Risk
9/6/2013
01:07 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Facebook Postpones New Privacy Policy Rollout

After heavy criticism from users and privacy watchdogs, Facebook has delayed the date that controversial policy changes will take effect.

10 Facebook Features To Help You Get Ahead
10 Facebook Features To Help You Get Ahead
(click image for larger view)
Facebook has decided to delay its proposed policy changes after both users and privacy watchdogs denounced the updates.

"We are taking the time to ensure that user comments are reviewed and taken into consideration to determine whether further updates are necessary and we expect to finalize the process in the coming week," Facebook said in a statement. Facebook users submitted more than 10,000 comments to the blog post that announced the proposed changes last week.

The revisions to its Statements of Rights and Responsibilities and Data Use Policy clarify that by simply using the social network, users grant Facebook permission to use their name, profile picture, content and information in conjunction with ads and sponsored content without payment. It also explained how the social network uses facial recognition technology to identify you in friends' photos and to suggest they tag you.

[ How can your privacy settings protect you from nosy Facebook searchers? Read Three Facebook Privacy Settings to Check. ]

"We are able to suggest that your friends tag you in a picture by scanning and comparing your friend's pictures to information we've put together from your profile pictures and other photos in which you've been tagged," the policy reads.

Six privacy advocates, who fired off a letter to the Federal Trade Commission late Wednesday, were particularly outraged with Facebook's proposed handling of minors who use its site. According to Facebook's new policy, users under the age of 18 concede that at least one of their parents or legal guardians has also agreed to the terms on their behalf.

"Such 'deemed consent' eviscerates any meaningful limits over the commercial exploitation of the images and names of young Facebook users," the groups wrote. "The amended language involving teens -- far from getting affirmative express consent from a responsible adult -- attempts to 'deem' that teenagers 'represent' that a parent, who has been given no notice, have consented to give up teens' private information. This is contrary to the Order and FTC's recognition that teens are a sensitive group, owed extra privacy protections."

In an emailed statement to InformationWeek, a Facebook spokesperson said that a recent settlement -- in which the social network was forced to pay $20 million to resolve claims that it featured users' images in advertisements without payment or permission -- required the company to more clearly explain its policies and practices.

"We simplified the explanation to make clear how advertising works on Facebook and what exactly people can expect when it comes to how we use their name, profile picture, content and personal information," the statement said. The social network originally pegged September 5 as the day the changes would take effect.

Facebook did not specify a new date for when it will enact the new policy changes but said it will be "in the coming week."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
OtherJimDonahue
50%
50%
OtherJimDonahue,
User Rank: Apprentice
9/10/2013 | 1:33:40 PM
re: Facebook Postpones New Privacy Policy Rollout
Yes, there was quite an uproar, as I remember.

It really does seem to cross a line. Yet ... I suspect FB will get what it wants eventually.
KMBurnham
50%
50%
KMBurnham,
User Rank: Apprentice
9/9/2013 | 7:38:21 PM
re: Facebook Postpones New Privacy Policy Rollout
What's interesting is that Instagram, which was acquired by Facebook, tried exactly the same thing last year -- making changes to its policy to enable the use of user images in ads -- and users reacted in the same exact way.
moarsauce123
50%
50%
moarsauce123,
User Rank: Apprentice
9/7/2013 | 2:13:53 PM
re: Facebook Postpones New Privacy Policy Rollout
Delaying means not the same as changing their views. I think they asked their lawyers to gauge how successful lawsuits might be as well as product management as to how many users they will lose. Assuming that lawsuits are pointless it all comes down to how much more money they can make with less users. The changes will come and there will be still millions of dumb people who continue using FB.
David F. Carr
50%
50%
David F. Carr,
User Rank: Apprentice
9/6/2013 | 6:20:18 PM
re: Facebook Postpones New Privacy Policy Rollout
Good to see them thinking twice
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3341
Published: 2014-08-19
The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 and 6000 devices provides different error messages for invalid requests depending on whether the VLAN ID exists, which allows remote attackers to enumerate VLANs via a series of requests, aka Bug ID CSCup85616.

CVE-2014-3464
Published: 2014-08-19
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) 6.2.0 and 6.3.0, does not properly enforce the method level restrictions for outbound messages, which allows remote authenticated users to access otherwise restricted JAX-WS handlers ...

CVE-2014-3472
Published: 2014-08-19
The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles, which allows remote authenticated users to bypass access restrictions via unspecified vectors.

CVE-2014-3490
Published: 2014-08-19
RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and have...

CVE-2014-3504
Published: 2014-08-19
The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Dark Reading continuing coverage of the Black Hat 2014 conference brings interviews and commentary to Dark Reading listeners.