Risk
6/17/2010
03:31 PM
50%
50%

Facebook Rebukes Privacy Groups

The social network argued that the steps it recently took to simplify information sharing are sufficient to protect users' privacy.

Facebook quickly responded to an open letter that a coalition of consumer privacy advocates sent Wednesday urging the online social network to take what the organizations see as critical steps to protect Facebook users' personal information.

In its rebuttal, Facebook reminded the coalition that last month it simplified procedures for controlling information sharing. The site also said it was willing to continue talking to advocacy groups and others "in a constructive dialogue about these important issues."

The coalition claims Facebook doesn't provide users with enough control over which applications on and off the site access their personal data. The group also wants Facebook to make its "instant personalization" feature an opt-in service and to use HTTPS, an Internet security protocol, for all communications by default.

Facebook's instant personalization tool shares members' profile information with third-party Web sites that are partners of Facebook. Members criticized Facebook for launching the feature without sufficient notification.

Privacy advocates contend the site should change the feature from opt-out to opt-in, meaning users should have to agree to have their information shared in advance. Facebook has rejected an opt-in strategy, focusing instead on making the procedure to block information sharing easier.

In their letter, the coalition also urged Facebook to provide users with control "over every piece of information they can share via Facebook, including their name, gender, profile picture, and networks." The group also wants Facebook users to have simple tools for taking all of their information and details of their social network off the site and to another service.

Facebook's rebuttal lists the company's steps in making it easier for users to hide information from all third-party applications and Web sites. The only information that can't be shut off is "the same information that anyone could access simply by going to a Facebook user's profile." Such information includes name, profile picture, gender, and social networks.

As to allowing users to move all personal information off the site, including details of their social networks, Facebook said that would not respect the information that others shared with that person.

"We don’t allow exporting of content that is created by others because it doesn't respect the decisions users make on Facebook about how to share their data," Facebook said. However, the site said it imposes no restrictions on people exporting content that they have posted themselves on Facebook.

The ongoing debate between Facebook and privacy advocates goes beyond a simple tit for tat. In May, 15 such organizations filed a complaint with the Federal Trade Commission and sent a letter to Congress claiming Facebook has engaged in unfair and deceptive trade practices in violation of consumer protection laws.

In addition, Congress is looking at privacy protections on Facebook and other social networks to determine whether more government regulation is necessary.

The groups signing the Wednesday letter include the ACLU of Northern California, the Center for Democracy and Technology, the Center for Digital Democracy, Consumer Action, Consumer Watchdog, the Electronic Frontier Foundation, the Electronic Privacy Information Center, Privacy Activism, Privacy Lives, and the Privacy Rights Clearinghouse.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8921
Published: 2015-03-01
The IBM Notes Traveler Companion application 1.0 and 1.1 before 201411010515 for Window Phone, as distributed in IBM Notes Traveler 9.0.1, does not properly restrict the number of executions of the automatic configuration option, which makes it easier for remote attackers to capture credentials by c...

CVE-2014-9676
Published: 2015-02-27
The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earlier does not free the correct memory location, which allows remote attackers to cause a denial of service ("invalid memory handler") and possibly execute arbitrary code via a crafted video that triggers a use after free.

CVE-2014-9682
Published: 2015-02-27
The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function.

CVE-2015-0655
Published: 2015-02-27
Cross-site scripting (XSS) vulnerability in Unified Web Interaction Manager in Cisco Unified Web and E-Mail Interaction Manager allows remote attackers to inject arbitrary web script or HTML via vectors related to a POST request, aka Bug ID CSCus74184.

CVE-2015-0884
Published: 2015-02-27
Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack for Windows before 9.10.32(T) and Service Station before 2.2.14 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.