Facebook privacy changes - a missed opportunity?

Filed Under: Data loss, Facebook, Privacy, Social networks

Facebook, through the medium of CEO Mark Zuckerberg's blog, has just announced a trifecta of changes to the Facebook interface. Apparently, if you are a Facebook user, you will soon be getting:

  • tighter control over Groups , so that you can more easily share things with a limited subset of your "friends",
  • an option to download, all in one lump, everything you ever uploaded to Facebook, and
  • a dashboard amongst the Facebook privacy interface which will show more clearly which Facebook applications have what access to your data, and when each app last took advantage of that access.

As Zuckerberg breathlessly pronounces, "We hope these tools bring you more confidence as you share things on Facebook, and that your experience grows richer and more real as a result." (Please email me if you can translate this into standard American English. I am dying to know what it means.)

These changes sounds pretty good, at least on the surface. It's nice to hear Facebook actively encouraging sharing with fewer, rather than more, online friends. And it's great to see Facebook giving you a clearer mechanism for monitoring which apps you have installed, and what rights you have given them.

There are a couple of things which strike me as missed opportunities, though.

Firstly, according to Dan Goodin of The Register, Facebook will begin rolling out these changes "later on Wednesday". Since it's already Thursday in Oz, that means today.

But when I log in to my Facebook account (for research purposes only, honestly!), my News Feed is quite empty.

Wouldn't this be a great opportunity for Facebook to be communicating with me about these new, soon-to-be-released features? It would certainly cushion any surprise if I were able to read, officially and in advance, how my on-line Facebook experience will soon change.

Secondly, the ability to re-download all of the data you have ever uploaded is neat. But it's an archival feature, rather than a security feature. It makes sure you can get back materials which you may have lost, and it might be useful in a legal matter where you would like to be able to produce a record of what you uploaded, and when.

Wouldn't this be a great opportunity for Facebook to provide a more definitive interface for selectively removing information from Facebook - including a clear, item-by-item indication of when it cannot promise removal because that data item has already been shared, leased or sold on to a third party?

In short, I'd still like to see Facebook visibly turning from "the site that shares unless you are careful to ask it not to" into "the site which shares nothing until you deliberately ask it to."

In my opinion, Facebook is a big enough brand, and a big enough internet property (it certainly likes to present itself as if it were a country - the third largest sovereign independent state on Earth, if you will let it make such a claim) to begin to favour privacy and on-line safety over growth.

My message to Facebook: lead the way on privacy.

Become truly opt-in - not just on the basis that a new user opts in altogether by joining up in the first place, but on the basis that everything is locked down until a new user opens up each feature.

Don't wait until the regulators in the world's developed economies start legislating to make you do so. Take the lead. People will love you all the more in the end.

You heard it here first.

PS: why not find SophosSecurity on Facebook, for the latest security tips, on Facebook and elsewhere in your on-line life? And, since you're here, please vote in our poll below.

Should Facebook become totally opt-in?survey software

, , , , , , , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog