Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

6/17/2010
02:01 PM
50%
50%

Privacy Groups Push More Changes To Facebook

While acknowledging recent revisions to the social network, 10 advocacy groups say the site hasn't gone far enough to protect users' privacy.

Dissatisfied that the social networking giant did not go far enough in its recent updates, 10 advocacy groups Wednesday submitted an open letter to Facebook CEO Mark Zuckerberg requesting that it make six more changes to its privacy policies.

"We are glad to see that Facebook has taken steps in the past weeks to address some of its outstanding privacy problems," the letter said. "However, we are writing to urge you to continue to demonstrate your commitment to the principle of giving users control over how and with whom they share by taking these additional steps."

Participating groups included the ACLU of Northern California; the Center for Democracy and Technology; the Center for Digital Democracy; Consumer Action; Consumer Watchdog; Electronic Frontier Foundation; Electronic Privacy Information Center; Privacy Activism; Privacy Lives; and the Privacy Rights Clearinghouse.

The recommendations include allowing users to decide which applications access their personal data; making instant personalization opt-in by default, instead of using its current opt-out format; and giving users control over all the information they can share over Facebook, including name, profile picture, network affiliations, and gender. Today, Facebook users must make this information public and users cannot choose to hide their profile photo or gender, for example.

"One issue that must be resolved is the 'app gap': the fact that applications and web sites that use the Facebook Platform can access a user's information if that user's friend -- and not the user herself -- runs the app or connects with the site," the letter said. "Facebook's latest changes allow users a 'nuclear option' to opt out of applications entirely. While this is an important setting, it is not adequate for meaningful control. Facebook users should also have the option to choose to share information only with specific applications."

The recommendations also returned to a familiar theme: That of third-party sites and privacy. Facebook should not keep information about specific visitors to third-party sites that use social plug-ins or Facebook's like button unless users specifically opt to interact with those tools, the letter stated.

"What has gone largely unannounced is that these plug-ins provide Facebook with information about every visit to the site by anyone who is logged in to Facebook, whether or not the visitor ever interacts with the plug-ins or clicks on the 'like' button at all," the group wrote.

In a year that already has seen several widely publicized attacks on Facebook users -- including an adware infection in May -- the advocacy groups recommend that Facebook use an HTTPS connection, by default, for all interactions to protect Facebook users from other threats. And users who become disenchanted with the site should be given simple tools that enable them to remove their information from Facebook, the letter said.

"Facebook users communicate a wealth of private information -- from personal messages and photos to the content they share with just a few friends -- on the service. However, by default, this information is sent over the Internet in unencrypted fashion, potentially allowing it to be intercepted by other parties," the letter said.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
6 Small-Business Password Managers
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/8/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-4108
PUBLISHED: 2019-11-14
Multiple unspecified vulnerabilities in Cryptocat Project Cryptocat 2.0.18 have unknown impact and attack vectors.
CVE-2018-12207
PUBLISHED: 2019-11-14
Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.
CVE-2019-0117
PUBLISHED: 2019-11-14
Insufficient access control in protected memory subsystem for Intel(R) SGX for 6th, 7th, 8th, 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5, v6 Families; Intel(R) Xeon(R) E-2100 & E-2200 Processor Families with Intel(R) Processor Graphics may allow a ...
CVE-2019-0123
PUBLISHED: 2019-11-14
Insufficient memory protection in Intel(R) 6th Generation Core Processors and greater, supporting SGX, may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2019-0124
PUBLISHED: 2019-11-14
Insufficient memory protection in Intel(R) 6th Generation Core Processors and greater, supporting TXT, may allow a privileged user to potentially enable escalation of privilege via local access.