Facebook leaks more private data: deja  vu all over again

Filed Under: Facebook, Privacy, Social networks, Vulnerability

The F, A, C, E, B, O, and K keys on my keyboard are becoming well worn. The Wall Street Journal is reporting another major privacy gaffe by Facebook and a few other social networking sites. This time, counter to its own privacy commitments, the site leaked information that identified individual users to third-party advertisers.

xkcd.com 743

Some of the other sites named leaked unique IDs related to users, but the case with Facebook is more concerning. Facebook requires everyone to use their real identities, and since December 2009 has forced users to share a lot more personally identifiable information with the world.

To date, Facebook insists it has not intentionally released this information and has made changes to prevent this data leakage. My personal view is that this relates to a cultural issue inherent at Facebook and other social media companies.

Designing applications and systems that are entrusted with people's personal data requires an embedded sense of responsibility. We at Sophos live that value every day, making sure we put "best protection" ahead of all other business goals. By choosing our solutions, you have placed your trust in us, and we have an obligation to do our best to deliver that promise.

Mark Zuckerberg has demonstrated that this is not the goal of Facebook. Only when others do audits and raise a media fuss does Facebook consider the impact and make changes. It is not part of their culture to defend their customers' privacy. When your business is focused on collecting private data, you have a responsibility to protect information.

It's been a bad month for Facebook and I hope this is a wake up call for those who make decisions regarding our security and privacy. Facebook should first commit to a full audit of its systems to make sure it complies with its own policies, and then spend some time listening to its customers' feedback.

Creative Commons image courtesy of xkcd.com.


You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.