Dear Facebook,
As you know, for some years we have been discussing with your security team our concerns about safety and privacy on Facebook.
Every day, victims report to us numerous incidents of crime and fraud on Facebook. They have been personally affected and are desperate for advice on how to deal with the consequences.
A frequent refrain from users who contact us is, ‘Why doesn’t Facebook do more to protect us?’
We have identified three simple steps you can take to better protect your users:
1) PRIVACY BY DEFAULT
No more sharing of information without your users’ express agreement (OPT-IN). Whenever you add a new feature to share additional information about your users, you should not assume that they want this feature turned on.
2) VETTED APP DEVELOPERS
It is far too easy to become a developer on Facebook. With over one million app developers already registered on the Facebook platform, it is hardly surprising that your service is riddled with rogue applications and viral scams. Only vetted and approved third-party developers should be allowed to publish apps on your platform.
3) HTTPS FOR EVERYTHING
We welcome you recently introducing an HTTPS option, but you left it turned off by default. Worse, you only commit to provide a secure connection “whenever possible”. Facebook should enforce a secure connection all the time, by default. Without this protection, your users are at risk of losing personal information to hackers.
Why wait until regulators force your hand on privacy? Act now for the greater good of all.
Your users tell us that these are issues they want resolved. So our question is simple: when do you plan to act?
Sincerely,
Naked Security
Related Posts
- Anger after scam-exposing community shut down by Facebook
In a bizarre and hard-to-understand move, a Facebook page which claims it helped countless Facebook members stay safe online on the social network has been shut down... by Facebook.
The Bulldog Estate... - Unfollowed Me rogue application spreads virally on Twitter
Once again Twitter users are finding themselves hit by a fast-infecting attack, more commonly encountered by their Facebook-using cousins: a rogue application spreading virally across the network.
Tho... - Why you shouldn’t reveal your Royal Wedding Guest name on Facebook
In the absence of a genuine ticket to the real event, Facebook users are encouraging each other to reveal their Royal Wedding Guest name.Here's a typical message that is currently being spread by well... - Facebook’s two-factor authentication announcement raises questions
Amid mounting criticism of Facebook's attitude to its users' privacy and safety, the social network has announced that it is introducing a two-factor authentication system in an attempt to prevent una... - Spam from your Facebook account? Malware attack poses as official warning
Cybercriminals are adopting a new disguise, following last week's "Facebook password changed" malware attack.
Computer users are discovering malicious code has been sent to their email inboxes, preten... - PlayStation Network hacked: Personal data of up to 70 million people stolen
Users of Sony's PlayStation Network are at risk of identity theft after hackers broke into the system, and accessed the personal information of videogame players.
The implications of the hack, which r... - Tom Tom sounds the privacy drum – road safety or no road safety!
Dutch GPS and navigation software giant, Tom Tom, recently took what I consider to be a small privacy step for the company, but a giant privacy step for mankind.Faced with evidence that the Dutch poli... - Facebook comment-jacking? OMG! I Can’t believe JUSTIN Bieber did THIS to a girl
It's starting to seem like Facebook can't win against those who wish to use their service to scam, spam and simply cause trouble. Over the last day or so, a new type of attack has been spreading using... - The New York Yankees and DSLReports.com responsible for 30,000 more data loss victims
This message may repeat. This message may repeat. For those of us old enough to have fond memories of the phonograph, the phrase "broken record" may come to mind.Yes, more user information has been le... - Data thefts far more common than just Sony and Epsilon
In the wake of the press reports concerning the recent data breaches at Sony and Epsilon, some organizations are getting the wrong idea about modern online attacks. The media largely chooses to cover ...
Posted on 18 April 2011. Tags: Application, Data, Facebook, Featured, HTTPS, letter, loss, Malware, networks, Open, Privacy, rogue, Scam, Social, Spam, SSL, Survey
The above information is reprinted from and copyrighted © by Naked Security - Sophos.
