On the Eve of the Latest Facebook Privacy Fix

  • 6

On the Eve of the Latest Facebook Privacy Fix

Category:Facebook,Information Security,Infosec Communicator,Internet Safety,Privacy,Risk,Social Networking Tags : 

Facebook is releasing its latest privacy fix on Wednesday, May 26. I don’t have high expectations for the new controls as Facebook has not shown any ability to make the controls user friendly, or really understand what their users want for privacy.

A much bigger issue is that we seem to have abrogated OUR responsibility to protect our private information.

Fundamentally, information security is about managing risk. ANY involvement in social networking increases the risk of something negative happening–whether it’s loss of privacy, cyberstalking, identity theft, embarrassment, etc. It’s up to us to manage the risk. We should not expect the same amount of privacy protection from a free service that we would get from a credit card company, hospital, etc.

Although Facebook, Google, LinkedIn are all provided “free” to us, that freedom comes with a price–reduced privacy and some tracking of our web habits.

It’s up to us what we choose to share on social networking sites. We agree to EULAs (end user license agreements) that we click through to get to the “good stuff.” We blithely provide requested personal details and install apps that ask for even more and that tell us up front that they may share our information. Do you have to publish your date of birth? Hometown? 20 favorite things? (I’m just waiting for the next Facebook posting asking us, “What’s your mother’s maiden name?” and urging us to send the posting to all of our friends!)

Yes, Facebook, Google, and the other social networking applications have a responsibility to protect our information. However, WE have the responsibility to share ONLY the information we choose.


6 Comments

Katie Weaver

May 27, 2010at 8:33 am

Ben,

Great points and I agree completely that users lacking awareness happily agree to the user license agreements and then willingly share personal information that can put them at risk for identity theft, banking fraud, etc.

I posted a similar blog last week (http://blog.awareity.com/). It is critical that end users become more responsible and accountable for protecting their personal information, rather than placing the blame on free social networks.

Dan Dornbrook

May 26, 2010at 7:28 am

Great points. I’m resisting “Facey-Face” (with apologies to the Advocate columnist from whom I stole that phrase ;>) as long as I can, but I suspect that soon the Borg will inform me that resistance is futile.

Alyssa Fox

May 25, 2010at 11:04 pm

Ben – some great points here. While I think Facebook has increasingly gotten away from what’s best for its users, we also have a responsibility in monitoring what we put out there. A big part of this is that a lot of times users simply don’t know what’s going on there.

Many social media users are involved in several forms of social media (LinkedIn, Facebook, Twitter, blogs, etc.), but think about all the ones that only use Facebook and aren’t exposed to the kind of information those other forms give about what’s happening in technology, security, and on the internet at large. And Facebook hasn’t always been as upfront and clear about their changes in security etc. as they should be for the less knowledgeable users.

    benwoelk

    May 25, 2010at 11:14 pm

    Hi Alyssa,
    I/we regularly post social media safety tips through the RIT Information Security Facebook page. We’ve developed a pretty good following (membership contests for the students helps!). IMHO, it’s a great source for relevant up-to-date information. There are other Facebook sources of online safety info, but the key is getting all of the Facebook-only users to fan/like those sites and pay attention to what’s posted.

    I agree that Facebook hasn’t always operated in the best interests of its users.
    Ben

benwoelk

May 25, 2010at 10:14 pm

Tristan,
It’s a tricky balance. Personally, Facebook has provided the vehicle for reconnecting with people I haven’t seen in decades. Professionally, I try to provide guidance to ~19K faculty and staff about how to use social media safely. My key messages are that once you put something out on the web it’s there to stay, you don’t know who will look at it, and that you need to make informed choices about what information you share.

Diaspora sounds intriguing.
Ben

Tristan Bishop

May 25, 2010at 5:49 pm

You make super great points, Ben. It has become almost like the old “Doctor, it hurts when I do this” joke.

As for me, I joined FaceBook late, 2009, with a set of assumptions, and then the rules fundamentally changed after I was significantly invested. I felt a bit like Lando when Vader “Altered the deal”. I now find I have to use FaceBook to remain in the loop socially, as it has replaced both Gmail and Evite in my circles. So I use it like some use Plaxo, to stay in touch, but not to share delicate information.

I felt compelled to contribute to the http://www.joindiaspora.com movement, just because it was so gutsy. We’ll see what they can build. But you’re right: Don’t send money to Nigeria, don’t open an “I love you” attachment and don’t put you authentications tokens on a public website.

Categories