Risk
9/6/2013
01:07 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Facebook Postpones New Privacy Policy Rollout

After heavy criticism from users and privacy watchdogs, Facebook has delayed the date that controversial policy changes will take effect.

10 Facebook Features To Help You Get Ahead
10 Facebook Features To Help You Get Ahead
(click image for larger view)
Facebook has decided to delay its proposed policy changes after both users and privacy watchdogs denounced the updates.

"We are taking the time to ensure that user comments are reviewed and taken into consideration to determine whether further updates are necessary and we expect to finalize the process in the coming week," Facebook said in a statement. Facebook users submitted more than 10,000 comments to the blog post that announced the proposed changes last week.

The revisions to its Statements of Rights and Responsibilities and Data Use Policy clarify that by simply using the social network, users grant Facebook permission to use their name, profile picture, content and information in conjunction with ads and sponsored content without payment. It also explained how the social network uses facial recognition technology to identify you in friends' photos and to suggest they tag you.

[ How can your privacy settings protect you from nosy Facebook searchers? Read Three Facebook Privacy Settings to Check. ]

"We are able to suggest that your friends tag you in a picture by scanning and comparing your friend's pictures to information we've put together from your profile pictures and other photos in which you've been tagged," the policy reads.

Six privacy advocates, who fired off a letter to the Federal Trade Commission late Wednesday, were particularly outraged with Facebook's proposed handling of minors who use its site. According to Facebook's new policy, users under the age of 18 concede that at least one of their parents or legal guardians has also agreed to the terms on their behalf.

"Such 'deemed consent' eviscerates any meaningful limits over the commercial exploitation of the images and names of young Facebook users," the groups wrote. "The amended language involving teens -- far from getting affirmative express consent from a responsible adult -- attempts to 'deem' that teenagers 'represent' that a parent, who has been given no notice, have consented to give up teens' private information. This is contrary to the Order and FTC's recognition that teens are a sensitive group, owed extra privacy protections."

In an emailed statement to InformationWeek, a Facebook spokesperson said that a recent settlement -- in which the social network was forced to pay $20 million to resolve claims that it featured users' images in advertisements without payment or permission -- required the company to more clearly explain its policies and practices.

"We simplified the explanation to make clear how advertising works on Facebook and what exactly people can expect when it comes to how we use their name, profile picture, content and personal information," the statement said. The social network originally pegged September 5 as the day the changes would take effect.

Facebook did not specify a new date for when it will enact the new policy changes but said it will be "in the coming week."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
OtherJimDonahue
50%
50%
OtherJimDonahue,
User Rank: Apprentice
9/10/2013 | 1:33:40 PM
re: Facebook Postpones New Privacy Policy Rollout
Yes, there was quite an uproar, as I remember.

It really does seem to cross a line. Yet ... I suspect FB will get what it wants eventually.
KMBurnham
50%
50%
KMBurnham,
User Rank: Apprentice
9/9/2013 | 7:38:21 PM
re: Facebook Postpones New Privacy Policy Rollout
What's interesting is that Instagram, which was acquired by Facebook, tried exactly the same thing last year -- making changes to its policy to enable the use of user images in ads -- and users reacted in the same exact way.
moarsauce123
50%
50%
moarsauce123,
User Rank: Apprentice
9/7/2013 | 2:13:53 PM
re: Facebook Postpones New Privacy Policy Rollout
Delaying means not the same as changing their views. I think they asked their lawyers to gauge how successful lawsuits might be as well as product management as to how many users they will lose. Assuming that lawsuits are pointless it all comes down to how much more money they can make with less users. The changes will come and there will be still millions of dumb people who continue using FB.
David F. Carr
50%
50%
David F. Carr,
User Rank: Apprentice
9/6/2013 | 6:20:18 PM
re: Facebook Postpones New Privacy Policy Rollout
Good to see them thinking twice
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0485
Published: 2014-09-02
S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in (1) common.py or (2) local.py in backends/.

CVE-2014-3861
Published: 2014-09-02
Cross-site scripting (XSS) vulnerability in CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted reference element within a nonXMLBody element.

CVE-2014-3862
Published: 2014-09-02
CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in its SRC attribute, leading to information disclosure in a Referer log.

CVE-2014-5076
Published: 2014-09-02
The La Banque Postale application before 3.2.6 for Android does not prevent the launching of an activity by a component of another application, which allows attackers to obtain sensitive cached banking information via crafted intents, as demonstrated by the drozer framework.

CVE-2014-5136
Published: 2014-09-02
Cross-site scripting (XSS) vulnerability in Innovative Interfaces Sierra Library Services Platform 1.2_3 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.