Facebook Privacy - User Awareness and Accountability Lacking

Thursday, May 20, 2010

Katie Weaver-Johnson


A group of 15 US privacy and consumer protection groups filed a complaint with the US Federal Trade Commission (FTC) accusing Facebook of “unfair and deceptive” practices and called on the FTC to investigate Facebook’s privacy practices and force it to take steps to guard better against security breaches.

In fairness to Facebook, the social networking company has added several new security tools to help prevent hacking and increased privacy options.  But no matter what the FTC finds or what tools Facebook adds, perhaps a better approach to user security and privacy is to ensure users are aware of social networking risks and accountable for what types of information they are willingly sharing?

Some general best practices (and common sense) that all Users should be aware of include:

  • Keep your personal information to yourself. Don’t post your full name, Social Security number, address, phone number, or bank and credit card account numbers!  Be cautious about posting information that could be used to identify you or locate you offline (school, sports team, where you work, etc.).
  • Post only information that you are comfortable with others seeing and knowing about you. Many people can see your page, including your parents, your teachers, the police, the college you might want to apply to, or the job you might want to apply for.
  • Remember that once you post information online, you can’t remove it. Even if you delete the information from a site, older versions exist on other people’s computers.
  • Adjust Facebook privacy settings to help protect your identity.  Facebook has provided several options to protect users online – but it is up to the individual User to be responsible for them!
  • Read the Facebook Privacy Guide.  At the bottom of every Facebook page, there is a link for “Privacy”.  This page contains the latest privacy functions and policies and helps you ensure your privacy settings are properly set.
  • Choose your Friends Carefully.  Once you have accepted someone as your friend they will be able to access any information about you (including photographs) that you have marked as viewable by your friends. You can remove friends at any time.

Organizations may find it is to their advantage to provide ongoing awareness training and prevention efforts to ensure all personnel (employees, vendors, contractors, volunteers, customers, etc.) understand constantly changing social networking risks and threats and what types of information should or should not be shared. 

Schools must also find better ways to provide ongoing online safety awareness to help their students understand escalating risks and threats lurking online if they willingly share too much personal information. 

Individual users need to be more accountable for protecting sensitive and personal information.  Is it Facebook’s responsibility if users decide to post inappropriate pictures or share their credit card number online?

Possibly Related Articles:
Privacy Webappsec->General
Facebook Privacy
Post Rating I Like this!
Javvad Malik Some good tips in there. I'm a bit ignorant of many things, but do regulatory bodies such as the FTC have much say in a freebie website where people voluntarily offer up their information?
Fred Williams You probably will need to read the Terms and Conditions statement on the Facebook website to determine what Facebook is liable for and what the user is liable for.

The user is bound to that click-wrap agreement no matter if they read it or not.

I would bet that Facebook's responsibility is to monitor and remove objectionable content such as copyrighted materials. However, anything else is fair game. If you want to post your SSN or credit card number on your 'wall' then go ahead, idiot.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.