Facebook erodes privacy and tightens security

Facebook launched new controls to tighten security, but also rolled out a new ad model that violates privacy.

Facebook straddles a precarious line when it comes to information security and data privacy. As a social networking site, its very existence is based on the premise of freely sharing information -- status updates, photos, likes, location check-ins -- with others. However, that sharing has to be tempered as well to ensure personal privacy is not violated. This week, Facebook simultaneously introduced a new ad model that could infringe on user privacy, while also improving security for the site itself.

Don't tell Facebook, but tomorrow is National Data Privacy Day. Actually -- Facebook is aware of the significance as noted in a recent blog post. "This Friday is Data Privacy Day, an international effort by governments, businesses and advocacy groups to raise awareness about the importance of staying in control of personal information. A key part of controlling information has always been protecting it from security threats like viruses, malware and hackers."

With that in mind, Facebook is implementing HTTPS to enable you to connect with and use the social networking site over a secure, encrypted connection. The feature adds some processing overhead and will impact performance to some extent, so Facebook is leaving HTTPS off by default and leaving it to the individual user to choose to enable it.

In addition to the encrypted surfing, Facebook is also rolling out new social authentication features to authenticate users. If Facebook detects suspicious activity, it will request additional authentication information. Rather than the traditional Captcha test, though -- with its warped text that is hard even for legitimate users to decipher, Facebook will use photos and information from your social network to validate your identity using questions that only a legitimate user should be able to answer.

More secure access to the site, and tighter authentication controls are great, and they are a great step toward achieving the goal of protecting your information from security threats like viruses, malware, and hackers. However, these security controls won't protect your information from Facebook itself.

With tomorrow being set aside for Data Privacy Day -- and with Facebook being aware of and acknowledging the event -- news that Facebook is also introducing a new "sponsored stories" ad model that co-opts user likes and location check-ins as advertisements without any consent from the user and no ability for the user to opt out seems a tad ironic.

Now, it can be argued that Facebook is not doing anything with the information that you weren't already doing. The sponsored stories advertising will ostensibly only be displayed to your friends -- with the idea being that your opinion holds some weight with your social network -- and odds are fair that your likes and location check-ins were already being shared with that group.

That said, Facebook isn't just sharing the information. It is repackaging it as an explicit, or at least implicit endorsement of the product or company buying the ad. It is that implied endorsement that is ruffling some feathers and causing privacy advocates to cry foul over the sponsored stories ad model.

So, Happy Data Privacy Day Facebook! I commend you for your continued efforts at providing a safe and secure social networking experience and the introduction of controls to prevent hackers and malware from exploiting my data. Now, if we could just work on some tools to help me protect my data from you, I think we'll be good.

Join the CSO newsletter!

Error: Please check your email address.

Tags online securityapplicationssecuritysoftwaredata protectionprivacyFacebook

More about Facebook

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tony Bradley

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place