Some Thoughts on Facebook, Security, and Privacy

There’s been quite a firestorm about Facebook and its issues with protecting user privacy. In particular, Facebook has been changing their Terms of Service (ToS) to just about let them do anything with any and all data you provide. I personally find the trade-offs involved to be worth it for the convenience of being able to quickly and easily share information with a wide group of friends, family, and acquaintances, though some have gone so far as to delete their Facebook accounts in protest. I think this is extreme, but everyone should be paying much closer attention to how they use this platform.

The Internet has a very, very long memory. I can find postings I made over a decade ago on obscure online forums. When putting anything on the Internet, I do so with the assumption that it will be there for an extended period of time and will be available to anyone who wants to look for it. Even if Facebook offered excellent security controls and you’ve set them up the way you want them, you should still think very carefully before posting that photo of you at the ball game when you called in sick to work. Somehow, some way, your boss will still find it.

You can also unwittingly expose yourself via malicious applications and fan pages. There have been numerous instances where fan pages are used for phishing attacks. Fan pages can pull a huge amount of data from your profile and there are not sufficient controls to let you control what is disclosed or allow you to pick what data is shared. I know you want to tell the world that you hate Justin Beiber, but joining that page just might open you up to serious identify theft.

Even if you follow the best security and privacy practices, you still have a weak link in your defenses: your friends. Facebook allows rather permissive access to any personal data to your friends. Even if you do everything right, your friends could be exposing your personal data with every click of the Like button or invitation to join MafiaVille. Unfortunately, we can’t do a whole lot about our friends other than try to educate them as best we can. I’d hate to delete a bunch of pertinent information about myself from my profile because of a few folks who behave in a reckless manner.

Ultimately, it comes down to Facebook getting a little too big for their britches. Clear, powerful, and easy-to-use privacy and security controls took a back seat to growing like wildfire and making money hand over fist. There’s no disclosure as to what information an application or fan page is requesting to use, there’s no way to control what they use, and there’s no way to control what your friends use. Those are holes big enough to drive trucks through. I don’t have a lot of faith that Facebook will do much about it without a significant public outcry, lawsuits, and maybe even Congressional action.

I’m not going to jump ship from Facebook. The convenience factor is simply too great for me to ignore it. What I will do, though, is expect each and every one of you to be a lot more careful when using it. Not just for you, but for me.