charges that 2009 privacy changes "deceived consumers by telling them they could keep their information on Facebook private and then repeatedly allowing it to be shared and made public."

"I'm the first to admit that we've made a bunch of mistakes," said Facebook founder and CEO Mark Zuckerberg, commenting on the November 2011 settlement.

With Facebook set to go public this Friday, it appears that he may have taken some of those privacy mistakes--and regulators' related demands--to heart, including making it simpler for people to know exactly what Facebook knows about them.

During the Q&A session, for example, and in response to a user's question about how they could see what Facebook knows about them, Egan detailed the "Download a copy of your Facebook data" tool. "On your page, go to your Account Settings, and at the bottom, you can [click a link to] basically download the information that we have," she explained.

Listed information can include photos, posts, messages, lists of friends, chat conversations, and other items, and she said this information would be especially useful for anyone who was attempting to delete specific types of information from their Facebook profile. "If you want to see what we still have, after you've taken those [deletion] steps, you can see what we have."

The page doesn't list every piece of information that Facebook retains about a particular user, but Egan said that new types of information would continue to be added. She noted that it "wasn't easy" to distill all of the user information collected by Facebook in such a clear and easily accessible manner. "I really feel we're leading the industry in this," said Egan.

The Enterprise 2.0 Conference brings together industry thought leaders to explore the latest innovations in enterprise social software, analytics, and big data tools and technologies. Learn how your business can harness these tools to improve internal business processes and create operational efficiencies. It happens in Boston, June 18-21. Register today!

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8551
Published: 2014-11-26
The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via crafted packets.

CVE-2014-8552
Published: 2014-11-26
The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to read arbitrary files via crafted packets.

CVE-2014-1421
Published: 2014-11-25
mountall 1.54, as used in Ubuntu 14.10, does not properly handle the umask when using the mount utility, which allows local users to bypass intended access restrictions via unspecified vectors.

CVE-2014-3605
Published: 2014-11-25
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6407. Reason: This candidate is a reservation duplicate of CVE-2014-6407. Notes: All CVE users should reference CVE-2014-6407 instead of this candidate. All references and descriptions in this candidate have been removed to pre...

CVE-2014-6093
Published: 2014-11-25
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?