Facebook's security engineering is improving, but it's still not good enough that we'd ever advise people to put private, sensitive information there," [Juan Carloz] As mentioned above, Facebook continuously changes its privacy policies which makes it all the more difficult for members to understand. The recent changes to privacy settings, which the company introduced, involved access to name, photos and friends list of members to third party Websites. This implementation of this new policy has led to the compromise of user privacy as witnessed in the recent episode where user email addresses which are supposed to be confidential was available to all members on the facebook website. For a short period of time everyone's email was put on public information, which is in clear violation of the user privacy rights. Speaking about this, Paul Suarez, a technical writer at PCWorld reported, "One of those changes [to Facebook's Privacy Policy and Statement of Rights and Responsibilities] would make it possible for Facebook to send your name, photo, friend list, and any public information about you and your friends to preapproved third-party Web sites." [Brennon Slattery] However, by mistake the portal ended up sharing the email address of all its users.

Facebook Beacon program (a clear Violation)

Facebook has also been accused in the recent past for secretly gathering information pertaining to its users activities in third party websites. This program formally known as the Facebook Beacon program, was at the center of controversy after Stefan Berteau, a Computer Associates security researcher, found that the company was exploiting its users by secretly monitoring and gathering their online activities in third party websites. This included very sensitive information such as recent purchases online and this information was shared among the user's friends list. Neither the users were informed about the program transmitting data back to facebook, nor they were provided with an opt out feature which is total violation of user rights. Beacon is an AD platform for Facebook and it monitored and gathered member activities in more than 40 associated websites including the well-known Blockbuster and Fandango websites. Upon protests from MoveOn.org and other privacy organizations and individual users, facebook modified its 'Beacon program' to include opt out features that could be enabled at the user end. However, these new changes did not work as they were expected to when Stefan Berteau tested them. "The first two cases involve the transmission of user data despite 'No thanks' having been selected on the opt-out dialog" [Juan Carlos Perez]reported Mr. Stephan while he was experimenting with Epicurious.com one of the affiliated websites of Facebook. However, what was even more shocking was "the third case, where Facebook was receiving data about my online habits while I was not logged in, and was doing so silently, without even alerting me to the cross-site communication," [Juan Carlos Perez] This case about Facebook's controversial Beacon program is a clear instance of how covertly facebook could meddle with its user's privacy.

Facebook Privacy Policies

Facebook website publishes a comprehensive privacy policy which all users of the website are supposed to read before they start sharing information on the portal. There they have listed how the information that is stored on the website is shared between friends and their party websites. It is clearly mentioned that Facebook shares personal user information with third party websites and that their activities in these affiliated websites will be reported back to their friends list unless the user specifically chooses not to. However, to make these privacy settings the user has to carefully read through the small fonts of the privacy statement. Since in most cases users are not likely to go through such laborious process to reset their default privacy settings, it is more likely that they will be automatically subjecting themselves to the privacy exploitation without having any obvious clue. Another issue with Facebook is that of it's frequent changes to it privacy policies. "We may change this Privacy Policy pursuant to the procedures outlined in the Facebook 'Statement of rights and Responsibilities'" [Facebook]

Also as the policy page states user's can tag other user's onto photo's unless the necessary options are chosen to disable the feature. This feature naturally raises concerns about third party websites featuring our photos and tagging them to us and there is no clear idea about who can access these pictures. [Harvey Jones, pg75] as and when any new changes are made to the privacy policies, the Site Governance page is automatically updated reflecting the new policies. However, to be individually notified of any policy changes one has to become a fan of the 'Facebook Site...

Also since Facebook encourages sharing of information it is possible that a user who opts out of a particular feature or deletes an account will still not be guaranteed that his personal information is no longer shared. As the policy statement reads, "Even after you remove information from your profile or delete your account, copies of that information may remain viewable elsewhere to the extent it has been shared with others, it was otherwise distributed pursuant to your privacy settings or it was copied or stored by other users." [Facebook]
Future implications

Currently facebook only uses encryption for very sensitive information such as user credit card details. Facebook has to support SSL security. This is one of the important things that should be implemented by the website. Facebook should more aggressively pursue policies that do not permit third party websites from using user photos in their advertisements. This purely commercially motivated practice has severely compromised the privacy of the users of the network. Some of its policies changes that have stirred controversy that even when a user has deleted his/her account, his personal information continues to be used. This issue has to be addressed immediately. Any user who chooses to close a Facebook account should immediately be assured that no trace of his/her information is stored or used by Facebook or any of the affiliated websites. New polices should include these important changes. As of December 9th of 2009, Facebook had announced that users of Facebook "will be prompted to make their status messages and shared content publicly visible to the world at large and search engines"(Kirkpatrick). So by default the profile and picture is accessible to anyone querying on a search engine. Brandy Barker, Facebook Director of Communications says, " by recommending more open defaults, more people will be able to connect on the site." However, this kind of an open default setting clearly undermines the privacy and the safety of the Users and this approach needs to be changed. With such a huge and growing user base facebook is all the more vulnerable for privacy and security exploitations. It is a sensible idea to make it necessary that all its users be required to provide officially verifiable identification information such as Social Security Number or other relevant information for other country users. The example of Cyworld, a social networking website based in Korea, which follows such a security procedure is a case in point. [Michael Kanellos] Such a verification process would promote user safety.

Conclusion

The Internet has revolutionized our lives. As one of the prominent social networking sites, with millions of users, Facebook facilitates communication and lets people from distant regions of the globe interact and keep in touch with each other. However, this bursting growth in user base is also attendant with problems of security and privacy and safe data management. As discussed above, current privacy policies and default settings are not in the best interests of the user. It is obvious that commercial interests have overridden user privacy concerns in Facebook. Targeted marketing by their party websites and monitoring of user browsing and internet activity on these affiliated agencies have created user concerns about the safety and dependability of Facebook as a safe social networking media. The ease of account creation without any verification and possibility of fake profiles has created a safe haven for dangerous pedophiles and serial killers to lure the unsuspecting adolescent. New privacy regulations have to be implemented and new requirements including user identity verification should be enforced to prevent misuse of the media. Complete SSL security should also be implemented. Default privacy settings should be made user friendly and should therefore be based on the best interests of the user. Under the current circumstances of operation there is no question of doubt that Facebook users face a huge threat to their privacy and personal security. Facebook needs to reform its privacy policies and security settings to provide users with an entertaining, interactive, customized and at the same time a safe social networking environment.

Bibliography

1) Facebook, 'Statistics', (2010), accessed 5th May 2010, available at, http://www.facebook.com/press/info.php?statistics

2) Helen Carter, 'Facebook killer Sentenced to life for Teenagers Murder', Accessed May 6th 2010, available at, http://www.guardian.co.uk/uk/2010/mar/08/peter-chapman-facebook-killer

3) Harvey Jones & Jose Hiram Soltren, 'Facebook: Threats to privacy', (Dec 2005, Accessed May 5th 2010, available at, http://groups.csail.mit.edu/mac/classes/6.805/student-papers/fall05-papers/facebook.pdf

4) BBC, 'Payout for False…