Risk

6/17/2010
03:31 PM
50%
50%

Facebook Rebukes Privacy Groups

The social network argued that the steps it recently took to simplify information sharing are sufficient to protect users' privacy.

Facebook quickly responded to an open letter that a coalition of consumer privacy advocates sent Wednesday urging the online social network to take what the organizations see as critical steps to protect Facebook users' personal information.

In its rebuttal, Facebook reminded the coalition that last month it simplified procedures for controlling information sharing. The site also said it was willing to continue talking to advocacy groups and others "in a constructive dialogue about these important issues."

The coalition claims Facebook doesn't provide users with enough control over which applications on and off the site access their personal data. The group also wants Facebook to make its "instant personalization" feature an opt-in service and to use HTTPS, an Internet security protocol, for all communications by default.

Facebook's instant personalization tool shares members' profile information with third-party Web sites that are partners of Facebook. Members criticized Facebook for launching the feature without sufficient notification.

Privacy advocates contend the site should change the feature from opt-out to opt-in, meaning users should have to agree to have their information shared in advance. Facebook has rejected an opt-in strategy, focusing instead on making the procedure to block information sharing easier.

In their letter, the coalition also urged Facebook to provide users with control "over every piece of information they can share via Facebook, including their name, gender, profile picture, and networks." The group also wants Facebook users to have simple tools for taking all of their information and details of their social network off the site and to another service.

Facebook's rebuttal lists the company's steps in making it easier for users to hide information from all third-party applications and Web sites. The only information that can't be shut off is "the same information that anyone could access simply by going to a Facebook user's profile." Such information includes name, profile picture, gender, and social networks.

As to allowing users to move all personal information off the site, including details of their social networks, Facebook said that would not respect the information that others shared with that person.

"We don’t allow exporting of content that is created by others because it doesn't respect the decisions users make on Facebook about how to share their data," Facebook said. However, the site said it imposes no restrictions on people exporting content that they have posted themselves on Facebook.

The ongoing debate between Facebook and privacy advocates goes beyond a simple tit for tat. In May, 15 such organizations filed a complaint with the Federal Trade Commission and sent a letter to Congress claiming Facebook has engaged in unfair and deceptive trade practices in violation of consumer protection laws.

In addition, Congress is looking at privacy protections on Facebook and other social networks to determine whether more government regulation is necessary.

The groups signing the Wednesday letter include the ACLU of Northern California, the Center for Democracy and Technology, the Center for Digital Democracy, Consumer Action, Consumer Watchdog, the Electronic Frontier Foundation, the Electronic Privacy Information Center, Privacy Activism, Privacy Lives, and the Privacy Rights Clearinghouse.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Cracking 2FA: How It's Done and How to Stay Safe
Kelly Sheridan, Staff Editor, Dark Reading,  5/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10428
PUBLISHED: 2018-05-23
ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before 5.3.4, due to inconsistencies in parameter handling, is vulnerable to various instances of reflected cross-site-scripting.
CVE-2018-6495
PUBLISHED: 2018-05-23
Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1. This vulnerability could be remotely exploited to al...
CVE-2018-10653
PUBLISHED: 2018-05-23
There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
CVE-2018-10654
PUBLISHED: 2018-05-23
There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
CVE-2018-10648
PUBLISHED: 2018-05-23
There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.