Sophos Cloud Optix
Facebook has just announced that they are revamping the new option for developers to gather users’ addresses and mobile phone numbers. Prior to this step, users who did not wish to provide this information had to opt out of adding the requesting application entirely. Additionally, while Facebook did alert users through their standard dialog that the application wanted access to this data, many Facebook users simply clicked through, unaware of the import of these messages.
Naked Security’s original article about this new option got a lot of attention from the blogging community this weekend. In response to Graham’s post, many Facebook users expressed their concerns, prompting Facebook to respond.
The best solution would be to permit users to provide this data, via a dropdown or checkbox, when they choose to add an application, but it should not be required. Users who want the convenience that Facebook is offering should be able to choose to share their information, but those of us who are more security conscious should be able to opt out and elect to type it in when necessary.
Facebook has been pushing the boundaries of privacy for a long time, but despite the uproar, few in the community have abandoned the service. It is great news that Facebook is responding to the outrage about this recent change, but I wonder if most users will be satisfied with their eventual solution.
People are willing to accept the constant evolution of technology, but are not always willing to accept others’ ideas of how their privacy should evolve along with it. While Facebook does alert users to the fact that this information will be shared with others, warning prompts and other pop-ups are so frequent that they are frequently ignored. Users still place a great deal of trust in Facebook, and the service has an obligation to live up to that expectation.
Creative Commons image courtesy of cluefree’s Flickr photostream.
I will not give my personal info to anyone. That's why it's called personal….What is facebook thinking?????
Excellent! That's good news.
I liked your comment, or perhaps someone else from Sophos, who said that users should be asked to opt-in for disclosing their name, phone number and address to 3rd party developers. The default would be opt-out.
In general, it is a lot more responsible, and consistent with most ethical user interfaces (and paper forms that preceded them in pre-internet days) to have the default be the minimum exposure or basic service. Then ask users what they want to disclose, or what extras to purchase. It is misleading to require a Facebook account holder (or purchaser of any product) to explicitly specify what they DON'T want to reveal (or buy) or else they'll get exploited.
One of the problems is that iin order to use some apps you must give permission for your data to be shared and apps are demanding ever-increasing access to our data. There is no opt-out other than not using the app at all.
I agree with Ellie that Facebook users should be asked to opt-in whether or not they want to provide information to third party developers. And what information they are willing to release to them.
I have made it a point to make sure only what I want to be seen is seen by others. Not everyone is as concious of this.
Thank you Sophos for all you do to alert Facebook users to the problems with Social Networking.
To get round this I have changed my phone numbers on my fb account to the Facebook Customer Service phone number….
Jane nailed the underlying issue. Apps want total access to your info and friends list. Do I offer up my personal contact list if I want to make a phone call? Why should I do it for an app?
I don’t like the thought of it even for legitimate apps, and Facebook doesn’t appear to screen the app writers. Rogue apps and scams have given them all a black eye.
my new phone number is now a rejection hotline. I no longer have a marital status and my home and past are quickly disappearing. All because they insist on sharing this information with everyone and if someone knows me they already have it so instead of embracing my network, I am quickly becoming the blank profile….eventually the games will not keep my interest enough to bother anymore
Well said Amanda …agree…..don'y think i can follow that with any thing hun ………x
I found it funny that they claimed to have "strong security expertise", and then to use that as a basis to reject all criticism.
They also seem to falsely assume that if they make the permission text big enough, people will actually read it.
Facebook's security has always been a joke, do not enter in any information you don't want made public, because in the end, that's exactly what will happen to it. We've seen this proven time and again.
Yes, Bertrice, Jane has nailed the underlying issue. While I’m an advanced user of technology, and quite security conscious, I’m very new to FaceBook – and found myself so extremely concerned the by the permissions I would have to give to use some of the apps that I just immediately left them. Thus, as Jane says, the only opt-out (for me) has been not to use any apps at all.
At this point, unless Facebook becomes extremely transparent about how ANY of our details – personal or otherwise – might be used then I, too, will be removing details as Amanda has done, and possibly even my account, because as a new user I’m not really all that invested in FaceBook yet.