Storify shows Facebook privacy more illusion than fact

A dustup over the republication of private Facebook status updates on Storify points to how privacy on the social network is relative and users must remain vigilant to avoid getting burned.

The online controversy started Friday when the business news site AGBeat reported that a person using Strorify's Chrome browser extension or bookmarklet could essentially copy and paste private Facebook content.

Storify is a tool for stringing together photos, videos and status updates from socialnetworks. The site is popular with bloggers and journalists.

Whatever Facebook content a person has access to can be republished on Storify. This means that private status updates from personal profiles and private groups can be copied. The ability of third-party sites or apps to breach Facebook privacy has been a concern for sometime.

In its 2012 State of the Net report, Consumer Reports warned that Facebook data is shared more widely than users may wish. "Even if you have restricted your information to be seen by friends only, a friend who is using a Facebook app could allow your data to be transferred to a third party without your knowledge," the consumer watchdog group said.

p>Facebook compares Storify to someone taking a screenshot of a post and then republishing it somewhere else on the Web. On Monday, the social network seemed to distance itself from the controversy, implying that the person copying the information has the responsibility for not sharing their friends' private updates.

"The behavior appears to result from Storify users utilizing a browser extension that essentially cuts and pastes content available to that user to the Storify site," a Facebook spokesperson said in an email. "This is not a result of the Storify application for Facebook."

[See also: 10 security reasons to quit Facebook (And one reason to stay on)]

Storify washed its hands of the controversy, saying the site does not give people access to content on the Web they would not already be able to see.

"By using our bookmarklet or Chrome browser plugin, you can indeed collect text, photos and video from all around the Web, including what is visible to you on Facebook," Storify co-founder Burt Herman said in a blog post. "That media may not have been intended for a wider audience, but it's up to you if you want to publish it more widely."

This passing of the buck to users is an example of why privacy advocates want even tougher privacy restrictions on Facebook than what is contained in a settlement the site reached with the Federal Trade Commission last year. The agreement requires Facebook to create a comprehensive privacy program and to have independent audits of its privacy practices conducted every two years.

Some privacy advocates also want Facebook to provide full access to all data collected on a user, stop creating facial recognition profiles without user consent and cease tracking users across the Web.

Consumers Union, which publishes Consumer Reports magazine, supports a national privacy law that would hold all companies to the same standards.

In the meantime, privacy advocates recommend maximizing privacy settings and to always assume that anything posted on Facebook can be seen by friends, family, employers, government agencies, health insurance companies and law enforcement.

Read more about data privacy in CSOonline's Data Privacy section.

Join the CSO newsletter!

Error: Please check your email address.

Tags Storifyapplicationssecuritysoftwaredata protectionprivacyData Protection | Data PrivacyFacebook

More about FacebookFederal Trade Commission

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts