Do you think Facebook is doing all that it can to provide a safe online environment for its 500+ million users? The company recently rolled out a new suite of safety tools at its Family Safety Center (www.facebook.com/safety) but Internet security provider Sophos believes that Facebook and other social networking sites need to do more to enhance the safety of the user experience.
Graham Cluley, senior technology consultant, Sophos, stated that the company receives more complaints concerning privacy and online security from users of Facebook than any other online destination. The complaints most often focus on compromised accounts or spam and scams happening on the site. There are also issues whenever Facebook introduces new features, usually because the onus is on the user to turn the new features off, rather than Facebook allowing people to turn the features “on” if they’re desired.
“Facebook doesn’t have the confidence in these features being amazing, cool things that people would want. It doesn’t tell people, ‘If you use this, here’s how your information will be shared. Click here to turn the feature on,'” said Cluley. “Facebook always turns new features on by default and then users have to be savvy enough to turn the feature off before their data gets shared.”
As for sharing information, Cluley believes that people rarely read all the small print and don’t understand the implications of data sharing with certain Facebook applications. And, as people access Facebook in mobile settings, they can actually be “sharing” personal data with more people than they ever imagined. People frequently use laptops or smartphones in public places to login to their Facebook accounts. They might use the Internet through a Wi-Fi connection in a coffee shop for instance. Such a connection is usually not encrypted or secure and there won’t be an https:// indicating a secure connection in the browser’s address bar.
“If you connect to that free Wi-Fi and your connection is not encrypted, then someone else in the vicinity might be able to snoop on your communications and they might even be able to hijack your Facebook session meaning that they can post messages in your name and steal data,” Cluley explained. “This is obviously a big problem. In a welcome first step, Facebook recently introduced an HTTPS option. It’s hidden away in their account settings and they left it turned off by default. Worse, Facebook only commits to providing a secure connection ‘whenever possible.’ What this means is that a secure connection will be available whenever it’s convenient for Facebook. For instance, if you play a Facebook game, many of the games will not support HTTPS. So your encryption will be turned off until you next reconnect to Facebook.”
Facebook’s application developers are also a source of insecurity. Facebook claims to have over a million developers, meaning that one in every 500 people on Facebook is also an application developer. “Does that really sound sane?” Cluley asked. At the moment the only vetting that Facebook does for developers is to ask for a credit card number. Of course if you have criminal intentions it’s easy to get a stolen credit card number to enter in the vetting process.
“There needs to be a better process set up to register official Facebook app developers,” Cluley said. “If there were more information collected on the developers and one of them went rogue, there would be more information to provide to law enforcement in order to stop these criminals.”
But we can’t blame Facebook alone for the data sharing debacle that’s out on the Internet. Cluley urge people to carefully consider the information they’re putting online.
“Sometimes people share information willingly and sometimes they may not have set their privacy settings properly, so their information is getting shared with everyone,” he remarked. “Some technologies have features that people don’t know about. For instance, on many modern smartphones, the information about where a photograph is taken is embedded inside the photograph, not visible to the naked eye. Publish that photograph online and you’ll reveal where you were in the world when the photo was taken.”
He also cautions parents to consider their children’s future when they allow youngsters to use social networking sites.
“What we see with children is that they will typically have a very large number of Facebook friends. They will ‘friend’ everybody in their year at school and that opens up more opportunities for scams to spread and data to be lost,” said Cluley. “Young people won’t consider the consequences of sharing so much personal information. I think it will be fantastic for the tabloid websites in 20 or 30 years time, because out on the Internet there will be photographs of our prime ministers and presidents doing things that they probably wish could be forgotten. Be advised that even if you do delete your Facebook account, chances are that your messages, photos and data may have already been shared with others who made copies of them, or they may have been archived elsewhere. The general rule is that you shouldn’t post on the Internet anything that you wouldn’t want everyone to see.”
-Agencies