Risk
10/8/2012
01:20 PM
Connect Directly
RSS
E-Mail
50%
50%

Facebook Tries Again On Sponsored Stories Settlement

New proposed settlement terms call for plaintiff payments, increased user control over content. Meanwhile, Facebook urges judge to dismiss proposed $15 billion class action lawsuit over tracking practices.

Cue take two for a proposed Facebook settlement over the social networks' Sponsored Stories program, which was the subject of a class action lawsuit filed on behalf of users whose names and images were used for advertising purposes without their permission.

In a surprise turn of events, the first proposed settlement was blocked in August by U.S. District Court Judge Richard Seeborg, who voiced "serious concerns" with a provision in the settlement that guarantees that the plaintiffs' lawyers will receive up to $10 million in attorneys' fees from Facebook.

Given that the settlement amount being offered to consumers affected by Sponsored Stories was also $10 million, Seeborg asked whether the lawyers representing consumers "may 'have bargained away something of value to the class'"--meaning they may not have demanded enough money from Facebook--and asked to know how negotiators had arrived at their total $20 million settlement amount.

[ Wondering how to handle those annoying Facebook newsfeed highjacks? Read Attack Of The Rude Facebook Shoes. ]

Critics of the settlement also questioned why all of the settlement money--beyond attorney fees and related costs--was set to go not to affected consumers, but rather to six organizations that deal with consumers' privacy rights: Consumer Federation of America, Electronic Frontier Foundation, Campaign for a Commercial-Free Childhood, Center for Democracy and Technology, Rose Foundation, and the Stanford Law School Center for Internet and Society.

But that could change, as the amended settlement filed Friday now says that affected consumers will receive "a one-time cash payment equal to $10." If more than one million consumers make a settlement-related claim, the $10 million will be split evenly between them. If the settlement amounts drop to less than $5, however, the settlement administrator can either split the money equally between all claimants, or instead distribute all of the money to the aforementioned privacy organizations.

Other settlement changes include Facebook providing consumers with an easily accessible way to review all of their Sponsored Stories interactions, including any related content of theirs that may have been used. Facebook would also revise its terms of service to make clear that any user agrees to give Facebook "permission to use your name, profile picture, content, and information in connection with commercial, sponsored, or related content (such as a brand you like) served or enhanced by us." In other words, Facebook will tell users that they "permit a business or other entity to pay us to display your name and/or profile picture with your content or information."

Meanwhile, anyone under the age of 18 who uses Facebook would be attesting that their parent or legal guardian has agreed to those terms. That said, when Facebook knows about users' family relationships--for example, when a user designates themselves to be the parent of a minor who's also a Facebook user--it will allow the parent to opt their child out of Sponsored Stories. "Where a minor user indicates that his or her parents are not on Facebook, Facebook will make the minor ineligible to appear in Sponsored Stories until he or she reaches the age of 18, until the minor changes his or her setting to indicate that his or her parents are on Facebook, or until a confirmed parental relationship with the minor user is established," reads the revised settlement.

In other lawsuit-related Facebook news, an attorney for the social network Friday urged a judge to dismiss a separate $15 billion class action lawsuit against the company, which consolidated lawsuits filed in 10 different states. The lawsuit accuses Facebook of tracking users' online behavior even after they'd left the social network's website.

Facebook attorney Matthew Brown told U.S. District Judge Edward Davila that the complaint against Facebook--in what's known as the "In re Facebook Internet Tracking Litigation" case--contained an "utter lack of allegations of any injury to these particular named plaintiffs," reported Bloomberg. Because the plaintiffs hadn't demonstrated that anyone had been harmed, Brown recommended that the lawsuit be dismissed.

But Stephen Grygiel, a lawyer for the users, disputed that no harm had been done, telling the court that "through a trick," Facebook had intercepted communications with other websites, reported Bloomberg. "Nowhere in Facebook's privacy policies does the company say, 'We are involved in your communication with third-party websites after you log out,'" he said.

Benchmarking normal activity and then monitoring for users who stray from that norm is an essential strategy for getting ahead of potential data and system breaches. But choosing the right tools is only part of the effort. Without sufficient training, efficient deployment and a good response plan, attackers could gain the upper hand. Download our Fundamentals Of User Activity Monitoring report. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-1032
Published: 2014-09-17
Cross-site scripting (XSS) vulnerability in the Euroling SiteSeeker module 3.x before 3.4.5 for EPiServer allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party inf...

CVE-2012-1417
Published: 2014-09-17
Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com.

CVE-2012-1506
Published: 2014-09-17
SQL injection vulnerability in the updateStatus function in lib/models/benefits/Hsp.php in OrangeHRM before 2.7 allows remote authenticated users to execute arbitrary SQL commands via the hspSummaryId parameter to plugins/ajaxCalls/haltResumeHsp.php. NOTE: some of these details are obtained from th...

CVE-2012-1507
Published: 2014-09-17
Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) newHspStatus parameter to plugins/ajaxCalls/haltResumeHsp.php, (2) sortOrder1 parameter to templates/hrfunct/emppop.php, or (3) uri parameter to index...

CVE-2012-2583
Published: 2014-09-17
Cross-site scripting (XSS) vulnerability in Mini Mail Dashboard Widget plugin 1.42 for WordPress allows remote attackers to inject arbitrary web script or HTML via the body of an email.

Best of the Web
Dark Reading Radio