Facebook Data Use Policy email sparks security fear amongst some users

Filed Under: Facebook, Featured, Privacy

Has Facebook sent you an email about its data use policy?

Don't feel too special - they sent it to an awful lot of people.

Here's what you probably received, in an email entitled "Updates to Data Use Policy and Statement of Rights and Responsibilities":

Facebook data policy email. Click for a larger version

In case you're still unsure - that is genuinely an email from Facebook.

Yes, Facebook has just given its one billion (and counting..) users seven days to comment on a change it is making to its data use policies.

That's correct. You've only got until November 28th if you wish to respond. I'm sure that the fact Facebook has chosen to do this across a major US holiday is purely an unfortunate coincidence rather than a deliberate timing decision.

One of the company's planned changes is to change the way it handles future changes to its data use policy (which explains how the site collects and uses data about you). Facebook says it wants to ditch user voting in favour of requesting feedback in the form of comments from users.

Additionally, as The Telegraph explains, the proposed new data use policy would allow Facebook to use data from "from our affiliates or our advertising partners.. to tell us information about you" and "improve the quality of ads."

Part of Proposed Data Use Policy Redline

In all likelihood, this is part of Facebook's plan to build up a more precise picture of its many users, targeting advertisements better, and using data not only from its own site but recently acquired companies such as Instagram.

"I've received an email from Facebook. Is it a scam or a virus?"

Some people are so used to being bombarded with bogus and malicious emails claiming to come from the likes of Facebook, LinkedIn and Twitter that they don't believe the legitimate communications they receive any more.

It's unfortunate that this latest legitimate email from Facebook, which is being sent to over a billion email accounts around the globe, has caught some social networking users off-guard.

In fact, Naked Security has received queries from readers who are worried that the email could be a phishing attack, or an attempt to infect their computers with malware.

Take this example from "Laura" (we've obscured some details to protect her identity):

Reader's question to the Naked Security team

Not sure what I'm reporting but myself and loads of others on FB have received emails from FB about "Data use policy"
I never opened mine but deleted it.
Is it a scam or a virus?
Have you received other complaints about it?
I see below you want URL etc, but a bit nervous to open the link to copy for you

Laura, although it would be perfectly possible for a malicious hacker to spam out a message pretending to be from Facebook, and they could even ape its wording, look-and-feel etc, I suspect that you've received the real thing.

Maybe if Facebook wants more users to respond and feedback regarding the changes to its data use policy it should display a message as users log into the site. That would, at the very least, go some way to reassure them that the emails are legitimate.

And, of course, it may encourage more feedback from users regarding the changes. As I imagine that's what Facebook wants, right?

, , ,

You might like

9 Responses to Facebook Data Use Policy email sparks security fear amongst some users

  1. -kg- · 518 days ago

    I received that email, along with many others, I'm sure. I felt safe to open and read it, since Hotmail seems very capable in discerning whether an email purportedly from FB is legitimate or not.

    The point is, I NEVER click on a link in an email, whether legitimate or not. I'm perfectly capable of navigating to the referenced page sans the "convenience" of a link. Were that more people aware of the tactic, but I've long realized (as have those who generate malicious emails) that not everyone is as Internet savvy as I.

    While FB is popular among my friends and a convenient way to keep in touch with them, I become more inclined to make the complete switch to Diaspora and leave the morass behind. Most of FB's recent "improvements" range from annoying to potentially dangerous, presenting the possibility of enhancing the activities of stalkers and criminal opportunists.

    Recent events beg me to wonder how much more time will transpire before FB joins its peer, Myspace, in the obscurity of Internet history? While Myspace still exists, it's become a veritable graveyard.

    • Jocelyne · 515 days ago

      Since you are savvy... and I'm glad to hear it... can you tell me what I can do with my 95+ photo ALBUMS, not individual photos, should I choose to leave Facebook? I also feel like everything I ever posted there is there forever. Do you know if this is actually true and what I need to do to make it all safer? Hope to hear from you....

      • Greg · 514 days ago

        heard a representative of FB on BBC radio around a week ago stating categorically that FB does not keep such data after you shut down your account.

  2. The actual documents enraged me more as they're huge and difficult to understand: I ranted about Facebook's inability to write in Plain English: http://goo.gl/GM4Jt

  3. Ashleigh · 518 days ago

    Comments number upwards of 38,000 on the page. Will be leaving facebook if the changes come into effect. Ive had someone harassing me on facebook for over six months but he keeps making new accounts so he cant contact me again. The change to the privacy of the message button will probably mean he can contact me and intimidate me again. I will be leaving before this happens.

  4. PaulaAnne · 517 days ago

    I have always responded to their inquiries and surveys when they are at the top of my newsfeed - I am not sure why they decided to use an email this time - why the hurry? why the holidays? either open it all up - the way FB was originally created (the way it was in 2008 when I first joined, and you had to verify your identity to create an account) - or allow every single action and/or post to have a choice for privacy

  5. Guest · 517 days ago

    Best solution is: Don't use Facebook or any 'social engineering' site.

    Shame about the poor grammar used by Laura, so many misuse that word 'myself'.

  6. pamelajaye · 514 days ago

    I'm not afraid to open an email, although I didn't see this one, as I have set my mail to plain text. Text has yet to infect my machine. Sometimes it's unreadable heaps of HTML code, or links that have no actual links - just text, but at least I don't get viruses. Sadly, the mere thought of reading the Data Use (formerly Privacy Policy) makes my eyes glaze over.

  7. Matt Twain · 475 days ago

    I received the link as a notification from a friend. When I clicked on it, I went to a log-in page for Facebook. It looked legit, until I saw the beginning of the URL: "Faecbook...", not "Facebook."

    Buyer beware...

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.