Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

6/17/2010
02:01 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Privacy Groups Push More Changes To Facebook

While acknowledging recent revisions to the social network, 10 advocacy groups say the site hasn't gone far enough to protect users' privacy.

Dissatisfied that the social networking giant did not go far enough in its recent updates, 10 advocacy groups Wednesday submitted an open letter to Facebook CEO Mark Zuckerberg requesting that it make six more changes to its privacy policies.

"We are glad to see that Facebook has taken steps in the past weeks to address some of its outstanding privacy problems," the letter said. "However, we are writing to urge you to continue to demonstrate your commitment to the principle of giving users control over how and with whom they share by taking these additional steps."

Participating groups included the ACLU of Northern California; the Center for Democracy and Technology; the Center for Digital Democracy; Consumer Action; Consumer Watchdog; Electronic Frontier Foundation; Electronic Privacy Information Center; Privacy Activism; Privacy Lives; and the Privacy Rights Clearinghouse.

The recommendations include allowing users to decide which applications access their personal data; making instant personalization opt-in by default, instead of using its current opt-out format; and giving users control over all the information they can share over Facebook, including name, profile picture, network affiliations, and gender. Today, Facebook users must make this information public and users cannot choose to hide their profile photo or gender, for example.

"One issue that must be resolved is the 'app gap': the fact that applications and web sites that use the Facebook Platform can access a user's information if that user's friend -- and not the user herself -- runs the app or connects with the site," the letter said. "Facebook's latest changes allow users a 'nuclear option' to opt out of applications entirely. While this is an important setting, it is not adequate for meaningful control. Facebook users should also have the option to choose to share information only with specific applications."

The recommendations also returned to a familiar theme: That of third-party sites and privacy. Facebook should not keep information about specific visitors to third-party sites that use social plug-ins or Facebook's like button unless users specifically opt to interact with those tools, the letter stated.

"What has gone largely unannounced is that these plug-ins provide Facebook with information about every visit to the site by anyone who is logged in to Facebook, whether or not the visitor ever interacts with the plug-ins or clicks on the 'like' button at all," the group wrote.

In a year that already has seen several widely publicized attacks on Facebook users -- including an adware infection in May -- the advocacy groups recommend that Facebook use an HTTPS connection, by default, for all interactions to protect Facebook users from other threats. And users who become disenchanted with the site should be given simple tools that enable them to remove their information from Facebook, the letter said.

"Facebook users communicate a wealth of private information -- from personal messages and photos to the content they share with just a few friends -- on the service. However, by default, this information is sent over the Internet in unencrypted fashion, potentially allowing it to be intercepted by other parties," the letter said.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-29367
PUBLISHED: 2020-11-27
blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data.
CVE-2020-26245
PUBLISHED: 2020-11-27
npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or sani...
CVE-2017-15682
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.
CVE-2017-15683
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.
CVE-2017-15684
PUBLISHED: 2020-11-27
Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerability which allows unauthenticated attackers to view files from the operating system.