Facebook facial recognition: New technology, old problem

Facebook's facial recognition flap is reflective of an ongoing disregard for user privacy by the site.

Facebook, oh Facebook. Will you ever learn?

In case you haven't heard by now, the social network from The Social Network is back in the spotlight for playing around with its users' privacy. Yeah -- again.

This latest Zuck-up, if you'll pardon my French, revolves around facial recognition in Facebook photos. A security firm noticed that Facebook had started using its voodoo machines (that's the technical term) to scan faces in photos and try to recognize other users. After uploading a picture, Facebook looks at all the shining smiles and searches for matches in its slightly creepy database of faces. If it sees someone who it thinks is one of your friends, it alerts you and asks if you want to "tag" them in the photo.

Heebie-jeebies aside, the real problem, as my PCWorld cohort Ed Oswald observed, is that Facebook started including users in this service without explicitly telling them -- and, equally important, without letting them decide whether they were interested in opting in. By default, everyone's part of the program; you have to take the initiative in order to opt out.

Consider, too, that as part of the program, your face is stored in some sort of centralized repository that can be accessed and matched at a second's notice. In practicality, is that going to be a real hazard? Probably not. But in principle, it's certainly a little disturbing.

To be clear, Facebook did announce the partial launch of its facial recognition program in a blog last December. (That launch came with its own set of slightly less public privacy problems.) What's new now is that Facebook has started rolling out the feature to more users in more countries -- without first giving them a heads-up. And, again, the users are all opted in by default.

Facebook has since apologized for the flub and -- to use an oddly appropriate term -- tried to save face. But how many times can Zuck and co. act first and then clean up the mess later? It's getting hard to keep track of all the times it's happened:

• In early 2009, Facebook changed its terms of service without letting anyone know. Following a massive uproar and federal complaint, the social network did an about-face and let its users vote on how to best undo the damage.

• Later that year, Facebook "simplified" its privacy options, leading to new default settings that would made your personal info public if you didn't take action.

• Last April, Facebook introduced an "Open Graph" program that shared your info with external sites by default. Sure, you could disable it, but only if you took the time to figure out how and then go through a series of involved steps.

The list goes on, but you get the point: Facebook has done this kind of thing far too many times. The game of after-the-fact apologizing is really getting old.

So come on, Zuck: What the Winklevoss are you thinking? This isn't a college dorm project any more; it's a massive service that people around the world trust with their personal data. Start making your users' interests a priority already. Enough is enough.

When not trying to decipher the privacy settings on his own Facebook page, Contributing Editor JR Raphael presides over his geek-humor galaxy at eSarcasm.com.

Tags Web services developmentapplication developmentInternet-based applications and servicesonline privacyweb servicessoftwareinternetsocial mediasocial networksFacebookprivacysecurity

Comments

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Custom Defence against targeted attacks

Deep Discovery is uniquely designed for threat detection, real-time intelligence, adaptive protection, and rapid response to combat targeted attacks and Advanced Persistent Threats (APTs).

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.