01:20 PM

Facebook Tries Again On Sponsored Stories Settlement

New proposed settlement terms call for plaintiff payments, increased user control over content. Meanwhile, Facebook urges judge to dismiss proposed $15 billion class action lawsuit over tracking practices.

Cue take two for a proposed Facebook settlement over the social networks' Sponsored Stories program, which was the subject of a class action lawsuit filed on behalf of users whose names and images were used for advertising purposes without their permission.

In a surprise turn of events, the first proposed settlement was blocked in August by U.S. District Court Judge Richard Seeborg, who voiced "serious concerns" with a provision in the settlement that guarantees that the plaintiffs' lawyers will receive up to $10 million in attorneys' fees from Facebook.

Given that the settlement amount being offered to consumers affected by Sponsored Stories was also $10 million, Seeborg asked whether the lawyers representing consumers "may 'have bargained away something of value to the class'"--meaning they may not have demanded enough money from Facebook--and asked to know how negotiators had arrived at their total $20 million settlement amount.

[ Wondering how to handle those annoying Facebook newsfeed highjacks? Read Attack Of The Rude Facebook Shoes. ]

Critics of the settlement also questioned why all of the settlement money--beyond attorney fees and related costs--was set to go not to affected consumers, but rather to six organizations that deal with consumers' privacy rights: Consumer Federation of America, Electronic Frontier Foundation, Campaign for a Commercial-Free Childhood, Center for Democracy and Technology, Rose Foundation, and the Stanford Law School Center for Internet and Society.

But that could change, as the amended settlement filed Friday now says that affected consumers will receive "a one-time cash payment equal to $10." If more than one million consumers make a settlement-related claim, the $10 million will be split evenly between them. If the settlement amounts drop to less than $5, however, the settlement administrator can either split the money equally between all claimants, or instead distribute all of the money to the aforementioned privacy organizations.

Other settlement changes include Facebook providing consumers with an easily accessible way to review all of their Sponsored Stories interactions, including any related content of theirs that may have been used. Facebook would also revise its terms of service to make clear that any user agrees to give Facebook "permission to use your name, profile picture, content, and information in connection with commercial, sponsored, or related content (such as a brand you like) served or enhanced by us." In other words, Facebook will tell users that they "permit a business or other entity to pay us to display your name and/or profile picture with your content or information."

Meanwhile, anyone under the age of 18 who uses Facebook would be attesting that their parent or legal guardian has agreed to those terms. That said, when Facebook knows about users' family relationships--for example, when a user designates themselves to be the parent of a minor who's also a Facebook user--it will allow the parent to opt their child out of Sponsored Stories. "Where a minor user indicates that his or her parents are not on Facebook, Facebook will make the minor ineligible to appear in Sponsored Stories until he or she reaches the age of 18, until the minor changes his or her setting to indicate that his or her parents are on Facebook, or until a confirmed parental relationship with the minor user is established," reads the revised settlement.

In other lawsuit-related Facebook news, an attorney for the social network Friday urged a judge to dismiss a separate $15 billion class action lawsuit against the company, which consolidated lawsuits filed in 10 different states. The lawsuit accuses Facebook of tracking users' online behavior even after they'd left the social network's website.

Facebook attorney Matthew Brown told U.S. District Judge Edward Davila that the complaint against Facebook--in what's known as the "In re Facebook Internet Tracking Litigation" case--contained an "utter lack of allegations of any injury to these particular named plaintiffs," reported Bloomberg. Because the plaintiffs hadn't demonstrated that anyone had been harmed, Brown recommended that the lawsuit be dismissed.

But Stephen Grygiel, a lawyer for the users, disputed that no harm had been done, telling the court that "through a trick," Facebook had intercepted communications with other websites, reported Bloomberg. "Nowhere in Facebook's privacy policies does the company say, 'We are involved in your communication with third-party websites after you log out,'" he said.

Benchmarking normal activity and then monitoring for users who stray from that norm is an essential strategy for getting ahead of potential data and system breaches. But choosing the right tools is only part of the effort. Without sufficient training, efficient deployment and a good response plan, attackers could gain the upper hand. Download our Fundamentals Of User Activity Monitoring report. (Free registration required.)

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
According to industry estimates, about a million new IT security jobs will be created in the next two years but there aren't enough skilled professionals to fill them. On top of that, there isn't necessarily a clear path to a career in security. Dark Reading Executive Editor Kelly Jackson Higgins hosts guests Carson Sweet, co-founder and CTO of CloudPassage, which published a shocking study of the security gap in top US undergrad computer science programs, and Rodney Petersen, head of NIST's new National Initiative for Cybersecurity Education.