Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


02:01 PM
Connect Directly

Privacy Groups Push More Changes To Facebook

While acknowledging recent revisions to the social network, 10 advocacy groups say the site hasn't gone far enough to protect users' privacy.

Dissatisfied that the social networking giant did not go far enough in its recent updates, 10 advocacy groups Wednesday submitted an open letter to Facebook CEO Mark Zuckerberg requesting that it make six more changes to its privacy policies.

"We are glad to see that Facebook has taken steps in the past weeks to address some of its outstanding privacy problems," the letter said. "However, we are writing to urge you to continue to demonstrate your commitment to the principle of giving users control over how and with whom they share by taking these additional steps."

Participating groups included the ACLU of Northern California; the Center for Democracy and Technology; the Center for Digital Democracy; Consumer Action; Consumer Watchdog; Electronic Frontier Foundation; Electronic Privacy Information Center; Privacy Activism; Privacy Lives; and the Privacy Rights Clearinghouse.

The recommendations include allowing users to decide which applications access their personal data; making instant personalization opt-in by default, instead of using its current opt-out format; and giving users control over all the information they can share over Facebook, including name, profile picture, network affiliations, and gender. Today, Facebook users must make this information public and users cannot choose to hide their profile photo or gender, for example.

"One issue that must be resolved is the 'app gap': the fact that applications and web sites that use the Facebook Platform can access a user's information if that user's friend -- and not the user herself -- runs the app or connects with the site," the letter said. "Facebook's latest changes allow users a 'nuclear option' to opt out of applications entirely. While this is an important setting, it is not adequate for meaningful control. Facebook users should also have the option to choose to share information only with specific applications."

The recommendations also returned to a familiar theme: That of third-party sites and privacy. Facebook should not keep information about specific visitors to third-party sites that use social plug-ins or Facebook's like button unless users specifically opt to interact with those tools, the letter stated.

"What has gone largely unannounced is that these plug-ins provide Facebook with information about every visit to the site by anyone who is logged in to Facebook, whether or not the visitor ever interacts with the plug-ins or clicks on the 'like' button at all," the group wrote.

In a year that already has seen several widely publicized attacks on Facebook users -- including an adware infection in May -- the advocacy groups recommend that Facebook use an HTTPS connection, by default, for all interactions to protect Facebook users from other threats. And users who become disenchanted with the site should be given simple tools that enable them to remove their information from Facebook, the letter said.

"Facebook users communicate a wealth of private information -- from personal messages and photos to the content they share with just a few friends -- on the service. However, by default, this information is sent over the Internet in unencrypted fashion, potentially allowing it to be intercepted by other parties," the letter said.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/22/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
Is Zero Trust the Best Answer to the COVID-19 Lockdown?
Dan Blum, Cybersecurity & Risk Management Strategist,  5/20/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-05-25
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There are CSRF issues with the log-clear controller action.
PUBLISHED: 2020-05-25
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action.
PUBLISHED: 2020-05-25
A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 through 2.7.1402870. An attacker can upload a PHP file via dext5handler.jsp handler because the uploaded file is stored under dext5uploadeddata/.
PUBLISHED: 2020-05-25
Cybozu Desktop for Windows 2.0.23 to 2.2.40 allows remote code execution via unspecified vectors.
PUBLISHED: 2020-05-24
ffjpeg through 2020-02-24 has an invalid read in jfif_encode in jfif.c.