What price privacy?

Monday, April 26, 2010

Mark Gardner


In recent months, there has been Google and now Facebook vying to use our data on the Web. Google were the first with their Buzz product, using all our Gmail contacts to start a social network.  This received a heavy amount of criticism for its invasion of privacy, from which, in my opinion, it has never fully recovered.

At last weeks Facebook developers conference CEO Mark Zuckerberg announced their Open Graph and Open Graph API. For some reason there seems to be less criticism of this, when to me it causes greater risk to privacy of information than Google Buzz did/does.

Ultimately, what this does is give information about you to websites that you visit and information about your Facebook friends who have also visited that site. If I was a site owner I would think this is great, if only for the reason that my site would receive instant feedback on whether people like your site or not.

As an internet user and an Information Security professional this to me is a huge potential invasion of privacy. I want to control what I share, and who I share it with. As with many innovations on Facebook, this is the default setting. Therefore, with a user base of 400 million, there will be a large majority who will take part in this process. How long before, with a user base that size, will this become the norm on the internet?

Before I carry on, the caveat is that, as I understand it you have to be logged into Facebook for this to fully work. However, with the logout button hidden and the option to keep the user signed in more prominent , when do users actually sign out.

What of the risk to the enterprise? I imagine at the moment that many companies allow open access to Facebook.

This is purely speculative, but if you're logged into Facebook on the corporate network, and don't log out then continue to work with the Corporate Intranet would this tool then monitor your usage of your corporate intranet and network?  Or possibly worse, expose your company information to competitors or hackers who then launch denial of service attacks on your company through this medium.

At the risk of accusations of being "the fun police" my first thought is that a way to mitigate against this is to block access to Facebook at the Firewall. However, if this Open Graph api is across the internet then where do you stop? How long before a virus or other malware is transported in this way.

Facebook wants to be the Internet, and with such a large user base, they have a head start to enable this to happen. However, I wonder, will many of those 400 million users leave because of this?

What puzzles me is when did social come to mean insecure? Also, when did my personal data become a commodity to be hawked around for other people to use?

Developments like this, Apple's iAd etc. seem to be great for the marketing industry, but what price user experience and privacy?

Possibly Related Articles:
Google Facebook Privacy
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.