Facebook makes changes to privacy policy

Powered by SC Magazine
 

As rogue AV scam hits site.

Facebook has allowed users to remove payment details and revamped the ‘add a location' section of its privacy policy.

In an update to its controversial privacy policy and statement of rights and responsibilities, deputy general counsel for Facebook Michael Richter claimed that the site is the only major online service that posts all proposed changes to its governing documents before they go into effect and solicits feedback from its users, and that user comments to its privacy policy "have been invaluable to the process".

He said: “We're proposing another set of revisions to our Privacy Policy and Statement of Rights and Responsibilities to make way for some exciting new products we're contemplating. Not all of these products have been finalised and many aren't yet built at all. However, we've definitely identified some interesting opportunities to improve the way you share and connect with the people and things in your life.”

Amongst the changes on 'information we collect when you interact with Facebook', it has now changed its policy to state that it keeps track of "some of the actions you take on Facebook, such as adding connections (including joining a group or adding a friend, becoming a fan of a Facebook page, joining a group or an event), creating a photo album, sending a gift, poking another user, indicating you 'like' a post, attending an event, or authorising an connecting with an application".

In 'information from other users', it has removed the line which states "you can limit who can see that you have been tagged in a photo or video – which we refer to as photos or videos 'of me' – in your privacy settings".

The most notable change comes to the section that was formally known as ‘Information You Share With Third Parties', and has been rephrased as ‘sharing information on Facebook'. It has removed sentences that specify that it has designed its privacy settings to enable how users share their information on Facebook, and that users should review the default privacy settings to make sure they reflect their preferences.

The details on sharing contact and personal information have been clarified to specify that no information is required except for an email address, and it recommends review of users' personal settings.

Following the enhancement of application notifications, it has changed the language to ensure that users are aware that Facebook has no control over applications. It has also cleared up the language regarding an application's right to general information on a user.

Richter said: “In the proposed privacy policy, we've also explained the possibility of working with some partner websites that we pre-approve to offer a more personalised experience at the moment you visit the site. In such instances, we would only introduce this feature with a small, select group of partners and we would also offer new controls.”

However, blogger Nick O'Neill, writing on the allfacebook.com blog site, was critical of this announcement, claiming that while a user may never have signed up for a specific site, Facebook may begin giving away their data without their permission.

He said: “While Facebook usually launches privacy settings that give the users more granular control, there are also occasions during which the company crosses the line and this could end up being one of those instances. Facebook's current defence for this new program is that ‘in such instances, we would only introduce the feature with a small, select group of partners and we would also offer new controls'.

“Granted, we are not totally clear about the instances in which Facebook will share your information, but it's pretty clear that this is another sort of ‘opt-out' feature that led to a heated privacy debate years ago. In addition to potentially sharing your data with participating sites the moment you visit them, Facebook is announcing some other privacy changes, including a previous emphasis on adding ‘a location to something you post'.

“Despite the exciting product launches that are implied by Facebook's proposed updates to the privacy policy and statement of rights and responsibilities, there are some aspects that many users will be concerned about. The most concerning is Facebook's decision to enable users to be automatically logged into sites by default without their approval.”

F-Secure has also warned of a rogue anti-virus that one of its analysts saw "wreaking havoc on a friends list". It claimed that once installed on one friend's account, the application tags 20 friends into a picture and if a friend looking through the photos then clicks on the application's link, they will see a request to allow access to ‘Anti-Virus in Focebook' (sic).

A user with a lot of friends may end up with a series of albums. F-Secure claimed that Facebook is already in the process of removing and preventing such rogue apps.

See original article on scmagazineuk.com

Copyright © SC Magazine, US edition


 
 
 
Top Stories
There's no coke and hookers in the cloud
[Blog post] Where did the love go?
 
The True Cost of BYOD - 2014 survey
Twelve months on from our first study, is BYOD a better proposition?
 
Five zero-cost ways to improve MySQL performance
How to easily boost MySQL throughput by up to 5x.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  68%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  11%
 
Denial of service attacks
  6%
 
Insider threats
  12%
TOTAL VOTES: 1045

Vote