Facebook facial recognition: New technology, old problem

Facebook's facial recognition flap is reflective of an ongoing disregard for user privacy by the site.

Facebook, oh Facebook. Will you ever learn?

In case you haven't heard by now, the social network from The Social Network is back in the spotlight for playing around with its users' privacy. Yeah -- again.

This latest Zuck-up, if you'll pardon my French, revolves around facial recognition in Facebook photos. A security firm noticed that Facebook had started using its voodoo machines (that's the technical term) to scan faces in photos and try to recognize other users. After uploading a picture, Facebook looks at all the shining smiles and searches for matches in its slightly creepy database of faces. If it sees someone who it thinks is one of your friends, it alerts you and asks if you want to "tag" them in the photo.

Heebie-jeebies aside, the real problem, as my PCWorld cohort Ed Oswald observed, is that Facebook started including users in this service without explicitly telling them -- and, equally important, without letting them decide whether they were interested in opting in. By default, everyone's part of the program; you have to take the initiative in order to opt out.

Consider, too, that as part of the program, your face is stored in some sort of centralized repository that can be accessed and matched at a second's notice. In practicality, is that going to be a real hazard? Probably not. But in principle, it's certainly a little disturbing.

To be clear, Facebook did announce the partial launch of its facial recognition program in a blog last December. (That launch came with its own set of slightly less public privacy problems.) What's new now is that Facebook has started rolling out the feature to more users in more countries -- without first giving them a heads-up. And, again, the users are all opted in by default.

Facebook has since apologized for the flub and -- to use an oddly appropriate term -- tried to save face. But how many times can Zuck and co. act first and then clean up the mess later? It's getting hard to keep track of all the times it's happened:

• In early 2009, Facebook changed its terms of service without letting anyone know. Following a massive uproar and federal complaint, the social network did an about-face and let its users vote on how to best undo the damage.

• Later that year, Facebook "simplified" its privacy options, leading to new default settings that would made your personal info public if you didn't take action.

• Last April, Facebook introduced an "Open Graph" program that shared your info with external sites by default. Sure, you could disable it, but only if you took the time to figure out how and then go through a series of involved steps.

The list goes on, but you get the point: Facebook has done this kind of thing far too many times. The game of after-the-fact apologizing is really getting old.

So come on, Zuck: What the Winklevoss are you thinking? This isn't a college dorm project any more; it's a massive service that people around the world trust with their personal data. Start making your users' interests a priority already. Enough is enough.

When not trying to decipher the privacy settings on his own Facebook page, Contributing Editor JR Raphael presides over his geek-humor galaxy at eSarcasm.com.

Join the CSO newsletter!

Error: Please check your email address.

Tags Internet-based applications and servicesapplication developmentWeb services developmentonline privacyweb servicessoftwaresocial networkssocial mediainternetprivacyFacebooksecurity

More about etworkFacebook

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by JR Raphael

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place