Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

6/17/2010
02:01 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Privacy Groups Push More Changes To Facebook

While acknowledging recent revisions to the social network, 10 advocacy groups say the site hasn't gone far enough to protect users' privacy.

Dissatisfied that the social networking giant did not go far enough in its recent updates, 10 advocacy groups Wednesday submitted an open letter to Facebook CEO Mark Zuckerberg requesting that it make six more changes to its privacy policies.

"We are glad to see that Facebook has taken steps in the past weeks to address some of its outstanding privacy problems," the letter said. "However, we are writing to urge you to continue to demonstrate your commitment to the principle of giving users control over how and with whom they share by taking these additional steps."

Participating groups included the ACLU of Northern California; the Center for Democracy and Technology; the Center for Digital Democracy; Consumer Action; Consumer Watchdog; Electronic Frontier Foundation; Electronic Privacy Information Center; Privacy Activism; Privacy Lives; and the Privacy Rights Clearinghouse.

The recommendations include allowing users to decide which applications access their personal data; making instant personalization opt-in by default, instead of using its current opt-out format; and giving users control over all the information they can share over Facebook, including name, profile picture, network affiliations, and gender. Today, Facebook users must make this information public and users cannot choose to hide their profile photo or gender, for example.

"One issue that must be resolved is the 'app gap': the fact that applications and web sites that use the Facebook Platform can access a user's information if that user's friend -- and not the user herself -- runs the app or connects with the site," the letter said. "Facebook's latest changes allow users a 'nuclear option' to opt out of applications entirely. While this is an important setting, it is not adequate for meaningful control. Facebook users should also have the option to choose to share information only with specific applications."

The recommendations also returned to a familiar theme: That of third-party sites and privacy. Facebook should not keep information about specific visitors to third-party sites that use social plug-ins or Facebook's like button unless users specifically opt to interact with those tools, the letter stated.

"What has gone largely unannounced is that these plug-ins provide Facebook with information about every visit to the site by anyone who is logged in to Facebook, whether or not the visitor ever interacts with the plug-ins or clicks on the 'like' button at all," the group wrote.

In a year that already has seen several widely publicized attacks on Facebook users -- including an adware infection in May -- the advocacy groups recommend that Facebook use an HTTPS connection, by default, for all interactions to protect Facebook users from other threats. And users who become disenchanted with the site should be given simple tools that enable them to remove their information from Facebook, the letter said.

"Facebook users communicate a wealth of private information -- from personal messages and photos to the content they share with just a few friends -- on the service. However, by default, this information is sent over the Internet in unencrypted fashion, potentially allowing it to be intercepted by other parties," the letter said.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-29378
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. It is possible to elevate the privilege of a CLI user (to full administrative access) by using the password [email protected]#y$z%x6x7q8c9z) for the e...
CVE-2020-29379
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. During the process of updating the firmware, the update script starts a telnetd -l /bin/sh process that does not require authentication for TELNET access.
CVE-2020-29380
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. TELNET is offered by default but SSH is not always available. An attacker can intercept passwords sent in cleartext and conduct a man-in-...
CVE-2020-29381
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. Command injection can occur in "upload tftp syslog" and "upload tftp configuration" in the CLI via a crafted filename...
CVE-2020-29382
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. A hardcoded RSA private key (specific to V1600D, V1600G1, and V1600G2) is contained in the firmware images.