Sophos Cloud Optix
As we reported recently, Facebook has been asking its users whether they think it is trustworthy (whatever that means), but it’s not actually sharing the results.
So we ran our own poll of how many people trust Facebook and hereby present the results.
(NB: to be clear, we once again hereby define “people” as being “our readers.”)
As of 15 January, out of 3,468 Naked Security-reading respondents, 0.52%, or 18 readers, reported that they find Facebook “extremely trustworthy”.
One commenter on the poll was curious as to the poll demographics.
Or, rather, as “Ghostie Withpurplehair” clarified, s/he was “mostly curious as to who actually voted for ‘Extremely trustworthy'” and whether they might be interested in real estate proposals:
Do they work for facebook, or should I start working on some deeds to the Brooklyn Bridge?
Here are the full poll results:
How trustworthy is Facebook overall?
- Not at all trustworthy 72.96% (2,530 votes)
- Slightly trustworthy 20.01% (694 votes)
- Somewhat trustworthy 5.62% (195 votes)
- Very trustworthy 0.89% (31 votes)
- Extremely trustworthy 0.52% (18 votes)
- Total Votes: 3,468
As many story commenters pointed out, the results of this poll are utterly skewed.
One such, “empp”, had this to say:
People who are concerned about security are much more likely to view articles on this site and less likely to trust any site blindly. The results are definitely skewed. I would be interested in how people have responded to the poll on facebook since the demands of that situation are different and regular users may not be as likely to express their skepticism there. I would suspect it is not as positive as they would like, otherwise they might be more inclined to release them.
Empp, I too would be interested in seeing the results of Facebook’s inquiry.
I’d be particularly interested to see how large is the discrepancy between the general Facebook user population and a population that takes the time to read about Facebook’s and other companies’ security lapses and such companies’ approaches to user privacy.
Those who don’t read security blogs such as Naked Security are, one assumes, far less likely to read about Facebook’s transgressions, such as when the service has revealed things such as someone’s friends list even if it’s set to private, for example.
Would it be wrong to assume that people who actually read about security know what they’re talking about when they report that they find Facebook untrustworthy? I don’t think so.
Your thoughts? Please share in the comments section below.
“empp” is of course right in a funny way; Only the alert and reasonably intelligent minds do care about internet security. Those who *do* trust facebook fully and entirely must be totally unaware of how the service works and, equally unaware of the internet and computers work. To call the results of this poll skewed is praising ignorance and low intelligence.
Regardless on which site the poll had been conducted on, the results are skewed. It might not really be a bad thing that it is either. I would fully agree with what you’re saying in this comment if you had taken out your last sentence.
Something I’ve noticed with Facebook and its privacy settings is that, if you have your future posts set to only be visible to “Friends”, but on a single occasion you decide you want to make your post “Public”, this immediately changes your “all future posts” setting to “Public” as well. Talk about taking liberties! Just one to watch out for 😉
I can add to that… If you use a mobile device (or two) as well as a PC, sometimes the mobile device has it’s own settings and Facebook uses the most ‘Public’ from all devices for future posts i.e. My PC and iPod were set to ‘Friends’ but my Android was set to ‘Public’; guess which one Facebook opted to use for all devices following the use of the Android that one time…
If you change the setting immediately after posting, the settings for subsequent posts are not affected. New posts pick up the setting last used afresh on a post, which is logical in its way. But really superb would be if Facebook allowed us to choose the default setting that posts would pick up unless we specify otherwise.
It’s wrong to ever ASSUME, period!
I agree totally. In forensics is a saying ABC. Assume nothing, believe nothing/nobody, check everything.
I wouldn’t, and don’t trust Facebook, Google or anyone else who is in the business of making money, and that goes for Bankers too.
Ah…so presumably you don’t make money? What are you…on welfare? Or do you not trust yourself, and beat yourself up every night for being one of those Greedy People™ who actually (gasp!) makes money?
What about the people who provide you with food, clothing, electricity, the computer or other device you used to post here, and any of the other goods or services that improve the quality of your life? They make money, or they wouldn’t be able to stay in business. Are you saying you don’t trust any of them?
And what about Sophos? They provide this awesome newsletter to help folks keep informed about security issues, and they wouldn’t be able to do that unless they were in business to make money. I guess you don’t trust them either…but then, why are you reading NakedSecurity?
There is nothing intrinsically wrong with making money. Everyone does it. As long as the goods or services one provides in exchange for money are valued by the people who buy them — and as long as the transactions are voluntary — what’s not to trust?
Making a living and making money are two different things, I believe Suzanne was talking about those that just make money, regardless of any moral considerations. Most of us call those people evil. If you don’t regard people who make money regardless as evil, then it’s time to examine your own moral compass my friend.
There is nothing wrong with my moral compass, my friend. I have no quarrel with Suzanne’s objecting to making money from immoral transactions, but that’s not what her post said. She made no distinction between making a living and making money. Besides, unless you live in a barter economy, it’s impossible to make a living without making money.
My comment makes it explicitly clear that I’m using the term “making money” in connection with those who provide goods and services that their fellow humanoids find valuable, and that they purchase voluntarily—i.e., without coercion (force or fraud). That makes such transactions moral.
I was responding to a comment that made no such distinction, broadly painted ALL people who make money with the “untrustworthy” brush, and made no mention of any moral considerations, let alone providing any definition of morality. I did not ascribe to her comments things she did not say.
If Facebook had to ask that question then it’s rather concerning but I think they were hoping that the results would specifically be from the type of person who downloads any app without a concern (or perhaps knowledge) of what data they might be collecting.
In my experience, ‘Trustworthy’ and ‘Honest’ are two words that very distrustful and dishonest people use to describe themselves.
Wow, do I sound paranoid?
I would NOT trust them at all, you just have to look at the new permissions requested by the new android app to wonder what us going on…
Access to read all your private text messages and remotely switch on your phone’s camera and microphone..
I have backed up the previous apk file and like many others won’t update, and if need be will dump FB. If they don’t stop all this they will end up as a has been social network…
I think you missed the word “about” in the last main paragraph – “Would it be wrong to assume that people who actually read about security know what they’re talking when they report that they find Facebook untrustworthy? I don’t think so.”
“….talking about when ….” I’m happy for you to call me dim if I tell you it took me a while to figure it out! Durrr
You would be correct 🙂 It’s now fixed.
trust. no one.
Of course we still need to bare in mind that the poll done by facebook may be biased in the other direction. I, for example, do not trust facebook and thus do not use it. I haven’t answered their poll either.
Surely, something is either trustworthy or not trustworthy. How can you have slightly or very?
Trust is not boolean.
I trust that software vendors don’t want vulnerable code but that trust isn’t blind enough to preclude me from deploying AV software, firewalls, etc.
As an InfoSec professional, I have a level of trust that corporate policies will be followed but not so much that we don’t do audits or implement technologies to enforce them. For instance, we have a password policy; it’s part of trusting users with access to our systems. But that trust is enforced by password controls around length, complexity, and expiration. Further, that trust is limited to only the areas the users are authorized to access.
Segregation of duties involves people that are trusted enough to create or approve transactions, but not both.
Change control exists because we trust the changes enough to implement them but not so much that we understand there could be fallout.
If you want more exacting results, you should really have had a 2-fold poll.. one for if we trust facebook.. but another for “we dont trust facebook at all, but we use it because theres not much choice apart from not at all.”
Facebook, is dead. It had a limited lifespan as as all us oldies are on it, no self respecting teen is going anywhere near it, unless its to keep ma and pa from guessing what they’re really up to.
I’d trust FB to announce that all its users trust it.
What does “trustworthy” mean?
Facebook?! Privacy ?! Better watch your butt. Why is Facebook worth big bucks, after all?! Security ? Everything gets sloppy vey quickly.
You? “Fun” poll. No more.
There are more serious analytical questions to ask if proper surveys are to be done, and such a survey would be difficult with this subject in any case.
I created a Facebook account about two years ago, then closed and deleted it after only a month (or thereabout) because during that time Facebook changed it’s privacy settings rules twice.
I took note that the time it was taking me to keep up on it’s privacy rules, and then to act on them, was more than I was willing to invest. I also took note that the amount of time that lapsed, between their newly implemented rules and the user’s acting properly upon them, was all the time they needed in order to exploit those folks.
That in mind, it occurred to me that those rules must have been designed just for that purpose, or so it seemed…and so, I deleted my account.
I have learned that Facebook has done this more than once, and with each change they purport to do so with all user’s privacy concerns in mind.
If this is true, members there should not have need to complain of deceit when they’ve set their privacy settings to block certain users. Right? Of course right…you would think.
Distrust and discontent comes about when members there learn that Facebook changes privacy rules that affect their current settings, such that the settings they had in place already, which had them believe they would be protected from certain prying eyes, had in fact been overruled…by the “new” rules Facebook put in place.
Why would some business enterprise do this, if not on purpose? I can’t think of a reason.