Peter Eckersley, a senior technical staff of the EEF says, "What you don't want the world to know about, don't put it on Facebook. Facebook's security engineering is improving, but it's still not good enough that we'd ever advise people to put private, sensitive information there," [Juan Carloz]
Facebook Beacon program (a clear Violation)
Facebook has also been accused in the recent past for secretly gathering information pertaining to its users activities in third party websites. This program formally known as the Facebook Beacon program, was at the center of controversy after Stefan Berteau, a Computer Associates security researcher, found that the company was exploiting its users by secretly monitoring and gathering their online activities in third party websites. This included very sensitive information such as recent purchases online and this information was shared among the user's friends list. Neither the users were informed about the program transmitting data back to facebook, nor they were provided with an opt out feature which is total violation of user rights. Beacon is an AD platform for Facebook and it monitored and gathered member activities in more than 40 associated websites including the well-known Blockbuster and Fandango websites. Upon protests from MoveOn.org and other privacy organizations and individual users, facebook modified its 'Beacon program' to include opt out features that could be enabled at the user end. However, these new changes did not work as they were expected to when Stefan Berteau tested them. "The first two cases involve the transmission of user data despite 'No thanks' having been selected on the opt-out dialog" [Juan Carlos Perez]reported Mr. Stephan while he was experimenting with Epicurious.com one of the affiliated websites of Facebook. However, what was even more shocking was "the third case, where Facebook was receiving data about my online habits while I was not logged in, and was doing so silently, without even alerting me to the cross-site communication," [Juan Carlos Perez] This case about Facebook's controversial Beacon program is a clear instance of how covertly facebook could meddle with its user's privacy.
Facebook Privacy Policies
Also as the policy page states user's can tag other user's onto photo's unless the necessary options are chosen to disable the feature. This feature naturally raises concerns about third party websites featuring our photos and tagging them to us and there is no clear idea about who can access these pictures. [Harvey Jones, pg75] as and when any new changes are made to the privacy policies, the Site Governance page is automatically updated reflecting the new policies. However, to be individually notified of any policy changes one has to become a fan of the 'Facebook Site Governance page'. Also since Facebook encourages sharing of information it is possible that a user who opts out of a particular feature or deletes an account will still not be guaranteed that his personal information is no longer shared. As the policy statement reads, "Even after you remove information from your profile or delete your account, copies of that information may remain viewable elsewhere to the extent it has been shared with others, it was otherwise distributed pursuant to your privacy settings or it was copied or stored by other users." [Facebook]
Currently facebook only uses encryption for very sensitive information such as user credit card details. Facebook has to support SSL security. This is one of the important things that should be implemented by the website. Facebook should more aggressively pursue policies that do not permit third party websites from using user photos in their advertisements. This purely commercially motivated practice has severely compromised the privacy of the users of the network. Some of its policies changes that have stirred controversy that even when a user has deleted his/her account, his personal information continues to be used. This issue has to be addressed immediately. Any user who chooses to close a Facebook account should immediately be assured that no trace of his/her information is stored or used by Facebook or any of the affiliated websites. New polices should include these important changes. As of December 9th of 2009, Facebook had announced that users of Facebook "will be prompted to make their status messages and shared content publicly visible to the world at large and search engines"(Kirkpatrick). So by default the profile and picture is accessible to anyone querying on a search engine. Brandy Barker, Facebook Director of Communications says, " by recommending more open defaults, more people will be able to connect on the site." However, this kind of an open default setting clearly undermines the privacy and the safety of the Users and this approach needs to be changed. With such a huge and growing user base facebook is all the more vulnerable for privacy and security exploitations. It is a sensible idea to make it necessary that all its users be required to provide officially verifiable identification information such as Social Security Number or other relevant information for other country users. The example of Cyworld, a social networking website based in Korea, which follows such a security procedure is a case in point. [Michael Kanellos] Such a verification process would promote user safety.
The Internet has revolutionized our lives. As one of the prominent social networking sites, with millions of users, Facebook facilitates communication and lets people from distant regions of the globe interact and keep in touch with each other. However, this bursting growth in user base is also attendant with problems of security and privacy and safe data management. As discussed above, current privacy policies and default settings are not in the best interests of the user. It is obvious that commercial interests have overridden user privacy concerns in Facebook. Targeted marketing by their party websites and monitoring of user browsing and internet activity on these affiliated agencies have created user concerns about the safety and dependability of Facebook as a safe social networking media. The ease of account creation without any verification and possibility of fake profiles has created a safe haven for dangerous pedophiles and serial killers to lure the unsuspecting adolescent. New privacy regulations have to be implemented and new requirements including user identity verification should be enforced to prevent misuse of the media. Complete SSL security should also be implemented. Default privacy settings should be made user friendly and should therefore be based on the best interests of the user. Under the current circumstances of operation there is no question of doubt that Facebook users face a huge threat to their privacy and personal security. Facebook needs to reform its privacy policies and security settings to provide users with an entertaining, interactive, customized and at the same time a safe social networking environment.
1) Facebook, 'Statistics', (2010), accessed 5th May 2010, available at, http://www.facebook.com/press/info.php?statistics
2) Helen Carter, 'Facebook killer Sentenced to life for Teenagers Murder', Accessed…