Facebook Privacy: 5 Most Ignored Mistakes

A Consumer Reports survey of Facebook users reveals many people still ignore privacy controls and sharing risks. Do you understand the common mistakes that could bite back?
4. Betraying Family Privacy

Consumer Reports says that some 39.3 million U.S. Facebook users identified a family member in their profile. Not a big deal in most cases, but how many times was permission sought? Not everyone wants to be tagged in a photo or posted about. That's an issue of user thoughtfulness. But Facebook could help out here by making it easier for people to avoid involvement in sharing. Making Tag Suggest opt-in rather than opt-out would be a step in the right direction.

5. Telling Apps Too Much

Only 37% of Facebook users bother to use the site's privacy controls to limit the data apps can see about them, according to Consumer Reports' survey. And anyone can create a Facebook app. Take a good look at the information requested by Facebook apps. You might be surprised.

Sophos security researcher Chet Wisniewski in a phone interview called Consumer Reports' findings "disappointing but not surprising." As to whether or not the risks mentioned by the magazine are realistic, he said there's a lot of hype, but that doesn't mean the risks should be ignored. He said one problem with sharing he's seen has been stalking.

"A lot of young women post their movements on Facebook and don't realize their photos have GPS coordinates," Wisniewski said. He also pointed to the website as a way to underscore the risks presented by sharing location information.

Online services, Wisniewski said, could do a better job with providing privacy by default instead of as something that has to be chosen.

"Unfortunately, it's a race to the bottom when some new feature or service is introduced," he said. "It's a race to zero privacy."

As companies increase their use of cloud-based applications, IT and security professionals must make some tough and far-reaching decisions about how to provision, deprovision, and otherwise manage user access. This Dark Reading report, How To Manage Identity In The Public Cloud, examines the options and provides recommendations for determining which one is right for your organization. (Free registration required.)