Risk
6/17/2010
03:31 PM
50%
50%

Facebook Rebukes Privacy Groups

The social network argued that the steps it recently took to simplify information sharing are sufficient to protect users' privacy.

Facebook quickly responded to an open letter that a coalition of consumer privacy advocates sent Wednesday urging the online social network to take what the organizations see as critical steps to protect Facebook users' personal information.

In its rebuttal, Facebook reminded the coalition that last month it simplified procedures for controlling information sharing. The site also said it was willing to continue talking to advocacy groups and others "in a constructive dialogue about these important issues."

The coalition claims Facebook doesn't provide users with enough control over which applications on and off the site access their personal data. The group also wants Facebook to make its "instant personalization" feature an opt-in service and to use HTTPS, an Internet security protocol, for all communications by default.

Facebook's instant personalization tool shares members' profile information with third-party Web sites that are partners of Facebook. Members criticized Facebook for launching the feature without sufficient notification.

Privacy advocates contend the site should change the feature from opt-out to opt-in, meaning users should have to agree to have their information shared in advance. Facebook has rejected an opt-in strategy, focusing instead on making the procedure to block information sharing easier.

In their letter, the coalition also urged Facebook to provide users with control "over every piece of information they can share via Facebook, including their name, gender, profile picture, and networks." The group also wants Facebook users to have simple tools for taking all of their information and details of their social network off the site and to another service.

Facebook's rebuttal lists the company's steps in making it easier for users to hide information from all third-party applications and Web sites. The only information that can't be shut off is "the same information that anyone could access simply by going to a Facebook user's profile." Such information includes name, profile picture, gender, and social networks.

As to allowing users to move all personal information off the site, including details of their social networks, Facebook said that would not respect the information that others shared with that person.

"We don’t allow exporting of content that is created by others because it doesn't respect the decisions users make on Facebook about how to share their data," Facebook said. However, the site said it imposes no restrictions on people exporting content that they have posted themselves on Facebook.

The ongoing debate between Facebook and privacy advocates goes beyond a simple tit for tat. In May, 15 such organizations filed a complaint with the Federal Trade Commission and sent a letter to Congress claiming Facebook has engaged in unfair and deceptive trade practices in violation of consumer protection laws.

In addition, Congress is looking at privacy protections on Facebook and other social networks to determine whether more government regulation is necessary.

The groups signing the Wednesday letter include the ACLU of Northern California, the Center for Democracy and Technology, the Center for Digital Democracy, Consumer Action, Consumer Watchdog, the Electronic Frontier Foundation, the Electronic Privacy Information Center, Privacy Activism, Privacy Lives, and the Privacy Rights Clearinghouse.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0714
Published: 2015-05-02
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse Server 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCut53595.

CVE-2014-3598
Published: 2015-05-01
The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.

CVE-2014-8361
Published: 2015-05-01
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request.

CVE-2015-0237
Published: 2015-05-01
Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users to cause a denial of service (prevent host start) by creating a long snapshot chain.

CVE-2015-0257
Published: 2015-05-01
Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.