Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

5/26/2010
03:29 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Product Watch: Facebook Reveals New Privacy Setting Changes

But social network's privacy policies remain unchanged, security experts say

Facebook announced its new privacy setting feature changes today in response to the massive backlash that came to a head over how the social network was sharing members' information with third-party websites -- and Facebook says these changes represent the final piece in the overhaul of its privacy model. So unless members revolt again, this is Facebook's final crack at privacy -- for now, anyway.

"If you find these changes helpful, then we plan to keep this privacy framework for a long time. That means you won't need to worry about changes," said Mark Zuckerberg, founder and CEO of Facebook, in a blog post.

But security experts say that while the changes do give members more control over how their personal information is shared, Facebook has not changed its privacy policies overall. Defaults remain in place for sharing with "Everyone" and include the controversial instant personalization feature, according to Chet Wisniewski, senior security adviser at Sophos.

The changes revolve around three areas: a single control for content, more powerful controls for members' basic information, and a way to turn off applications more easily. The new features will be rolled out during the next several weeks.

"The number one thing we've heard is that there just needs to be a simpler way to control your information. We've always offered a lot of controls, but if you find them too hard to use then you won't feel like you have control. Unless you feel in control, then you won't be comfortable sharing and our service will be less useful for you. We agree we need to improve this," Zuckerberg said in his blog post on the announcement today.

The single control sets who can see which content members post. Any future settings for new Facebook features will automatically default to whatever the member chooses. "So if you decide to share your content with friends only, then we will set future settings to friends only as well. This means you won't have to worry about new settings in the future," Zuckerberg said. "This single control makes it easier to set who can see all your content at once, but you can still use all of the same granular controls we've offered if you'd like."

Facebook also has minimized the amount of basic information that is available to the public. "Now we'll be giving you the ability to control who can see your friends and pages. These fields will no longer have to be public," he said.

But Zuckerberg noted that Facebook still recommends members make their basic information open to "Everyone." "Otherwise, people you know may not be able to find you and that will make the site less useful for you," he said.

The third change is in how applications and other websites can access members' information. There will now be a way to turn off "Platform" altogether, as well as a simple way to turn off instant personalization.

Sophos' Wisniewski says the new privacy page seems to eliminate confusion over what information users are sharing with others. But Facebook has not instituted any fundamental changes to its privacy model, and settings default to "Everyone."

"While we laud some of the steps that Facebook has taken today, we emphasize that the community must remain vigilant and maintain a critical eye on any change that is made to ensure that improvements continue and that gains are not lost," Wisniewski says.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21394
PUBLISHED: 2021-04-12
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identif...
CVE-2021-22497
PUBLISHED: 2021-04-12
Advanced Authentication versions prior to 6.3 SP4 have a potential broken authentication due to improper session management issue.
CVE-2021-3163
PUBLISHED: 2021-04-12
A vulnerability in the HTML editor of Slab Quill 4.8.0 allows an attacker to execute arbitrary JavaScript by storing an XSS payload (a crafted onloadstart attribute of an IMG element) in a text field.
CVE-2019-15059
PUBLISHED: 2021-04-12
In Liberty lisPBX 2.0-4, configuration backup files can be retrieved remotely from /backup/lispbx-CONF-YYYY-MM-DD.tar or /backup/lispbx-CDR-YYYY-MM-DD.tar without authentication or authorization. These configuration files have all PBX information including extension numbers, contacts, and passwords.
CVE-2021-21524
PUBLISHED: 2021-04-12
Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior to 4.5.0.1 contain an Untrusted Deserialization Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to arbitrary privileged code execution on the vulnerable application. The severity is Cr...