Facebook privacy changes receive tentative support

Facebook's revised privacy settings have been met with general approval, although commentators believe more can and should have been done.

Writing on Forbes.com, security blogger Bruce Schneier pointed the finger at social networking websites, rather than putting the blame on younger users, who he said still care about privacy.

He said: “Yes, they're far more public on the internet than their parents: writing personal details on Facebook, posting embarrassing photos on Flickr and having intimate conversations on Twitter. But they take steps to protect their privacy and vociferously complain when they feel it violated. They're not technically sophisticated about privacy and make mistakes all the time, but that's mostly the fault of companies and websites that try to manipulate them for financial gain.”

He further claimed that on the internet, privacy options are limited to the options companies give users and how easy they are to find, claiming that it is too hard to opt out.

“As long as privacy isn't salient, and as long as these companies are allowed to forcibly change social norms by limiting options, people will increasingly get used to less and less privacy,” he said.

“There's no malice on anyone's part here; it's just market forces in action. If we believe privacy is a social good, something necessary for democracy, liberty and human dignity, then we can't rely on market forces to maintain it. Broad legislation protecting personal privacy, by giving people control over their personal data is the only solution.”

His comments echo many security experts, who felt that Facebook's move to simpler privacy settings were a mere step in the right direction. Don Smith, VP of engineering and technology at SecureWorks, claimed that the changes were definitely an improvement, but they still do not go far enough in ensuring that the default privacy settings minimise disclosure.

He said: “For example, the new ‘recommended' privacy settings expose data such as status updates to 'everyone' and photos and birthdates to 'friends of friends'. Facebook has taken some small steps in the right direction today, it remains to be seen whether others, such as Google have both the will and understanding to continue to ‘do no harm'.”

Sean Sullivan, security advisor at F-Secure, claimed that the changes were, in essence, nothing more than a cosmetic. He said: “The site remains a real opportunity for any committed cyber criminals and the new settings will do little to assuage the concerns of those that feel they are being targeted by commercial interests.

“There are no new controls to heighten privacy and protect users' information from falling into the wrong hands; all Facebook has done is institute a new layout. The new interface is designed to help users understand the numerous privacy controls that Facebook continues to add to block identified loopholes, but in reality, this is likely to have little or no impact.

“Facebook should be doing more to explain the importance of users keeping some of their personal information to themselves. Sharing is useful and even somewhat necessary to help friends find each other but there are limits. You shouldn't share too much.”

He also claimed that the website is still failing to provide adequate ‘tools', as the preview function allows users to understand the information that people can view on their page and gives just two privacy options – ‘Everyone' or to a specific person, and does not offer a tailored preview just for ‘Friends of Friends' or ‘Friends'.

“This means that while users might understand the controls, they still lack the necessary means of implementing them correctly to their personal preferences. Undoubtedly, people who voiced concerns over the visibility of private information on Facebook will continue to have concerns as the new changes have done little or nothing to prevent unwarranted access to personal information,” he said.

Amichai Shulman, CTO of Imperva, claimed that the essence of social networks is to provoke solicited, and unsolicited, interactions between individuals, and privacy does not coincide with the interests of Facebook creators or with the attitude of many Facebook users.

He said: “If social networks were about keeping private information, and controlling it, then the default would have been not to share any new piece of information and have a ‘share' or ‘publish' button that you need to explicitly click in order to make the information available to others. Users of Facebook and other social network sites need to be made aware that if they don't want strangers knowing their telephone number, address or seeing their holiday photos then don't put it on Facebook.”

He believed that Facebook has taken the right first step by introducing a simple one stop place to control privacy settings, but like others, said that there is a lot more they could do, including an audit trail that helps the user adjust security settings. He also believed that users should universally, and automatically, default all privacy controls to private and let users explicitly decide to share information.

The Electronic Frontier Foundation said that it appreciated that Facebook has taken the time to listen and respond to the public outcry over its latest privacy changes, and although last week's changes did not address all of our concerns, they are a great first step in what will hopefully be a more privacy-driven direction for Facebook.

Likewise, Privacy International claimed that its "response to the latest Facebook announcement is one of disappointment and frustration" as rather than being a bold step forward in the advancement of consumer rights, the latest changes merely correct some of the most unacceptable privacy settings on the site.

It said: “Very little has changed in terms of the overall privacy challenge that Facebook and its users need to navigate. While we acknowledge Facebook for putting right the mess that it created last December by deploying unusable settings, this latest action is only the first of many steps to be taken before the company can even hint that it understands the nature of privacy. To be clear: Facebook did not simplify its privacy settings. It merely made them less complex.”

See original article on scmagazineus.com