Facebook bringing UAC to Web 2.0

Filed Under: Facebook, Social networks

Facebook Privacy an open book from Max-B's photostream

Canada is making its mark on the international scene and applying pressure on Facebook to do more to protect users from privacy violations by 3rd party applications. At first glance Facebook's plan doesn't look too bad, but with further thought it clearly has some issues.

First, complexity is the enemy of security (or privacy for that matter). Facebook proposes a "Which information do you wish to share with this application" style approach to give users more control. This will work the same way with end-users as it does when Vista prompts for User Account Control, which is "What do I have to do to make this go away and finish my task?" If it was only your personal privacy at risk, you could make the argument that you have been supplied with a method of being smarter, but are too lazy to care...

Second, as a Facebook user, you will have the choice whether to share your friends' information with third parties without their consent. So if my friends don't care as much as I do (and they aren't likely to), my personal information, and basically everything I am sharing with my friends and family, is open game to third party developers. This was recently demonstrated by the ACLU in a shocking way for many Facebook users.

Facebook needs to take further steps to protect user privacy, especially by requiring third-party applications to adhere to a strict privacy policy. There is no need for everyone's private information to be shared with third parties; these applications should be able to operate fully within the Web 2.0 realm. Facebook will have to perpetually deal with these problems as their monetization is based upon capitalizing on people's private information.

In closing, I admire Facebook for taking the Canadian authorities' concerns seriously, but I feel they need to go further and keep themselves a few steps ahead of the big G. Facebook acknowledges this will take them upwards of a year, and that they will pay close attention to user feedback. I encourage everyone who uses this platform to express their concerns, likes and dislikes during this process to find the right balance of fun, freedom and responsibility.

Creative Commons image courtesy of flickr photostream by Max-B

, ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.